Re: [systemd-devel] [PATCH 0/2] (dracut) hwdb needed in early boot for some keyboards

[Colin Guthrie]

'Twas brillig, and Alexander E. Patrakov at 13/11/13 19:02 did gyre and
gimble:
> 2013/11/14 Colin Guthrie :
>> What kernel are you using out of interest?
> 
> This kernel is a git snapshot between 3.12.0-rc2 and -rc3. Compiled on Gentoo.

Thanks for that.

After trying harder, it seems my initial suspicion on the bug report was
correct after all and a missing host controller driver is the culprit.

For reference dracut is not including ohci-pci which I presume has been
split out recently and thus needs to be added explicitly.

Alexander's tests perhaps used a different type of USB host controller.

Will send a dracut patch shortly and sorry for the noise.

Col




-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Fix PAM module to not clobber XDG_RUNTIME_DIR with su

[Colin Guthrie]

Hi Martin,

Thanks for looking at this.

'Twas brillig, and Martin Pitt at 14/11/13 07:45 did gyre and gimble:
> pam_systemd currently causes some havoc when you run programs or
> shells with su: it passes on the $XDG_RUNTIME_DIR from the original
> user session, so that programs like pulseaudio or dconf end up
> scribbling into the original user's runtime dir. This has been
> discussed at length at [1][2] and is leading people to consider
> workarounds like [3].
> 
> It seems Lennart is against giving the new user a new logind session
> and runtime dir; I think it would be right to give it a fresh (or an
> already existing one for the target user) runtime dir, but in either
> case passing it the original user's runtime dir is actively wrong and
> harmful.
> 
> Until then I recommend applying this patch (or something equivalent)
> which at least stops destroying existing runtime dirs and makes it
> compliant to the spec [4]. With that, things like pulse, dconf, or
> dbus will still need to keep their internal fallback if there is no
> runtime dir, but that's a less pressing matter.
> 
> Thanks for considering,
> 
> Martin
> 
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=753882
> [2] https://launchpad.net/bugs/1197395
> [3] 
> http://lists.freedesktop.org/archives/pulseaudio-discuss/2013-November/019121.html
> [4] http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

I'm somewhat on the fence, but I think this patch is sensible in the
short term at least.

I do still think we need some kind of new su which is actually able to
properly proxy graphics and sound (like SSH kinda does - at least for
graphics), but this should prevent the nasty side effects in the short term.

I've not considered any unwanted side effects this may cause so
hopefully someone else can chime in accordingly.

Your argument about it making it spec compliant seems rather compelling
tho'.

Col


-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 0/2] (dracut) hwdb needed in early boot for some keyboards

[Harald Hoyer]

On 11/14/2013 09:10 AM, Colin Guthrie wrote:
> 'Twas brillig, and Alexander E. Patrakov at 13/11/13 19:02 did gyre and
> gimble:
>> 2013/11/14 Colin Guthrie :
>>> What kernel are you using out of interest?
>>
>> This kernel is a git snapshot between 3.12.0-rc2 and -rc3. Compiled on 
>> Gentoo.
> 
> Thanks for that.
> 
> After trying harder, it seems my initial suspicion on the bug report was
> correct after all and a missing host controller driver is the culprit.
> 
> For reference dracut is not including ohci-pci which I presume has been
> split out recently and thus needs to be added explicitly.
> 
> Alexander's tests perhaps used a different type of USB host controller.
> 
> Will send a dracut patch shortly and sorry for the noise.
> 
> Col

http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=28609baf6e9581ea97c4550340e2a6031c1b6fbd
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Fix PAM module to not clobber XDG_RUNTIME_DIR with su

[Colin Guthrie]

'Twas brillig, and Colin Guthrie at 14/11/13 09:48 did gyre and gimble:
> Hi Martin,
> 
> Thanks for looking at this.
> 
> 'Twas brillig, and Martin Pitt at 14/11/13 07:45 did gyre and gimble:
>> pam_systemd currently causes some havoc when you run programs or
>> shells with su: it passes on the $XDG_RUNTIME_DIR from the original
>> user session, so that programs like pulseaudio or dconf end up
>> scribbling into the original user's runtime dir. This has been
>> discussed at length at [1][2] and is leading people to consider
>> workarounds like [3].
>>
>> It seems Lennart is against giving the new user a new logind session
>> and runtime dir; I think it would be right to give it a fresh (or an
>> already existing one for the target user) runtime dir, but in either
>> case passing it the original user's runtime dir is actively wrong and
>> harmful.
>>
>> Until then I recommend applying this patch (or something equivalent)
>> which at least stops destroying existing runtime dirs and makes it
>> compliant to the spec [4]. With that, things like pulse, dconf, or
>> dbus will still need to keep their internal fallback if there is no
>> runtime dir, but that's a less pressing matter.
>>
>> Thanks for considering,
>>
>> Martin
>>
>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=753882
>> [2] https://launchpad.net/bugs/1197395
>> [3] 
>> http://lists.freedesktop.org/archives/pulseaudio-discuss/2013-November/019121.html
>> [4] http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
> 
> I'm somewhat on the fence, but I think this patch is sensible in the
> short term at least.
> 
> I do still think we need some kind of new su which is actually able to
> properly proxy graphics and sound (like SSH kinda does - at least for
> graphics), but this should prevent the nasty side effects in the short term.
> 
> I've not considered any unwanted side effects this may cause so
> hopefully someone else can chime in accordingly.
> 
> Your argument about it making it spec compliant seems rather compelling
> tho'.


OK, I just tried this but I can't seem to make it work and prevent the
XDG_* vars being set.

I applied the attached variation to my 208 build and then ran "pkexec
/bin/bash" which also suffers from the same problems.

pkexec cleans out the environment quite well, but then pam_systemd
re-injects these variables (I discussed this on IRC the other day with
Colin Walters).

I would have thought that this should have fixed things.

I didn't get any joy from su or su - either (although I'd expect su to
still have it set due to not cleaning the environment - is this a
correct assumption?).

The problem is that the pw_uid in this case is creating the session for
my user, not the destination user (note the UID 603):

Nov 14 10:25:45 jimmy pkexec[14287]: pam_systemd(polkit-1:session):
Asking logind to create session: uid=603 pid=14287 service=polkit-1
type=unspecified class=background seat= vtnr=0 tty= display= remote=no
remote_user= remote_host=
Nov 14 10:25:45 jimmy pkexec[14287]: pam_systemd(polkit-1:session):
Reply from logind: id=2 object_path=/org/freedesktop/login1/session/_32
runtime_path=/run/user/603 session_fd=10 seat=seat0 vtnr=1


Ditto for su:

Nov 14 10:27:00 jimmy su[14355]: pam_systemd(su:session): Asking logind
to create session: uid=603 pid=14355 service=su type=tty class=user
seat=seat0 vtnr=1 tty=pts/2 display= remote=no remote_user=colin
remote_host=
Nov 14 10:27:00 jimmy su[14355]: pam_systemd(su:session): Reply from
logind: id=2 object_path=/org/freedesktop/login1/session/_32
runtime_path=/run/user/603 session_fd=6 seat=seat0 vtnr=1


And su -:
Nov 14 10:27:22 jimmy su[14419]: pam_systemd(su-l:session): Asking
logind to create session: uid=603 pid=14419 service=su-l type=tty
class=user seat=seat0 vtnr=1 tty=pts/2 display= remote=no
remote_user=colin remote_host=
Nov 14 10:27:22 jimmy su[14419]: pam_systemd(su-l:session): Reply from
logind: id=2 object_path=/org/freedesktop/login1/session/_32
runtime_path=/run/user/603 session_fd=6 seat=seat0 vtnr=1


Thus the comparison of the dir owner and the uid succeeds.

Am I missing something?


Col

-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/
>From b516dd4ea5187bfa9b5a237a0f50edc53f401468 Mon Sep 17 00:00:00 2001
From: Martin Pitt 
Date: Wed, 13 Nov 2013 13:02:28 +0100
Subject: [PATCH] pam: Check $XDG_RUNTIME_DIR owner

http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html requires
that $XDG_RUNTIME_DIR "MUST be owned by the user, and he MUST be the only one
having read and write access to it.".

Don't set an existing $XDG_RUNTIME_DIR in the PAM module if it isn't owned by
the session user. Otherwise su sessions get a runtime dir from a different user
which leads to either permission errors or scribbling over

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Juliette Tux]

On 14 November 2013 09:53, Zbigniew Jędrzejewski-Szmek wrote:

> I'm not even sure if the template file is up-to-date... you should verify
> that first.
>

I git cloned the tree and did 'make systemd.pot' in /po, looks good to me.

and send it to systemd-devel@lists.freedesktop.org.


Ok, got it, thank you!

_
best regards,
Julia Dronova
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Juliette Tux]

Proposed patch for adding Russian translation to systemd, see attachment


On 14 November 2013 15:17, Juliette Tux  wrote:

>
> On 14 November 2013 09:53, Zbigniew Jędrzejewski-Szmek 
> wrote:
>
>> I'm not even sure if the template file is up-to-date... you should verify
>> that first.
>>
>
> I git cloned the tree and did 'make systemd.pot' in /po, looks good to me.
>
> and send it to systemd-devel@lists.freedesktop.org.
>
>
> Ok, got it, thank you!
>
> _
> best regards,
> Julia Dronova
>
>
>


_
best regards,
Julia Dronova
--- /dev/null	2013-11-13 00:57:23.069448798 +0400
+++ systemd_ru.po	2013-11-14 03:32:10.721261925 +0400
@@ -0,0 +1,418 @@
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Julia Dronova , 2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2013-11-14 00:08+0400\n"
+"PO-Revision-Date: 2013-11-14 03:32-0500\n"
+"Last-Translator: Julia Dronova \n"
+"Language-Team: Russian \n"
+"Language: ru\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<"
+"=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+"X-Generator: Lokalize 1.5\n"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
+msgid "Set host name"
+msgstr "Указать имя узла"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
+msgid "Authentication is required to set the local host name."
+msgstr "Для настройки имени локального узла требуется авторизация."
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
+msgid "Set static host name"
+msgstr "Указать статическое имя узла"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
+msgid ""
+"Authentication is required to set the statically configured local host name, "
+"as well as the pretty host name."
+msgstr ""
+"Для настройки статического имени локального узла, а также чудесного "
+"имени вашей машины, требуется авторизация."
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5
+msgid "Set machine information"
+msgstr "Указать информацию о машине"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:6
+msgid "Authentication is required to set local machine information."
+msgstr "Для настройки информации о локальной машине требуется авторизация."
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:1
+msgid "Set system locale"
+msgstr "Настроить системную локаль"
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:2
+msgid "Authentication is required to set the system locale."
+msgstr "Для настройки системной локали требуется авторизация."
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:3
+msgid "Set system keyboard settings"
+msgstr "Указать системные настройки клавиатуры"
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:4
+msgid "Authentication is required to set the system keyboard settings."
+msgstr "Для настройки системной клавиатуры требуется авторизация."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:1
+msgid "Allow applications to inhibit system shutdown"
+msgstr "Разрешить приложениям блокировать выключение системы."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:2
+msgid ""
+"Authentication is required to allow an application to inhibit system "
+"shutdown."
+msgstr ""
+"Чтобы разрешить приложениям блокировать выключение системы, "
+"требуется авторизация."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:3
+msgid "Allow applications to delay system shutdown"
+msgstr "Разрешить приложениям задерживать выключение системы."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:4
+msgid ""
+"Authentication is required to allow an application to delay system shutdown."
+msgstr ""
+"Чтобы разрешить приложениям задерживать выключение системы, "
+"требуется авторизация."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:5
+msgid "Allow applications to inhibit system sleep"
+msgstr "Разрешить приложениям блокировать спящий режим системы."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:6
+msgid ""
+"Authentication is required to allow an application to inhibit system sleep."
+msgstr ""
+"Чтобы разрешить приложениям блокировать спящий режим системы, "
+"требуется авторизация."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:7
+msgid "Allow applications to delay system sleep"
+msgstr "Разрешить приложениям задерживать активацию спящего режима системы."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:8
+msgid ""
+"Authentication is required to allow an application to delay system sleep."
+msgstr ""
+"Чтобы разрешить приложениям задерживать активацию спящего режима системы, "
+"требуется авторизация."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:9
+msgid "Allow applications to inhibit automatic system suspend"
+msgstr ""
+"Разрешить приложениям блокировать автоматическую активацию "
+

Re: [systemd-devel] [PATCH 0/3] Fix issues re: visibility of status messages

[Olivier Brunel]

On 11/14/13 05:40, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Sep 20, 2013 at 10:18:27PM +0200, Olivier Brunel wrote:
>> Hi,
>>
>> I'm running Arch Linux, have been using systemd-204, and recently tried the 
>> new
>> 207 release, and I have been having some issues with it. One was that status
>> messages would just stop at some point near the end of the boot process, and
>> also that I wouldn't get any during a shutdown/reboot.
>>
>> It might be useful to note that I don't start a getty on tty1, which is why I
>> expect to see all status messages until default target is reached, even after
>> the getty/login has been started (which happens on tty2).
>>
>> After looking into it, I came up with the following patches to fix the issue.
>> The reason status messages would stop was that the getty was started, and
>> systemd then stopped using the console to avoid "collisions" w/ gettys.
>>
>> However, as I said I don't have a getty started on tty1 so for me that is a 
>> bug,
>> as there's no reason not to keep printing status messages on tty1.
>>
>> The lack of messages on shutdown/reboot was also linked to this, because if
>> no_console_output was set to true during boot, it'd stay there and prevent
>> messages to show up on shutdown.
>>
>> To fix this (in the event it was set to true on boot) a patch simply resets 
>> it
>> to false on job_shutdown_magic(), but I'm not exactly sure if that's the 
>> right
>> way to do this.
> All 3 patches applied. I *think* they are all correct, but this code
> has so many corner cases that it's hard to be sure. I made some
> tweaks, please check that it still works. Sorry for the delay. In the
> future, if you don't get an answer within a week or two, please holler :)
> Patches do sometimes slip through, especially when there are a lot
> of changes like recently, and a ping to the ml will help to bring the
> thread to the bottom. 

Noted, thanks. Tried the latest git, it all works as expected.

> 
>> FYI I should add that in a similar setup as the one I described, this will 
>> not
>> be enough to keep messages on tty1, since fsck's units are now 
>> RemainAfterExit
>> (see https://bugs.freedesktop.org/show_bug.cgi?id=66784), which means they're
>> seen by systemd as "owning" the console (as far as outputing messages there 
>> is
>> concerned I mean), and it will therefore stop printing status messages.
>>
>> I'm not sure you want to "fix" this, as it might be only a cosmetic issue 
>> for a
>> small usecase hence not worth the trouble, so I've simply "undone" it using a
>> .conf file on my end, figured I should mention it though.
> Hm, we could detect this case by looking at services in the SERVICE_EXITED
> substate. It might actually be worth fixing, since almost everything now
> is RemainAfterExit=true.

Alright, I've looked into this a bit, I'll send a patch that should
handle it as well.

-j

> 
> Zbyszek
> 

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] Fix RemainAfterExit services keeping a hold on console

[Olivier Brunel]

When a service exits succesfully and has RemainAfterExit set, its hold
on the console (in m->n_on_console) wasn't released since the unit state
didn't change.
---
 TODO   |  2 --
 src/core/service.c | 16 
 src/core/unit.c|  3 +++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/TODO b/TODO
index 57e1122..efc7e2a 100644
--- a/TODO
+++ b/TODO
@@ -21,8 +21,6 @@ Bugfixes:
 
   Cannot add dependency job for unit display-manager.service, ignoring: Unit 
display-manager.service failed to load: No such file or directory. See system 
logs and 'systemctl status display-manager.service' for details.
 
-* Substract units in SERVICE_EXITED substate from n_on_console.
-
 Fedora 20:
 
 * external: ps should gain colums for slice and machine
diff --git a/src/core/service.c b/src/core/service.c
index 3da32a1..c0ee114 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1519,6 +1519,22 @@ static void service_set_state(Service *s, ServiceState 
state) {
 if (state == SERVICE_EXITED && UNIT(s)->manager->n_reloading <= 0)
 unit_destroy_cgroup(UNIT(s));
 
+/* For remain_after_exit services, let's see if we can "release" the
+ * hold on the console, since unit_notify() only does that in case of
+ * change of state */
+if (state == SERVICE_EXITED && s->remain_after_exit &&
+UNIT(s)->manager->n_on_console > 0) {
+ExecContext *ec = unit_get_exec_context(UNIT(s));
+if (ec && exec_context_may_touch_console(ec)) {
+Manager *m = UNIT(s)->manager;
+
+m->n_on_console --;
+if (m->n_on_console == 0)
+/* unset no_console_output flag, since the 
console is free */
+m->no_console_output = false;
+}
+}
+
 if (old_state != state)
 log_debug_unit(UNIT(s)->id,
"%s changed %s -> %s", UNIT(s)->id,
diff --git a/src/core/unit.c b/src/core/unit.c
index 15e0a82..d41bc90 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1484,6 +1484,9 @@ void unit_notify(Unit *u, UnitActiveState os, 
UnitActiveState ns, bool reload_su
 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
 unit_destroy_cgroup(u);
 
+/* Note that this doesn't apply to RemainAfterExit services exiting
+ * sucessfully, since there's no change of state in that case. Which is
+ * why it is handled in service_set_state() */
 if (UNIT_IS_INACTIVE_OR_FAILED(os) != UNIT_IS_INACTIVE_OR_FAILED(ns)) {
 ExecContext *ec = unit_get_exec_context(u);
 if (ec && exec_context_may_touch_console(ec)) {
-- 
1.8.4.2

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Alexander E. Patrakov]

2013/11/14 Juliette Tux :
> Proposed patch for adding Russian translation to systemd, see attachment

I have some remarks regarding translation consistency.

> +#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
> +msgid "Set host name"
> +msgstr "Указать имя узла"
> +
> +#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
> +msgid "Authentication is required to set the local host name."
> +msgstr "Для настройки имени локального узла требуется авторизация."
> +
> +#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
> +msgid "Set static host name"
> +msgstr "Указать статическое имя узла"

You use two different Russian verbs (указать, настроить) for the same
English term "to set" when it is applied to host names.

>
> +#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
> +msgid ""
> +"Authentication is required to set the statically configured local host 
> name, "
> +"as well as the pretty host name."
> +msgstr ""
> +"Для настройки статического имени локального узла, а также чудесного "
> +"имени вашей машины, требуется авторизация."

I have never seen "pretty" translated as "чудесный" in such context
(where the meaning is "descriptive, meaningful"). Could you please
show some prior art?

> +#: ../src/login/org.freedesktop.login1.policy.in.h:5
> +msgid "Allow applications to inhibit system sleep"
> +msgstr "Разрешить приложениям блокировать спящий режим системы."

In all other places you use the word "активация" to designate the
transition into some other low-power state. Maybe it is a good idea to
use it here, too.

> +#: ../src/login/org.freedesktop.login1.policy.in.h:17
> +msgid "Allow applications to inhibit system handling of the lid switch"
> +msgstr ""
> +"Разрешить приложениям блокировать системную обработку "
> +"переключателя закрытия крышки"

I think it's an English-only idiom to talk about a "switch" here. So
no "переключателя".

> +#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:7
> +msgid "Turn network time synchronization on or off"
> +msgstr "Включить/выключить синхронизацию с сетевым протоколом времени"

You don't synchronize with a protocol. Maybe: "Включить/выключить
синхронизацию времени по сети"?

-- 
Alexander E. Patrakov
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Oester Jonas (CM-AI/PJ-CF31)]

From: systemd-devel-boun...@lists.freedesktop.org 
[mailto:systemd-devel-boun...@lists.freedesktop.org] On Behalf Of Juliette Tux

>Proposed patch for adding Russian translation to systemd, see attachment
>
>+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
>+msgid ""
>+"Authentication is required to set the statically configured local host name, 
>"
>+"as well as the pretty host name."
>+msgstr ""
>+"Для настройки статического имени локального узла, а также чудесного "
>+"имени вашей машины, требуется авторизация."

I am not a native speaker, but I have to say that "чудесное имя" is a very 
poetic translation of "pretty host name". Is that in general use?

Best Regards
Jonas 
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Juliette Tux]

On 14 November 2013 19:10, Alexander E. Patrakov  wrote:

> You use two different Russian verbs (указать, настроить) for the same
> English term "to set" when it is applied to host names.
>

It's called synonyms, to make a language little more... well, pretty :)

I have never seen "pretty" translated as "чудесный" in such context
> (where the meaning is "descriptive, meaningful"). Could you please
> show some prior art?


No, I'm afraid, this is kinda personal style. Haven't seen using 'pretty'
by devs in messages very often either ;)

In all other places you use the word "активация" to designate the
> transition into some other low-power state. Maybe it is a good idea to
> use it here, too.


Agreed, will fix this.

I think it's an English-only idiom to talk about a "switch" here. So
> no "переключателя".


Well, I've googled for use of this <<переключателя>> in Russian, seemed to be
quite usable, but agreed, too.

You don't synchronize with a protocol. Maybe: "Включить/выключить
> синхронизацию времени по сети"?


Ok :)

-- 
best regards,
Julia Dronova
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 3/3] core: support Distribute=n to distribute to n SO_REUSEPORT workers

[Shawn Landden]

---
 TODO  |  3 +-
 src/core/dbus-socket.c|  2 ++
 src/core/load-fragment-gperf.gperf.m4 |  1 +
 src/core/service.c|  2 +-
 src/core/service.h| 13 +++-
 src/core/socket.c | 63 +++
 src/core/socket.h |  2 ++
 7 files changed, 82 insertions(+), 4 deletions(-)

diff --git a/TODO b/TODO
index efc7e2a..0db4dc6 100644
--- a/TODO
+++ b/TODO
@@ -80,7 +80,7 @@ Features:
 
 * rfkill,backlight: we probably should run the load tools inside of the udev 
rules so that the state is properly initialized by the time other software sees 
it
 
-* Add a new Distribute=$NUMBER key to socket units that makes use of 
SO_REUSEPORT to distribute network traffic on $NUMBER instances
+* respawn Distribute= worker threads when they die unexpectedly
 
 * tmpfiles: when applying ownership to /run/log/journal, also do this for the 
journal fails contained in it
 
@@ -259,7 +259,6 @@ Features:
 * teach ConditionKernelCommandLine= globs or regexes (in order to match 
foobar={no,0,off})
 
 * Support SO_REUSEPORT with socket activation:
-  - Let systemd maintain a pool of servers.
   - Use for seamless upgrades, by running the new server before stopping the
 old.
 
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index 60a8d05..4644007 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -68,6 +68,7 @@
 "  \n"\
 "  \n"\
 "  \n" \
+"  \n" \
 "  \n" \
 "  \n" \
 "  \n" \
@@ -196,6 +197,7 @@ static const BusProperty bus_socket_properties[] = {
 { "MessageQueueMessageSize", bus_property_append_long, "x", 
offsetof(Socket, mq_msgsize)  },
 { "Result", bus_socket_append_socket_result,   "s", 
offsetof(Socket, result)  },
 { "ReusePort",  bus_property_append_bool,  "b", 
offsetof(Socket, reuseport)   },
+{ "Distribute", bus_property_append_unsigned,  "u", 
offsetof(Socket, distribute)   },
 { "SmackLabel", bus_property_append_string,"s", 
offsetof(Socket, smack),  true },
 { "SmackLabelIPIn", bus_property_append_string,"s", 
offsetof(Socket, smack_ip_in),true },
 { "SmackLabelIPOut",bus_property_append_string,"s", 
offsetof(Socket, smack_ip_out),   true },
diff --git a/src/core/load-fragment-gperf.gperf.m4 
b/src/core/load-fragment-gperf.gperf.m4
index b64fdc9..4058a1f 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -211,6 +211,7 @@ Socket.PassCredentials,  config_parse_bool, 
 0,
 Socket.PassSecurity, config_parse_bool,  0,
 offsetof(Socket, pass_sec)
 Socket.TCPCongestion,config_parse_string,0,
 offsetof(Socket, tcp_congestion)
 Socket.ReusePort,config_parse_bool,  0,
 offsetof(Socket, reuseport)
+Socket.Distribute,   config_parse_unsigned,  0,
 offsetof(Socket, distribute)
 Socket.MessageQueueMaxMessages,  config_parse_long,  0,
 offsetof(Socket, mq_maxmsg)
 Socket.MessageQueueMessageSize,  config_parse_long,  0,
 offsetof(Socket, mq_msgsize)
 Socket.Service,  config_parse_socket_service,0,
 0
diff --git a/src/core/service.c b/src/core/service.c
index 3da32a1..cc337cf 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1668,7 +1668,7 @@ fail:
 return r;
 }
 
-static int service_spawn(
+int service_spawn(
 Service *s,
 ExecCommand *c,
 bool timeout,
diff --git a/src/core/service.h b/src/core/service.h
index 37fa6ff..95aa707 100644
--- a/src/core/service.h
+++ b/src/core/service.h
@@ -26,7 +26,6 @@ typedef struct Service Service;
 #include "unit.h"
 #include "path.h"
 #include "ratelimit.h"
-#include "service.h"
 #include "kill.h"
 #include "exit-status.h"
 
@@ -201,6 +200,18 @@ extern const UnitVTable service_vtable;
 
 struct Socket;
 
+int service_spawn(
+Service *s,
+ExecCommand *c,
+bool timeout,
+bool pass_fds,
+bool apply_permissions,
+bool apply_chroot,
+bool apply_tty_stdin,
+bool set_notify_socket,
+bool is_control,
+pid_t *_pid);
+
 int service_set_socket_fd(Service *s, int fd, struct Socket *socket);
 
 const char* service_state_to_string(ServiceState i) _const_;
diff --git a/src/core/socket.c b/src/core/socket.c
index 751f20b..9ada14d 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c

[systemd-devel] [PATCH 2/3] core/socket: fix SO_REUSEPORT

[Shawn Landden]

---
 src/core/load-fragment-gperf.gperf.m4 | 1 +
 src/core/socket.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/core/load-fragment-gperf.gperf.m4 
b/src/core/load-fragment-gperf.gperf.m4
index e3025d2..b64fdc9 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -210,6 +210,7 @@ Socket.Broadcast,config_parse_bool, 
 0,
 Socket.PassCredentials,  config_parse_bool,  0,
 offsetof(Socket, pass_cred)
 Socket.PassSecurity, config_parse_bool,  0,
 offsetof(Socket, pass_sec)
 Socket.TCPCongestion,config_parse_string,0,
 offsetof(Socket, tcp_congestion)
+Socket.ReusePort,config_parse_bool,  0,
 offsetof(Socket, reuseport)
 Socket.MessageQueueMaxMessages,  config_parse_long,  0,
 offsetof(Socket, mq_maxmsg)
 Socket.MessageQueueMessageSize,  config_parse_long,  0,
 offsetof(Socket, mq_msgsize)
 Socket.Service,  config_parse_socket_service,0,
 0
diff --git a/src/core/socket.c b/src/core/socket.c
index f505e4f..751f20b 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -771,7 +771,7 @@ static void socket_apply_socket_options(Socket *s, int fd) {
 
 if (s->reuseport) {
 int b = s->reuseport;
-if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)))
+if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 
0)
 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: 
%m");
 }
 
-- 
1.8.4.3

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/3] core/socket: use _cleanup_free_

[Shawn Landden]

---
 src/core/socket.c | 10 ++
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/core/socket.c b/src/core/socket.c
index 03b8f92..f505e4f 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -1475,7 +1475,7 @@ static void socket_enter_running(Socket *s, int cfd) {
 
 socket_set_state(s, SOCKET_RUNNING);
 } else {
-char *prefix, *instance = NULL, *name;
+_cleanup_free_ char *prefix = NULL, *instance = NULL, *name = 
NULL;
 Service *service;
 
 if (s->n_connections >= s->max_connections) {
@@ -1503,14 +1503,11 @@ static void socket_enter_running(Socket *s, int cfd) {
 
 prefix = unit_name_to_prefix(UNIT(s)->id);
 if (!prefix) {
-free(instance);
 r = -ENOMEM;
 goto fail;
 }
 
 name = unit_name_build(prefix, instance, ".service");
-free(prefix);
-free(instance);
 
 if (!name) {
 r = -ENOMEM;
@@ -1518,10 +1515,8 @@ static void socket_enter_running(Socket *s, int cfd) {
 }
 
 r = unit_add_name(UNIT_DEREF(s->service), name);
-if (r < 0) {
-free(name);
+if (r < 0)
 goto fail;
-}
 
 service = SERVICE(UNIT_DEREF(s->service));
 unit_ref_unset(&s->service);
@@ -1530,7 +1525,6 @@ static void socket_enter_running(Socket *s, int cfd) {
 UNIT(service)->no_gc = false;
 
 unit_choose_id(UNIT(service), name);
-free(name);
 
 r = service_set_socket_fd(service, cfd, s);
 if (r < 0)
-- 
1.8.4.3

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Zbigniew Jędrzejewski-Szmek]

On Thu, Nov 14, 2013 at 07:43:39PM +0400, Juliette Tux wrote:
> On 14 November 2013 19:10, Alexander E. Patrakov  wrote:
> 
> > You use two different Russian verbs (указать, настроить) for the same
> > English term "to set" when it is applied to host names.
> >
> 
> It's called synonyms, to make a language little more... well, pretty :)

Can you please pick one and stick to it? Unfortunately we can't
allow variability like that, even though it would be prettier :)

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] core: support Distribute=n to distribute to n SO_REUSEPORT workers

[Shawn Landden]

Should SERVICE_SIMPLE test be a load-time test?

v2 fix assert order
---
 TODO  |  3 +-
 src/core/dbus-socket.c|  2 ++
 src/core/load-fragment-gperf.gperf.m4 |  1 +
 src/core/service.c|  2 +-
 src/core/service.h| 13 ++-
 src/core/socket.c | 64 +++
 src/core/socket.h |  2 ++
 7 files changed, 83 insertions(+), 4 deletions(-)

diff --git a/TODO b/TODO
index efc7e2a..0db4dc6 100644
--- a/TODO
+++ b/TODO
@@ -80,7 +80,7 @@ Features:
 
 * rfkill,backlight: we probably should run the load tools inside of the udev 
rules so that the state is properly initialized by the time other software sees 
it
 
-* Add a new Distribute=$NUMBER key to socket units that makes use of 
SO_REUSEPORT to distribute network traffic on $NUMBER instances
+* respawn Distribute= worker threads when they die unexpectedly
 
 * tmpfiles: when applying ownership to /run/log/journal, also do this for the 
journal fails contained in it
 
@@ -259,7 +259,6 @@ Features:
 * teach ConditionKernelCommandLine= globs or regexes (in order to match 
foobar={no,0,off})
 
 * Support SO_REUSEPORT with socket activation:
-  - Let systemd maintain a pool of servers.
   - Use for seamless upgrades, by running the new server before stopping the
 old.
 
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index 60a8d05..4644007 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -68,6 +68,7 @@
 "  \n"\
 "  \n"\
 "  \n" \
+"  \n" \
 "  \n" \
 "  \n" \
 "  \n" \
@@ -196,6 +197,7 @@ static const BusProperty bus_socket_properties[] = {
 { "MessageQueueMessageSize", bus_property_append_long, "x", 
offsetof(Socket, mq_msgsize)  },
 { "Result", bus_socket_append_socket_result,   "s", 
offsetof(Socket, result)  },
 { "ReusePort",  bus_property_append_bool,  "b", 
offsetof(Socket, reuseport)   },
+{ "Distribute", bus_property_append_unsigned,  "u", 
offsetof(Socket, distribute)   },
 { "SmackLabel", bus_property_append_string,"s", 
offsetof(Socket, smack),  true },
 { "SmackLabelIPIn", bus_property_append_string,"s", 
offsetof(Socket, smack_ip_in),true },
 { "SmackLabelIPOut",bus_property_append_string,"s", 
offsetof(Socket, smack_ip_out),   true },
diff --git a/src/core/load-fragment-gperf.gperf.m4 
b/src/core/load-fragment-gperf.gperf.m4
index b64fdc9..4058a1f 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -211,6 +211,7 @@ Socket.PassCredentials,  config_parse_bool, 
 0,
 Socket.PassSecurity, config_parse_bool,  0,
 offsetof(Socket, pass_sec)
 Socket.TCPCongestion,config_parse_string,0,
 offsetof(Socket, tcp_congestion)
 Socket.ReusePort,config_parse_bool,  0,
 offsetof(Socket, reuseport)
+Socket.Distribute,   config_parse_unsigned,  0,
 offsetof(Socket, distribute)
 Socket.MessageQueueMaxMessages,  config_parse_long,  0,
 offsetof(Socket, mq_maxmsg)
 Socket.MessageQueueMessageSize,  config_parse_long,  0,
 offsetof(Socket, mq_msgsize)
 Socket.Service,  config_parse_socket_service,0,
 0
diff --git a/src/core/service.c b/src/core/service.c
index 3da32a1..cc337cf 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1668,7 +1668,7 @@ fail:
 return r;
 }
 
-static int service_spawn(
+int service_spawn(
 Service *s,
 ExecCommand *c,
 bool timeout,
diff --git a/src/core/service.h b/src/core/service.h
index 37fa6ff..95aa707 100644
--- a/src/core/service.h
+++ b/src/core/service.h
@@ -26,7 +26,6 @@ typedef struct Service Service;
 #include "unit.h"
 #include "path.h"
 #include "ratelimit.h"
-#include "service.h"
 #include "kill.h"
 #include "exit-status.h"
 
@@ -201,6 +200,18 @@ extern const UnitVTable service_vtable;
 
 struct Socket;
 
+int service_spawn(
+Service *s,
+ExecCommand *c,
+bool timeout,
+bool pass_fds,
+bool apply_permissions,
+bool apply_chroot,
+bool apply_tty_stdin,
+bool set_notify_socket,
+bool is_control,
+pid_t *_pid);
+
 int service_set_socket_fd(Service *s, int fd, struct Socket *socket);
 
 const char* service_state_to_string(ServiceState i) _const_;
diff --git a/src/core/socket.c b/src/core/socket.c
index 751

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Alexander E. Patrakov]

2013/11/14 Juliette Tux :
> On 14 November 2013 19:10, Alexander E. Patrakov  wrote:
>> I have never seen "pretty" translated as "чудесный" in such context
>> (where the meaning is "descriptive, meaningful"). Could you please
>> show some prior art?
>
>
> No, I'm afraid, this is kinda personal style. Haven't seen using 'pretty' by
> devs in messages very often either ;)

Maybe just use a literal translation for this term? "красивое
название" ("name" is intentionally translated differently, not as
"имя", but as "название" here, because "host name" without the word
"pretty" is an idiom)

-- 
Alexander E. Patrakov
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] pam: Don't use loginuid [was: Re: Fix PAM module to not clobber XDG_RUNTIME_DIR with su]

[Martin Pitt]

Hello Colin,

Colin Guthrie [2013-11-14 10:28 +0100]:
> OK, I just tried this but I can't seem to make it work and prevent the
> XDG_* vars being set.
> 
> I applied the attached variation to my 208 build and then ran "pkexec
> /bin/bash" which also suffers from the same problems.
> 
> pkexec cleans out the environment quite well, but then pam_systemd
> re-injects these variables (I discussed this on IRC the other day with
> Colin Walters).
> 
> I would have thought that this should have fixed things.

I just tried here with pkexec, and I also do not get XDG_RUNTIME_DIR
any more there.

> I didn't get any joy from su or su - either (although I'd expect su to
> still have it set due to not cleaning the environment - is this a
> correct assumption?).

This only happens here if I explicitly specify su -m (but that's not a
very useful command to get a shell); by default su gets a clean
environment.

> The problem is that the pw_uid in this case is creating the session for
> my user, not the destination user (note the UID 603):
> 
> Nov 14 10:25:45 jimmy pkexec[14287]: pam_systemd(polkit-1:session):
> Asking logind to create session: uid=603 pid=14287 service=polkit-1
> type=unspecified class=background seat= vtnr=0 tty= display= remote=no
> remote_user= remote_host=
> Nov 14 10:25:45 jimmy pkexec[14287]: pam_systemd(polkit-1:session):
> Reply from logind: id=2 object_path=/org/freedesktop/login1/session/_32
> runtime_path=/run/user/603 session_fd=10 seat=seat0 vtnr=1

That's for pkexec'ing to root? I'd indeed expect uid=0 here. When I
run "pkexec /bin/bash" as my user (uid=1000) I get

Nov 14 16:55:31 donald pkexec: pam_systemd(polkit-1:session): Asking logind to 
create session: uid=0 pid=6269 service=polkit-1 type=unspecified 
class=background seat= vtnr=0 tty= display= remote=no remote_user= remote_host=
Nov 14 16:55:31 donald pkexec: pam_systemd(polkit-1:session): Reply from 
logind: id=c2 object_path=/org/freedesktop/login1/session/c2 
runtime_path=/run/user/1000 session_fd=12 seat=seat0 vtnr=7
Nov 14 16:55:31 donald pkexec: pam_systemd(polkit-1:session): Runtime dir 
/run/user/1000 is not owned by the target uid 0, ignoring.

Same with su, when I e. g. do "su - joe" on my system, I get joe's
uid=1000. 

In my case audit_loginuid_from_pid() fails, so it gets the pw entry
from pam_get_user(). I suppose the difference is that for you it
succeeds, so you get the "wrong" UID. That's indeed the original title
of https://bugzilla.redhat.com/show_bug.cgi?id=753882, now I
understand comments 21 and others. But that's actually a separate
issue, as even in the "no auditd" case it does the wrong thing.

So option 1 is to update the patch to not rely on "uid", but instead
always get it from PAM. Option 2 is to never read it from loginuid, as
that's indeed not what one should be concerned about in a PAM module.

Attached patch is doing option 2. I suppose that's the one that
Lennart objects to, as he wants to keep as much of the original
session properties as possible. But it would be nice if you could at
least test it locally to make double-sure that this is the issue you
see?

Thanks!

Martin

-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
From 70a727d1812599445e18ebb2ac94f11e7bcb4729 Mon Sep 17 00:00:00 2001
From: Martin Pitt 
Date: Thu, 14 Nov 2013 17:50:55 +0100
Subject: [PATCH 2/2] pam: Don't use loginuid

audit_loginuid_from_pid() gets us the UID of the current session, which is
wrong if we are in a PAM session that changes UID, such as su or pkexec. We
want the target user's UID to determine the runtime dir, logind session, etc.

https://bugzilla.redhat.com/show_bug.cgi?id=753882
---
 src/login/pam-module.c | 26 ++
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/src/login/pam-module.c b/src/login/pam-module.c
index 4fd2212..40ba1b7 100644
--- a/src/login/pam-module.c
+++ b/src/login/pam-module.c
@@ -83,31 +83,25 @@ static int get_user_data(
 
 const char *username = NULL;
 struct passwd *pw = NULL;
-uid_t uid;
 int r;
 
 assert(handle);
 assert(ret_username);
 assert(ret_pw);
 
-r = audit_loginuid_from_pid(0, &uid);
-if (r >= 0)
-pw = pam_modutil_getpwuid(handle, uid);
-else {
-r = pam_get_user(handle, &username, NULL);
-if (r != PAM_SUCCESS) {
-pam_syslog(handle, LOG_ERR, "Failed to get user name.");
-return r;
-}
-
-if (isempty(username)) {
-pam_syslog(handle, LOG_ERR, "User name not valid.");
-return PAM_AUTH_ERR;
-}
+r = pam_get_user(handle, &username, NULL);
+if (r != PAM_SUCCESS) {
+pam_syslog(handle, LOG_ERR, "Failed to get user name.");
+return r;
+}
 
- 

Re: [systemd-devel] pam: Don't use loginuid [was: Re: Fix PAM module to not clobber XDG_RUNTIME_DIR with su]

[Martin Pitt]

Martin Pitt [2013-11-14 17:53 +0100]:
> So option 1 is to update the patch to not rely on "uid", but instead
> always get it from PAM.

I went through all instances of using the uid, username, or pw, and I
cannot find any place in the PAM module where we would actually want
the originating user name, so I retract this.

> Option 2 is to never read it from loginuid, as that's indeed not
> what one should be concerned about in a PAM module.
> Attached patch is doing option 2. 

... and hence I'm convinced that this is the right thing to do.

Thanks,

Martin

-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)


signature.asc
Description: Digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH v2] Re: Fix PAM module to not clobber XDG_RUNTIME_DIR with su

[Martin Pitt]

Martin Pitt [2013-11-14  7:45 +0100]:
> +} else {
> +pam_syslog(handle, LOG_DEBUG, "Runtime dir %s is not owned 
> by the target uid %u, ignoring.",
> +   runtime_path, uid);

Sorry, LOG_DEBUG appears by default, this needs to be guarded with
checking "debug". Fixed in updated patch.

Martin


-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
From 9a33dbf7cc906539df8b6e152374d15dbf8c7a99 Mon Sep 17 00:00:00 2001
From: Martin Pitt 
Date: Wed, 13 Nov 2013 13:02:28 +0100
Subject: [PATCH 1/2] pam: Check $XDG_RUNTIME_DIR owner

http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html requires
that $XDG_RUNTIME_DIR "MUST be owned by the user, and he MUST be the only one
having read and write access to it.".

Don't set an existing $XDG_RUNTIME_DIR in the PAM module if it isn't owned by
the session user. Otherwise su sessions get a runtime dir from a different user
which leads to either permission errors or scribbling over the other user's
files.

https://bugzilla.redhat.com/show_bug.cgi?id=753882
https://launchpad.net/bugs/1197395
---
 src/login/pam-module.c | 23 +++
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/login/pam-module.c b/src/login/pam-module.c
index 1975d80..4fd2212 100644
--- a/src/login/pam-module.c
+++ b/src/login/pam-module.c
@@ -194,6 +194,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
 uint32_t uid, pid, vtnr = 0;
 bool debug = false, remote;
 struct passwd *pw;
+struct stat st;
 
 assert(handle);
 
@@ -385,10 +386,24 @@ _public_ PAM_EXTERN int pam_sm_open_session(
 return r;
 }
 
-r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
-if (r != PAM_SUCCESS) {
-pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
-return r;
+/* only set $XDG_RUNTIME_DIR if it is owned by the target user, as per
+ * XDG basedir-spec; this avoids su sessions to scribble over a runtime
+ * dir of a different user */
+r = lstat(runtime_path, &st);
+if (r != 0) {
+pam_syslog(handle, LOG_ERR, "Failed to stat runtime dir: %s", strerror(errno));
+return PAM_SYSTEM_ERR;
+}
+
+if (st.st_uid == uid) {
+r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
+if (r != PAM_SUCCESS) {
+pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
+return r;
+}
+} else if (debug) {
+pam_syslog(handle, LOG_DEBUG, "Runtime dir %s is not owned by the target uid %u, ignoring.",
+   runtime_path, uid);
 }
 
 if (!isempty(seat)) {
-- 
1.8.4.3



signature.asc
Description: Digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Andrey Borzenkov]

В Thu, 14 Nov 2013 21:10:26 +0600
"Alexander E. Patrakov"  пишет:

> >
> > +#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
> > +msgid ""
> > +"Authentication is required to set the statically configured local host 
> > name, "
> > +"as well as the pretty host name."
> > +msgstr ""
> > +"Для настройки статического имени локального узла, а также чудесного "
> > +"имени вашей машины, требуется авторизация."
> 

I honestly do not like "имя узла" (node name) as translation for "host
name". "Node" has rather different semantic. And you should chose either
"node name" or "machine name" but do not use them interchangeably. "Host
name" is pretty much an idiom, not descriptive text.

I would rather prefer "имя системы" (system name) in this case.

> I have never seen "pretty" translated as "чудесный" in such context
> (where the meaning is "descriptive, meaningful"). Could you please
> show some prior art?
> 

Whatever it is, it is not "Miraculous" :) In this context it means free
form system description (comment). Russian equivalent would be
"Описание компьютера" or "Описание системы" (system description),
depending on how "host name" is translated to be consistent.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Juliette Tux]

On 14 November 2013 19:58, Zbigniew Jędrzejewski-Szmek wrote:

> Can you please pick one and stick to it?


Sure, no problem. As you say.

Maybe just use a literal translation for this term?


Ok, no problem.

You gentlemen REALLY do care for translations here, glad to know it :)

-- 
best regards,
Julia Dronova
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Juliette Tux]

On 14 November 2013 21:17, Andrey Borzenkov  wrote:

> I honestly do not like "имя узла" (node name) as translation for "host
> name". "Node" has rather different semantic. And you should chose either
> "node name" or "machine name" but do not use them interchangeably. "Host
> name" is pretty much an idiom, not descriptive text.
>
> I would rather prefer "имя системы" (system name) in this case.
>
> > I have never seen "pretty" translated as "чудесный" in such context
> > (where the meaning is "descriptive, meaningful"). Could you please
> > show some prior art?
> >
>
> Whatever it is, it is not "Miraculous" :) In this context it means free
> form system description (comment). Russian equivalent would be
> "Описание компьютера" or "Описание системы" (system description),
> depending on how "host name" is translated to be consistent.
>

Please, just give us a phrase which you believe is more appropriate to fit
the textual consistency and totally reflects the correct use of the idiom
in this case. I'll just put it to the message as is :)


-- 
best regards,
Julia Dronova
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] selinux: fix selinux check for transient units

[Harald Hoyer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/05/2013 11:12 PM, Daniel J Walsh wrote:
> On 11/05/2013 12:22 PM, Lennart Poettering wrote:
> 
> Ok lets add a check that checks for start on a service labeled with the remote
> process label, then we can add rules like
> 
> allow systemd_logind_t self:service start
> 
> Or we can make it simpler and have the local end check against the init_t 
> process.
> 
> allow systemd_logind_t init_t:service start;
> 
> Which is probably a better solution, if we have no way of differentiating the
> services.
> 
> Machineid usually runs as init_t now.
> 
> systemd-run runs as the label of the process that executes it,  Usually
> unconfined_t, and sysadm_t.
> 

has any solution been found for this?

seems like one is needed for https://bugzilla.redhat.com/show_bug.cgi?id=1008864
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJShQ19AAoJEANOs3ABTfJwqLQQAMCwlsVui5GxrAIgm1pnRYy0
1vBZRJombQ93cYr5RbXcQzo9raGwD9C/TOA6PXJNyIKoxCh5unCMGdUB1pwR6y57
o1Uql1V1wVXPKqlsDsRdiKi14Qdz6e2CBqNQ1Gn1wx1JPvKPVy52iIMWjnFUCTzM
FzKoX+CJlbR77tOgn24WxhP+Zll4QFqBAAwgptKBCyZf8lyHgsgTSgS7KDKAr/Jr
v9BumGS9210fEHSQBJdkoaoYnMZOHPpaDxSDjZ76AqBw0MOksQsiamCRr20gbWnQ
a8wvguQzTXhjKLeM0rX9x5hwrCI2Q4YL+VMsr5I1GPfR5GBIldmPhe8V4SYrJQY4
zDa+pHc1ubsuv/b4c9mHS/4Wl6IY8Nz6AVIAjvM0wR6cKJ+Ip09bEEeyIFWk7oRa
RxNnFLwnUW4yweGCq4HlVv8r+SLpXIFkW9HkG1tr1UswB/jEC13wXW8WLfemGhuk
XjMus/oMdQkd79wPvlfKF9JT4xTtx0u613kDEc/A6uEEoR4dwIeuLFf1Lss+zydg
okLbsc8pLEFzXj1JKMut3DMEuhZss+WhLslGFEPKPpsAbHMEf42gJjuvMFb9aRTW
V1qNW9adpMbqYC4MEzEV9SD4rwfDk1RQPW8iNEfm4XINcF1X2HK7+DGvCgVVeK8d
tSM5P0ZhmXwimbrU63EH
=IedG
-END PGP SIGNATURE-
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 3/3] core: support Distribute=n to distribute to n SO_REUSEPORT workers

[Lennart Poettering]

On Thu, 14.11.13 07:50, Shawn Landden (sh...@churchofgit.com) wrote:

Heya,

So, if I understand this patch correctly then you are spawning
additional processes inside the same service, reaching voer from the
socket? Hmm, no, please not.

The way I believe this should work is more akin to the handling of
per-connection instances, i.e. how Accept=yes is handled. We'd spawn a
couple of service instances from the same template. Instead of naming
each instance after the incoming connection (which in this case we know
nothing about, since we wouldn#t accept the connection) we'd just number
them. Instead of passing along the connection socket we'd pass the
listening socket over to each instance. (Well, or a new socket if
ReusePort is enabled and the specific socket type supports
SO_REUSEPORT).

This way, each instance can have its own Restart setting to ensure it
stays running.

When the first connection comes in we'd spawn as many instances as
configured in Distribute=, and as soon as the last instance is gone we'd
go back to the beginning, wait for the next connection coming in, and
then start the same number again. As long as at least one instance is
still running we'd not watch the listening socket.

Hope that makes sense,

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 3/3] core: support Distribute=n to distribute to n SO_REUSEPORT workers

[Zbigniew Jędrzejewski-Szmek]

On Thu, Nov 14, 2013 at 07:10:51PM +0100, Lennart Poettering wrote:
> When the first connection comes in we'd spawn as many instances as
> configured in Distribute=
Hm, that seems like a big penalty. Why not instead:
- when the first connection comes in, start one worker, keep listening
- when the second connection comes in, start one worker, keep listening
...
- when the n-th connection comes in, start one worker, stop listening

This way at least we don't have more workers than connections, and
it staggers the launching of workers a bit, avoiding an overload.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 3/3] core: support Distribute=n to distribute to n SO_REUSEPORT workers

[Lennart Poettering]

On Thu, 14.11.13 19:31, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:

> 
> On Thu, Nov 14, 2013 at 07:10:51PM +0100, Lennart Poettering wrote:
> > When the first connection comes in we'd spawn as many instances as
> > configured in Distribute=
> Hm, that seems like a big penalty. Why not instead:
> - when the first connection comes in, start one worker, keep listening
> - when the second connection comes in, start one worker, keep listening
> ...
> - when the n-th connection comes in, start one worker, stop listening
> 
> This way at least we don't have more workers than connections, and
> it staggers the launching of workers a bit, avoiding an overload.

Well, I don't see how we could make this work, neither with SO_REUSEPORT
nor with simple duplicated sockets. After all, in this case systemd
doesn't accept the connections, it just watches the original listening
fd for the first time it gets POLLIN on it. That's all. From that there
is no way to determine how many connections are currently going on,
i.e. how many connections other processes which share the fd have going
on.

If SO_REUSEPORT is used, then I'd expect PID 1 to hand the listening
socket it used itself to the first instance it spawned plus a new
socket that is bound to the same address to the second, and so on for
all others. Now, if PID 1 keeps watching that original fd, it will get a
wakeup only when the kernel decides to deliver an incoming connection to
the fd the first instance is using, and I doubt that is a particularly
useful information. If SO_RESUEPORT is not used, then I'd expect PID 1
to hand the listening socket to all instances. If it then kept watching
it, then it will get even worse information, it will in the worst case
wake up with every incoming connection, and in the best case miss a
number of them, and again wthout any chance to determine how many
incoming connections there are...

The only thing we could do is to parse /proc/net/tcp and count how many
connections are active bound to the same local address/port. But yikes,
that'd be ugly and inefficient.

Maybe one day the kernel als SO_GETCONCURRENT os so, which would tell us
how many connection sockets are bound to the same local address/port as
the socket we'd call this on is. Only then we could do such load
management...

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] nspawn does not correctly handle I/O redirection

[Luke T . Shumaker]

At Thu, 14 Nov 2013 03:22:12 +0100,
Zbigniew Jędrzejewski-Szmek wrote:
> On Tue, Nov 05, 2013 at 07:59:46PM +0100, Lennart Poettering wrote:
> > On Mon, 04.11.13 11:05, Luke T. Shumaker (luke...@sbcglobal.net) wrote:
> > > and uploaded a patch
> > Hmm, can you rebase on current git please?
> Ping?
> 
> Zbyszek

Sorry, I've been pretty busy with other things, and haven't had time
to finish rebasing it (some of the relevent code had been
refactored).  Hopefully I will have time this weekend.

Happy hacking,
~ Luke Shumaker
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 3/3] core: support Distribute=n to distribute to n SO_REUSEPORT workers

[Zbigniew Jędrzejewski-Szmek]

On Thu, Nov 14, 2013 at 07:46:16PM +0100, Lennart Poettering wrote:
> On Thu, 14.11.13 19:31, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> 
> > 
> > On Thu, Nov 14, 2013 at 07:10:51PM +0100, Lennart Poettering wrote:
> > > When the first connection comes in we'd spawn as many instances as
> > > configured in Distribute=
> > Hm, that seems like a big penalty. Why not instead:
> > - when the first connection comes in, start one worker, keep listening
> > - when the second connection comes in, start one worker, keep listening
> > ...
> > - when the n-th connection comes in, start one worker, stop listening
> > 
> > This way at least we don't have more workers than connections, and
> > it staggers the launching of workers a bit, avoiding an overload.
> 
> Well, I don't see how we could make this work, neither with SO_REUSEPORT
> nor with simple duplicated sockets. After all, in this case systemd
> doesn't accept the connections, it just watches the original listening
> fd for the first time it gets POLLIN on it. That's all. From that there
> is no way to determine how many connections are currently going on,
> i.e. how many connections other processes which share the fd have going
> on.
> 
> If SO_REUSEPORT is used, then I'd expect PID 1 to hand the listening
> socket it used itself to the first instance it spawned plus a new
> socket that is bound to the same address to the second
Stop here. Instead of starting a second instance right now, listen
on the socket. When new connections come in, they might be scheduled
to first instance, or to systemd. If we get one, then we start another
instance, give it this socket, and open another socket and start listening
on it. With m processes started, we will receive 1/(m+1) of new connections.

Now things get a bit more complicated, depending on how long the connections
live. But let's assume that they are short... Then each worker has
approx. 1/m connections, m <= n.

If connections live long, then the first worker has more connections
than 1/m, the second one has a bit less, etc. In the limiting case
that connections live "forever", i.e. much longer than the average
time between connections, e.g. ssh, and the number of connections is
small enough that those initial conditions matter, the first process
will have 1 + 1/2 + 1/3 + 1/4 + ... + 1/n ~= ln(n) + 1/2, the
second will have 1/2 + 1/3 + ... + 1/n ~= ln(n) - 1/2, the
third will have 1/3 + ... + 1/n ~= ln(n) - 1/2 - 1/3, etc. If
we don't like this unevenness, we could start by opening n
SO_REUSEPORT sockets in the beggining, and then activating workers
on demand. The downside is the large number of sockets.

> , and so on for
> all others. Now, if PID 1 keeps watching that original fd, it will get a
> wakeup only when the kernel decides to deliver an incoming connection to
> the fd the first instance is using, and I doubt that is a particularly
> useful information. If SO_RESUEPORT is not used, then I'd expect PID 1
> to hand the listening socket to all instances. If it then kept watching
> it, then it will get even worse information, it will in the worst case
> wake up with every incoming connection, and in the best case miss a
> number of them, and again wthout any chance to determine how many
> incoming connections there are...
> 
> The only thing we could do is to parse /proc/net/tcp and count how many
> connections are active bound to the same local address/port. But yikes,
> that'd be ugly and inefficient.
>
> Maybe one day the kernel als SO_GETCONCURRENT os so, which would tell us
> how many connection sockets are bound to the same local address/port as
> the socket we'd call this on is. Only then we could do such load
> management...

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] French translation for systemd

[Sylvain Plantefeve]

Hi gentlemen,

Please find in attachement an humble contribution to translate systemd into
french.

Any feedback will be welcomed. :)

Best regards,

Sylvain Plantefève
--- /dev/null
+++ fr.po
@@ -0,0 +1,389 @@
+# French translations for systemd package
+# Traductions françaises du paquet systemd.
+# This file is distributed under the same license as the systemd package.
+# Sylvain Plantefève , 2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: systemd\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2013-11-14 17:49+0100\n"
+"PO-Revision-Date: 2013-11-14 17:57+0100\n"
+"Last-Translator: Sylvain Plantefève \n"
+"Language-Team: French\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
+msgid "Set host name"
+msgstr "Définir le nom d'hôte"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
+msgid "Authentication is required to set the local host name."
+msgstr "Il est nécéssaire de s'authentifier pour définir le nom d'hôte local."
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
+msgid "Set static host name"
+msgstr "Définir le nom d'hôte statique"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
+msgid ""
+"Authentication is required to set the statically configured local host name, "
+"as well as the pretty host name."
+msgstr ""
+"Il est nécéssaire de s'authentifier pour définir le nom d'hôte local de manière statique, "
+"tout comme le nom d'hôte familier."
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5
+msgid "Set machine information"
+msgstr "Définir les informations sur la machine"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:6
+msgid "Authentication is required to set local machine information."
+msgstr ""
+"Il est nécéssaire de s'authentifier pour définir les informations sur la machine locale."
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:1
+msgid "Set system locale"
+msgstr "Définir l'emplacement du système"
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:2
+msgid "Authentication is required to set the system locale."
+msgstr "Il est nécéssaire de s'authentifier pour définir l'emplacement du système."
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:3
+msgid "Set system keyboard settings"
+msgstr "Définir les paramètres de clavier du système"
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:4
+msgid "Authentication is required to set the system keyboard settings."
+msgstr ""
+"Il est nécéssaire de s'authentifier pour définir les paramètres de clavier du système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:1
+msgid "Allow applications to inhibit system shutdown"
+msgstr "Permet aux applications d'inhiber l'arrêt du système"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:2
+msgid ""
+"Authentication is required to allow an application to inhibit system "
+"shutdown."
+msgstr ""
+"Il est nécéssaire de s'authentifier pour permettre à une application d'inhiber "
+"l'arrêt du système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:3
+msgid "Allow applications to delay system shutdown"
+msgstr "Permet aux applications de retarder l'arrêt du système"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:4
+msgid ""
+"Authentication is required to allow an application to delay system shutdown."
+msgstr ""
+"Il est nécéssaire de s'authentifier pour permettre à une application de retarder "
+"l'arrêt du système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:5
+msgid "Allow applications to inhibit system sleep"
+msgstr "Permet aux applications d'inhiber la mise en veille du système"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:6
+msgid ""
+"Authentication is required to allow an application to inhibit system sleep."
+msgstr ""
+"Il est nécéssaire de s'authentifier pour permettre à une application d'inhiber "
+"la mise en veille du sytème."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:7
+msgid "Allow applications to delay system sleep"
+msgstr "Permet aux applications de retarder la mise en veille du système"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:8
+msgid ""
+"Authentication is required to allow an application to delay system sleep."
+msgstr ""
+"Il est nécéssaire de s'authentifier pour permettre à une application de retarder "
+"la mise en veille du système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:9
+msgid "Allow applications to inhibit automatic system suspend"
+msgstr "Permet aux applications d'inhiber l'hibernation automatique du sytème"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:10
+msgid ""
+"Authentication is required to allow an application to inhibit automatic "
+"system suspend."
+msgstr ""
+"Il est nécéssaire de s'authentifier pour permettre à une application d'inhiber "
+"l'hibernation automatique du système."
+
+#: ../src

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Sergey Ptashnick]

I've already done this work (in Mar 2013). You can simply use this.
Also, there is translated Journal catalog file.

// Feedback from native speakers are welcome.

#  This file is part of systemd.
#
#  Copyright 2012 Lennart Poettering
#  Copyright 2013 Sergey Ptashnick
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
#  systemd is distributed in the hope that it will be useful, but
#  WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
#  Lesser General Public License for more details.
#
#  You should have received a copy of the GNU Lesser General Public License
#  along with systemd; If not, see .

# Message catalog for systemd's own messages
# Russian translation

# Формат каталога сообщений описан по ссылке
# http://www.freedesktop.org/wiki/Software/systemd/catalog

# Перед каждым элементом в комментарии указан Subject исходного
# сообщения (на английском).

# Subject: The Journal has been started
-- f77379a8490b408bbe5f6940505a777b ru
Subject: Запущена служба журналирования
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Процесс, отвечающий за журналирование системных событий, успешно запустился,
открыл для записи файлы журнала, и готов обрабатывать запросы.

# Subject: The Journal has been stopped
-- d93fb3c9c24d451a97cea615ce59c00b ru
Subject: Служба журналирования остановлена
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Процесс, отвечающий за журналирование системных событий, завершил работу и
закрыл все свои файлы.

# Subject: Messages from a service have been suppressed
-- a596d6fe7bfa4994828e72309e95d61e ru
Subject: Часть сообщений от службы пропущена
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Documentation: man:journald.conf(5)

Служба отправила слишком много сообщений за короткий промежуток времени.
Часть сообщений была пропущена.

Обратите внимание, что были пропущены сообщения только от этой службы,
сообщения других служб не затронуты.

Предел, после которого служба журнала начинает игнорировать сообщения,
настраивается параметрами RateLimitInterval= и RateLimitBurst= в файле
/etc/systemd/journald.conf. Подробности смотрите на странице руководства
journald.conf(5).

# Subject: Journal messages have been missed
-- e9bf28e6e834481bb6f48f548ad13606 ru
Subject: Часть сообщений ядра пропущена
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Часть сообщений, поступивших от ядра, была потеряна, так как служба
журналирования не успела их обработать.

# Subject: Process @COREDUMP_PID@ (@COREDUMP_COMM@) dumped core
-- fc2e22bc6ee647b6b90729ab34a250b1 ru
Subject: Процесс @COREDUMP_PID@ (@COREDUMP_COMM@) сбросил дамп памяти
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Documentation: man:core(5)

Процесс @COREDUMP_PID@ (@COREDUMP_COMM@) завершился из-за критической ошибки.
Записан дамп памяти.

Вероятно, это произошло из-за ошибки, допущенной в коде программы.
Рекомендуется сообщить ее разработчикам о возникшей проблеме.

# Subject: A new session @SESSION_ID@ has been created for user @USER_ID@
-- 8d45620c1a4348dbb17410da57c60c66 ru
Subject: Для пользователя @USER_ID@ создан новый сеанс @SESSION_ID@
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat

Для пользователя @USER_ID@ создан новый сеанс с идентификатором @SESSION_ID@.

Ведущим процессом нового сеанса является @LEADER@.

# Subject: A session @SESSION_ID@ has been terminated
-- 3354939424b4456d9802ca8333ed424a ru
Subject: Сеанс @SESSION_ID@ завершен
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat

Сеанс с идентификатором @SESSION_ID@ завершился.

# Subject: A new seat @SEAT_ID@ is now available
-- fcbefc5da23d428093f97c82a9290f7b ru
Subject: Новый терминал @SEAT_ID@ готов к работе
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat

Новый терминал (seat) @SEAT_ID@ полностью настроен и готов к работе.

# Subject: A seat @SEAT_ID@ has now been removed
-- e7852bfe46784ed0accde04bc864c2d5 ru
Subject: Терминал @SEAT_ID@ отключен
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat

Терминал (seat) @SEAT_ID@ был отключен.

# Subject: Time change
-- c7a787079b354eaaa9e77b371893cd27 ru
Subjec

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Juliette Tux]

On 15 November 2013 00:06, Sergey Ptashnick <0comff...@inbox.ru> wrote:

> I've already done this work (in Mar 2013).


Pity, but there were no Russian translation at all, I would simply polished
your work.

You can simply use this.


No thanks. I'm struggling with the word <<аутентификация>> everywhere I see
it, and so on, as I can see from your file.

Ok, I'll send my fixed patch tomorrow, hope it'll go to the source code
tree at last.


-- 
best regards,
Julia Dronova
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Juliette Tux]

On 15 November 2013 00:37, Juliette Tux  wrote:

> I would simply polished your work.


'would had polished' , of course, my fault here


-- 
С уважением, Дронова Юлия
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Shawn Landden]

On Thu, Nov 14, 2013 at 12:40 PM, Juliette Tux  wrote:
>
> On 15 November 2013 00:37, Juliette Tux  wrote:
>>
>> I would simply polished your work.
>
>
> 'would had polished' , of course, my fault here
would _have_ polished, actually
---
Shawn Landden
+1 360 389 3001 (SMS preferred)
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] selinux: fix selinux check for transient units

[Daniel J Walsh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/14/2013 12:50 PM, Harald Hoyer wrote:
> On 11/05/2013 11:12 PM, Daniel J Walsh wrote:
>> On 11/05/2013 12:22 PM, Lennart Poettering wrote:
> 
>> Ok lets add a check that checks for start on a service labeled with the
>> remote process label, then we can add rules like
> 
>> allow systemd_logind_t self:service start
> 
>> Or we can make it simpler and have the local end check against the init_t
>> process.
> 
>> allow systemd_logind_t init_t:service start;
> 
>> Which is probably a better solution, if we have no way of differentiating
>> the services.
> 
>> Machineid usually runs as init_t now.
> 
>> systemd-run runs as the label of the process that executes it,  Usually 
>> unconfined_t, and sysadm_t.
> 
> 
> has any solution been found for this?
> 
> seems like one is needed for
> https://bugzilla.redhat.com/show_bug.cgi?id=1008864
> 

I guess the question I have is do you expect a patch from me?  Or are you guys
working on it?  I would go with the checking based on process label.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlKFNdUACgkQrlYvE4MpobNuXACg1eKUvMGKMv5zuwKHDvj44K+F
L6gAn3sQtD0QvGUUmJWRGRSolZTdOqN0
=pYrx
-END PGP SIGNATURE-
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Juliette Tux]

Yeah, thank for finishing me off, gentlemen, very nice of you. I love
developers :)


On 15 November 2013 00:42, Shawn Landden  wrote:

> On Thu, Nov 14, 2013 at 12:40 PM, Juliette Tux 
> wrote:
> >
> > On 15 November 2013 00:37, Juliette Tux  wrote:
> >>
> >> I would simply polished your work.
> >
> >
> > 'would had polished' , of course, my fault here
> would _have_ polished, actually
> ---
> Shawn Landden
> +1 360 389 3001 (SMS preferred)
>



-- 
С уважением, Дронова Юлия
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Sergey Ptashnick]

On 15.11.2013 00:37, Juliette Tux wrote:
> No thanks. I'm struggling with the word <<аутентификация>> everywhere I see
> it, and so on, as I can see from your file.

Please note that "аутентификация" (authentication) is not a synonym for 
"авторизация" (authorization).
These are two completely different procedures.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Juliette Tux]

On 15 November 2013 01:06, Sergey Ptashnick <0comff...@inbox.ru> wrote:

> Please note that "аутентификация" (authentication) is not a synonym for
> "авторизация" (authorization).
> These are two completely different procedures.
>

Do not agree here, this is pure calque, which happens very often nowdays in
Russian language. With all respect I do no think this is the right place
for this kind of discussion. Please come to gnome-cyr or kde-russian, we'll
have plenty to talk about :)


-- 
С уважением, Дронова Юлия
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] French translation for systemd

[Ronny Chevalier]

Hi,

Instead of :
 - "Il est nécessaire de s'authentifier [...]" why not
"Authentification requise [...]" for "Authentification required" ?
 - "inhiber" why not "empêcher" for "inhibit": For example, "Permet
aux applications d'empêcher l'arrêt du système"
 - "bouton d'alimentation", maybe "bouton (de mise en route| de démarrage)" ?

You used "Activer/désactiver" and "Activer ou désactiver", the second
is better I think.

seat: I'm not sure seat should be translated in "siège" since when
people will be looking for documentation, they will not find anything
or something that has nothing to do with it (siege has a meaning in
english too). Maybe you should let the word "seat" in english instead
of a straightforward translation ?


2013/11/14 Sylvain Plantefeve :
> Hi gentlemen,
>
> Please find in attachement an humble contribution to translate systemd into
> french.
>
> Any feedback will be welcomed. :)
>
> Best regards,
>
> Sylvain Plantefève
>
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Sergey Ptashnick]

On 15.11.2013 01:13, Juliette Tux wrote:
> On 15 November 2013 01:06, Sergey Ptashnick <0comff...@inbox.ru> wrote:
> 
>> Please note that "аутентификация" (authentication) is not a synonym for 
>> "авторизация" (authorization). These are two completely different procedures.
>> 
> 
> Do not agree here, this is pure calque, which happens very often nowdays in 
> Russian language. With all respect I do no think this is the right place for 
> this kind of discussion. Please come to gnome-cyr or kde-russian, we'll have 
> plenty to talk about :)

Ok, if you don't like "аутентификация", you can replace it by "идентификация",
but "авторизация" is completely different thing.
Struggle for the purity of language is not a reason for changing of the meaning.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] French translation for systemd

[Sylvain Plantefeve]

Hi,

2013/11/14 Ronny Chevalier 

> Hi,
>
> Instead of :
>  - "Il est nécessaire de s'authentifier [...]" why not
> "Authentification requise [...]" for "Authentification required" ?
>

Why not, indeed.


>  - "inhiber" why not "empêcher" for "inhibit": For example, "Permet
> aux applications d'empêcher l'arrêt du système"
>

Why not too... "empêcher" looks like more user-friendly, in fact.


>  - "bouton d'alimentation", maybe "bouton (de mise en route| de
> démarrage)" ?
>
>
Well, the power button can be used to start the computer, or turn it off as
well. The latter use is not covered if using "mise en route" or
"démarrage", right?



> You used "Activer/désactiver" and "Activer ou désactiver", the second
> is better I think.
>

Agreed.


> seat: I'm not sure seat should be translated in "siège" since when
> people will be looking for documentation, they will not find anything
> or something that has nothing to do with it (siege has a meaning in
> english too). Maybe you should let the word "seat" in english instead
> of a straightforward translation ?
>

Hmm, maybe "poste" or "poste de travail" can be used? Just a proposal.
Otherwise, I'll keep the english term.


Thanks for the tips!


>
>
> 2013/11/14 Sylvain Plantefeve :
> > Hi gentlemen,
> >
> > Please find in attachement an humble contribution to translate systemd
> into
> > french.
> >
> > Any feedback will be welcomed. :)
> >
> > Best regards,
> >
> > Sylvain Plantefève
> >
> >
> > ___
> > systemd-devel mailing list
> > systemd-devel@lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> >
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/2] core: support Distribute=n to distribute to n SO_REUSEPORT workers

[Shawn Landden]

v3 make each worker its own service
---
 TODO  |   3 +-
 man/systemd.socket.xml|   9 +++
 src/core/dbus-socket.c|   2 +
 src/core/load-fragment-gperf.gperf.m4 |   1 +
 src/core/service.c|   7 +-
 src/core/service.h|   1 -
 src/core/socket.c | 124 --
 src/core/socket.h |   4 ++
 8 files changed, 96 insertions(+), 55 deletions(-)

diff --git a/TODO b/TODO
index 57e1122..733e528 100644
--- a/TODO
+++ b/TODO
@@ -82,7 +82,7 @@ Features:
 
 * rfkill,backlight: we probably should run the load tools inside of the udev 
rules so that the state is properly initialized by the time other software sees 
it
 
-* Add a new Distribute=$NUMBER key to socket units that makes use of 
SO_REUSEPORT to distribute network traffic on $NUMBER instances
+* respawn Distribute= worker threads when they die unexpectedly
 
 * tmpfiles: when applying ownership to /run/log/journal, also do this for the 
journal fails contained in it
 
@@ -261,7 +261,6 @@ Features:
 * teach ConditionKernelCommandLine= globs or regexes (in order to match 
foobar={no,0,off})
 
 * Support SO_REUSEPORT with socket activation:
-  - Let systemd maintain a pool of servers.
   - Use for seamless upgrades, by running the new server before stopping the
 old.
 
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 7c10c58..92a9275 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -519,6 +519,15 @@
 
 
 
+Distribute=
+Takes an integer
+value. If greater than one, systemd will spawn
+given number of instances of service each
+listening to the same socket. This option 
implies
+Reuseport= 
above.
+
+
+
 SmackLabel=
 SmackLabelIPIn=
 
SmackLabelIPOut=
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index 60a8d05..4644007 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -68,6 +68,7 @@
 "  \n"\
 "  \n"\
 "  \n" \
+"  \n" \
 "  \n" \
 "  \n" \
 "  \n" \
@@ -196,6 +197,7 @@ static const BusProperty bus_socket_properties[] = {
 { "MessageQueueMessageSize", bus_property_append_long, "x", 
offsetof(Socket, mq_msgsize)  },
 { "Result", bus_socket_append_socket_result,   "s", 
offsetof(Socket, result)  },
 { "ReusePort",  bus_property_append_bool,  "b", 
offsetof(Socket, reuseport)   },
+{ "Distribute", bus_property_append_unsigned,  "u", 
offsetof(Socket, distribute)   },
 { "SmackLabel", bus_property_append_string,"s", 
offsetof(Socket, smack),  true },
 { "SmackLabelIPIn", bus_property_append_string,"s", 
offsetof(Socket, smack_ip_in),true },
 { "SmackLabelIPOut",bus_property_append_string,"s", 
offsetof(Socket, smack_ip_out),   true },
diff --git a/src/core/load-fragment-gperf.gperf.m4 
b/src/core/load-fragment-gperf.gperf.m4
index b64fdc9..4058a1f 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -211,6 +211,7 @@ Socket.PassCredentials,  config_parse_bool, 
 0,
 Socket.PassSecurity, config_parse_bool,  0,
 offsetof(Socket, pass_sec)
 Socket.TCPCongestion,config_parse_string,0,
 offsetof(Socket, tcp_congestion)
 Socket.ReusePort,config_parse_bool,  0,
 offsetof(Socket, reuseport)
+Socket.Distribute,   config_parse_unsigned,  0,
 offsetof(Socket, distribute)
 Socket.MessageQueueMaxMessages,  config_parse_long,  0,
 offsetof(Socket, mq_maxmsg)
 Socket.MessageQueueMessageSize,  config_parse_long,  0,
 offsetof(Socket, mq_msgsize)
 Socket.Service,  config_parse_socket_service,0,
 0
diff --git a/src/core/service.c b/src/core/service.c
index 3da32a1..8fc55a0 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -3663,7 +3663,6 @@ static void service_bus_query_pid_done(
 int service_set_socket_fd(Service *s, int fd, Socket *sock) {
 
 assert(s);
-assert(fd >= 0);
 
 /* This is called by the socket code when instantiating a new
  * service for a stream socket and the socket needs to be
@@ -3678,8 +3

[systemd-devel] [PATCH 2/2] core: lazy distribute for Distribute pools

[Shawn Landden]

---
 man/systemd.socket.xml| 9 +
 src/core/dbus-socket.c| 2 ++
 src/core/load-fragment-gperf.gperf.m4 | 1 +
 src/core/socket.c | 7 ++-
 src/core/socket.h | 1 +
 5 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 92a9275..327c098 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -528,6 +528,15 @@
 
 
 
+LazyDistribute=
+Takes an boolean
+value. If true, Distribute=n workers will not 
be spawned
+simultameously, but one at a time while 
connections come it
+until n are running. Because of the nature of 
SO_REUSEPORT workers are
+spawned at an exponentially decreasing rate to 
the number of incoming connections.
+
+
+
 SmackLabel=
 SmackLabelIPIn=
 
SmackLabelIPOut=
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index 4644007..4e2a31d 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -69,6 +69,7 @@
 "  \n"\
 "  \n" \
 "  \n" \
+"  \n" \
 "  \n" \
 "  \n" \
 "  \n" \
@@ -198,6 +199,7 @@ static const BusProperty bus_socket_properties[] = {
 { "Result", bus_socket_append_socket_result,   "s", 
offsetof(Socket, result)  },
 { "ReusePort",  bus_property_append_bool,  "b", 
offsetof(Socket, reuseport)   },
 { "Distribute", bus_property_append_unsigned,  "u", 
offsetof(Socket, distribute)   },
+{ "LazyDistribute", bus_property_append_bool,  "b", 
offsetof(Socket, lazy_distribute)   },
 { "SmackLabel", bus_property_append_string,"s", 
offsetof(Socket, smack),  true },
 { "SmackLabelIPIn", bus_property_append_string,"s", 
offsetof(Socket, smack_ip_in),true },
 { "SmackLabelIPOut",bus_property_append_string,"s", 
offsetof(Socket, smack_ip_out),   true },
diff --git a/src/core/load-fragment-gperf.gperf.m4 
b/src/core/load-fragment-gperf.gperf.m4
index 4058a1f..a023b0e 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -212,6 +212,7 @@ Socket.PassSecurity, config_parse_bool, 
 0,
 Socket.TCPCongestion,config_parse_string,0,
 offsetof(Socket, tcp_congestion)
 Socket.ReusePort,config_parse_bool,  0,
 offsetof(Socket, reuseport)
 Socket.Distribute,   config_parse_unsigned,  0,
 offsetof(Socket, distribute)
+Socket.LazyDistribute,   config_parse_bool,  0,
 offsetof(Socket, lazy_distribute)
 Socket.MessageQueueMaxMessages,  config_parse_long,  0,
 offsetof(Socket, mq_maxmsg)
 Socket.MessageQueueMessageSize,  config_parse_long,  0,
 offsetof(Socket, mq_msgsize)
 Socket.Service,  config_parse_socket_service,0,
 0
diff --git a/src/core/socket.c b/src/core/socket.c
index 10a0d95..c968902 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -514,6 +514,11 @@ static void socket_dump(Unit *u, FILE *f, const char 
*prefix) {
 "%sDistribute: %d\n",
  prefix, s->distribute);
 
+if (s->lazy_distribute)
+fprintf(f,
+"%sLazyDistribute: %s\n",
+ prefix, yes_no(s->lazy_distribute));
+
 if (s->smack)
 fprintf(f,
 "%sSmackLabel: %s\n",
@@ -1554,7 +1559,7 @@ static void socket_enter_running(Socket *s, int cfd) {
 
 socket_enter_listening(s);
 }
-} while(s->distribute > s->n_connections);
+} while(s->distribute > s->n_connections && 
!(s->lazy_distribute));
 
 /* Notify clients about changed counters */
 unit_add_to_dbus_queue(UNIT(s));
diff --git a/src/core/socket.h b/src/core/socket.h
index 5928356..98fe680 100644
--- a/src/core/socket.h
+++ b/src/core/socket.h
@@ -149,6 +149,7 @@ struct Socket {
 bool reuseport;
 /* implies reuseport */
 unsigned distribute;
+bool lazy_distribute;
 long mq_maxmsg;
 long mq_msgsize;
 
-- 
1.8.4.3

___
systemd-devel mailing l

Re: [systemd-devel] French translation for systemd

[Ronny Chevalier]

2013/11/14 Sylvain Plantefeve :
> Hi,
>
> 2013/11/14 Ronny Chevalier 
>>
>> Hi,
>>
>> Instead of :
>>  - "Il est nécessaire de s'authentifier [...]" why not
>> "Authentification requise [...]" for "Authentification required" ?
>
>
> Why not, indeed.
>
>>
>>  - "inhiber" why not "empêcher" for "inhibit": For example, "Permet
>> aux applications d'empêcher l'arrêt du système"
>
>
> Why not too... "empêcher" looks like more user-friendly, in fact.
>
>>
>>  - "bouton d'alimentation", maybe "bouton (de mise en route| de
>> démarrage)" ?
>>
>
> Well, the power button can be used to start the computer, or turn it off as
> well. The latter use is not covered if using "mise en route" or "démarrage",
> right?
Yes, I forgot that.

>
>
>>
>> You used "Activer/désactiver" and "Activer ou désactiver", the second
>> is better I think.
>
>
> Agreed.
>
>>
>> seat: I'm not sure seat should be translated in "siège" since when
>> people will be looking for documentation, they will not find anything
>> or something that has nothing to do with it (siege has a meaning in
>> english too). Maybe you should let the word "seat" in english instead
>> of a straightforward translation ?
>
>
> Hmm, maybe "poste" or "poste de travail" can be used? Just a proposal.
> Otherwise, I'll keep the english term.
I think "poste" is better yes. But I'm concerned about people who will
try to know more about « what's a "poste" for systemd/linux » Or maybe
something like : "Permet d'associer des périphériques à des postes
(seats)" ?

>
>
> Thanks for the tips!
>
>>
>>
>>
>> 2013/11/14 Sylvain Plantefeve :
>> > Hi gentlemen,
>> >
>> > Please find in attachement an humble contribution to translate systemd
>> > into
>> > french.
>> >
>> > Any feedback will be welcomed. :)
>> >
>> > Best regards,
>> >
>> > Sylvain Plantefève
>> >
>> >
>> > ___
>> > systemd-devel mailing list
>> > systemd-devel@lists.freedesktop.org
>> > http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> >
>
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] French translation for systemd

[Antoine Lubineau]

Le 14/11/2013 20:21, Sylvain Plantefeve a écrit :

Hi gentlemen,

Please find in attachement an humble contribution to translate systemd
into french.

Any feedback will be welcomed. :)

Best regards,

Sylvain Plantefève


Hi,

“nécéssaire” should be “nécessaire”.
“sytème” should be “système”.
“Mettre de système en hibernation” should be “Mettre le système en 
hibernation”.
“heure universelle coordonnée” should be “temps universel coordonné” 
(the original text does not even expand UTC).


Also please send inline patches in your mails, it’s easier to reply to.

Thanks,

Antoine
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] French translation for systemd

[Sylvain Plantefeve]

Thanks for the feedback, all advices were taken into account. :)


---

--- /dev/null
+++ b/po/fr.po
@@ -0,0 +1,397 @@
+# French translations for systemd package
+# Traductions françaises du paquet systemd.
+# This file is distributed under the same license as the systemd package.
+# Sylvain Plantefève , 2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: systemd\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2013-11-14 17:49+0100\n"
+"PO-Revision-Date: 2013-11-14 17:57+0100\n"
+"Last-Translator: Sylvain Plantefève \n"
+"Language-Team: French\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
+msgid "Set host name"
+msgstr "Définir le nom d'hôte"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
+msgid "Authentication is required to set the local host name."
+msgstr "Authentification requise pour définir le nom d'hôte local."
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
+msgid "Set static host name"
+msgstr "Définir le nom d'hôte statique"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
+msgid ""
+"Authentication is required to set the statically configured local host
name, "
+"as well as the pretty host name."
+msgstr ""
+"Authentification requise pour définir le nom d'hôte local de manière
statique, "
+"tout comme le nom d'hôte familier."
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5
+msgid "Set machine information"
+msgstr "Définir les informations sur la machine"
+
+#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:6
+msgid "Authentication is required to set local machine information."
+msgstr ""
+"Authentification requise pour définir les informations sur la machine
locale."
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:1
+msgid "Set system locale"
+msgstr "Définir l'emplacement du système"
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:2
+msgid "Authentication is required to set the system locale."
+msgstr "Authentification requise pour définir l'emplacement du système."
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:3
+msgid "Set system keyboard settings"
+msgstr "Définir les paramètres de clavier du système"
+
+#: ../src/locale/org.freedesktop.locale1.policy.in.h:4
+msgid "Authentication is required to set the system keyboard settings."
+msgstr "Authentification requise pour définir les paramètres de clavier du
système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:1
+msgid "Allow applications to inhibit system shutdown"
+msgstr "Permet aux applications d'empêcher l'arrêt du système"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:2
+msgid ""
+"Authentication is required to allow an application to inhibit system "
+"shutdown."
+msgstr ""
+"Authentification requise pour permettre à une application d'empêcher
l'arrêt "
+"du système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:3
+msgid "Allow applications to delay system shutdown"
+msgstr "Permet aux applications de retarder l'arrêt du système"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:4
+msgid ""
+"Authentication is required to allow an application to delay system
shutdown."
+msgstr ""
+"Authentification requise pour permettre à une application de retarder
l'arrêt "
+"du système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:5
+msgid "Allow applications to inhibit system sleep"
+msgstr "Permet aux applications d'empêcher la mise en veille du système"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:6
+msgid ""
+"Authentication is required to allow an application to inhibit system
sleep."
+msgstr ""
+"Authentification requise pour permettre à une application d'empêcher la
mise "
+"en veille du système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:7
+msgid "Allow applications to delay system sleep"
+msgstr "Permet aux applications de retarder la mise en veille du système"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:8
+msgid ""
+"Authentication is required to allow an application to delay system sleep."
+msgstr ""
+"Authentification requise pour permettre à une application de retarder la
mise "
+"en veille du système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:9
+msgid "Allow applications to inhibit automatic system suspend"
+msgstr "Permet aux applications d'empêcher l'hibernation automatique du
système"
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:10
+msgid ""
+"Authentication is required to allow an application to inhibit automatic "
+"system suspend."
+msgstr ""
+"Authentification requise pour permettre à une application d'empêcher "
+"l'hibernation automatique du système."
+
+#: ../src/login/org.freedesktop.login1.policy.in.h:11
+msgid "Allow applications to inhibit system handling of the power key"
+msgstr "Permet aux applications d'empêcher la gestion du bouton
d'alimentation "

[systemd-devel] is mounting subvolumes with a read-only root subvolume allowed?

[Zbigniew Jędrzejewski-Szmek]

Hi,
I have a box with / and /home being subvolumes from the same btrfs filesystem.

/etc/fstab:
UUID=c0686...  /  btrfs subvol=root,x-systemd.device-timeout=0 1 1
UUID=c0686...  /home  btrfs subvol=home,x-systemd.device-timeout=0 1 1
...

/ is initially mounted readonly by the initramfs, and then after switching
to the real system, /home is attempted to be mounted in parallel with /
being remounted rw. If remounting rw happens first, boot proceeds. If
mounting /home is attempted to realy, it fails.

$ /bin/mount /home
mount: /dev/mapper/luks-765... is already mounted or /home busy
   /dev/mapper/luks-765... is already mounted on /
$ /bin/mount -o remount,rw /
$ /bin/mount /home
$

So, is this expected that the other subvolume must be mounted rw?

Zbyszek


___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] is mounting subvolumes with a read-only root subvolume allowed?

[Karel Zak]

On Fri, Nov 15, 2013 at 12:32:10AM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> Hi,
> I have a box with / and /home being subvolumes from the same btrfs filesystem.
> 
> /etc/fstab:
> UUID=c0686...  /  btrfs subvol=root,x-systemd.device-timeout=0 1 1
> UUID=c0686...  /home  btrfs subvol=home,x-systemd.device-timeout=0 1 1
> ...
> 
> / is initially mounted readonly by the initramfs, and then after switching
> to the real system, /home is attempted to be mounted in parallel with /
> being remounted rw. If remounting rw happens first, boot proceeds. If
> mounting /home is attempted to realy, it fails.
> 
> $ /bin/mount /home
> mount: /dev/mapper/luks-765... is already mounted or /home busy
>/dev/mapper/luks-765... is already mounted on /
> $ /bin/mount -o remount,rw /
> $ /bin/mount /home
> $
> 
> So, is this expected that the other subvolume must be mounted rw?

 This is known and pretty stupid issue:
 http://www.spinics.net/lists/linux-btrfs/msg25502.html

 ... but it seems that btrfs guys are fine with this "feature".

Karel

-- 
 Karel Zak  
 http://karelzak.blogspot.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] is mounting subvolumes with a read-only root subvolume allowed?

[Zbigniew Jędrzejewski-Szmek]

On Fri, Nov 15, 2013 at 12:43:51AM +0100, Karel Zak wrote:
> On Fri, Nov 15, 2013 at 12:32:10AM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> > Hi,
> > I have a box with / and /home being subvolumes from the same btrfs 
> > filesystem.
> > 
> > /etc/fstab:
> > UUID=c0686...  /  btrfs subvol=root,x-systemd.device-timeout=0 1 1
> > UUID=c0686...  /home  btrfs subvol=home,x-systemd.device-timeout=0 1 1
> > ...
> > 
> > / is initially mounted readonly by the initramfs, and then after switching
> > to the real system, /home is attempted to be mounted in parallel with /
> > being remounted rw. If remounting rw happens first, boot proceeds. If
> > mounting /home is attempted to realy, it fails.
> > 
> > $ /bin/mount /home
> > mount: /dev/mapper/luks-765... is already mounted or /home busy
> >/dev/mapper/luks-765... is already mounted on /
> > $ /bin/mount -o remount,rw /
> > $ /bin/mount /home
> > $
> > 
> > So, is this expected that the other subvolume must be mounted rw?
> 
>  This is known and pretty stupid issue:
>  http://www.spinics.net/lists/linux-btrfs/msg25502.html
> 
>  ... but it seems that btrfs guys are fine with this "feature".
5 months without a reply. Great.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-bugs] Russian translation for systemd

[Dennis Semakin]

Guys, guys, it's quite simple actually.

Identification is an assignment of subjects or objects the identificator. E.g.: 
login, ID card, fingerprints, retina of the eye...

Authentication is a process of comparision between given users password, his 
ID(identificator) and the password from database, for example.

Authorization is Identification plus Authentication

In other words :
 "Авторизация = идентификация + аутентификация".


15.11.2013, 01:41, "Sergey Ptashnick" <0comff...@inbox.ru>:
> On 15.11.2013 01:13, Juliette Tux wrote:
>
>>  On 15 November 2013 01:06, Sergey Ptashnick <0comff...@inbox.ru> wrote:
>>>  Please note that "аутентификация" (authentication) is not a synonym for 
>>> "авторизация" (authorization). These are two completely different 
>>> procedures.
>>  Do not agree here, this is pure calque, which happens very often nowdays in 
>> Russian language. With all respect I do no think this is the right place for 
>> this kind of discussion. Please come to gnome-cyr or kde-russian, we'll have 
>> plenty to talk about :)
>
> Ok, if you don't like "аутентификация", you can replace it by "идентификация",
> but "авторизация" is completely different thing.
> Struggle for the purity of language is not a reason for changing of the 
> meaning.
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- 
Яндекс.Почта — быстрая почта
http://mail.yandex.ru/neo2/collect/?exp=1&t=2
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel