Re: [systemd-devel] The whole su/pkexec session debate

2013-12-01 Thread Martin Pitt 
David Herrmann [2013-12-01 16:57 +0100]:
> Screen can be fixed to call:
>   pam_start(&pamh)
>   pam_open_session(pamh)
> 
> and during shutdown:
>   pam_close_session(pamh)
>   pam_end(pamh)

Please not; screen has no business interfering with the PAM stack, it
does not start login sessions by itself.

Also, IIRC this would require root privileges, which screen usually
does not (and should not) have.

> This way, screen will keep an "active" reference to the session and
> systemd-logind will not mark it as "closing".

But that screen process would still be running in the user's logind
session cgroup, so logind can see that the session is still active
that way? (Unless you configured it to kill all session processes on
logout).

Martin
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC 05/12] gfx: add sd-gfx library with unifont section

2013-12-01 Thread Zbigniew Jędrzejewski-Szmek 
https://bugzilla.redhat.com/show_bug.cgi?id=1036462
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/4] shared: mark strv_length() _pure_

2013-12-01 Thread Shawn Landden 
On Sun, Dec 1, 2013 at 3:59 PM, Zbigniew Jędrzejewski-Szmek
 wrote:
> On Sun, Dec 01, 2013 at 02:50:15PM -0800, Shawn Landden wrote:
>> ---
>>  src/shared/strv.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/src/shared/strv.c b/src/shared/strv.c
>> index 607c221..cc6adfa 100644
>> --- a/src/shared/strv.c
>> +++ b/src/shared/strv.c
>> @@ -84,7 +84,7 @@ char **strv_copy(char * const *l) {
>>  return r;
>>  }
>>
>> -unsigned strv_length(char * const *l) {
>> +_pure_ unsigned strv_length(char * const *l) {
>>  unsigned n = 0;
>>
> _pure_ only makes sense in .h files, except for static functions of course, 
> which
> are not declared in an .h file. This annotation tells the compiler how to 
> optimize
> calls to the function, so it must be available where it is used.
yes indeed, and in the .h file its already _pure_.
>
> Zbyszek
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] service: remove unneccesary Socket.got_socket_fd

2013-12-01 Thread Zbigniew Jędrzejewski-Szmek 
On Wed, Nov 20, 2013 at 12:35:04AM -0800, Shawn Landden wrote:
> ---
>  src/core/service.c | 3 +--
>  src/core/service.h | 2 --
>  2 files changed, 1 insertion(+), 4 deletions(-)
> 
> diff --git a/src/core/service.c b/src/core/service.c
> index c0ee114..24f7a42 100644
> --- a/src/core/service.c
> +++ b/src/core/service.c
> @@ -2812,7 +2812,7 @@ _pure_ static bool service_check_snapshot(Unit *u) {
>  
>  assert(s);
>  
> -return !s->got_socket_fd;
> +return (s->socket_fd < 0);
>  }
Yep, looks correct. Applied.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] nspawn: shorten conditional path

2013-12-01 Thread Shawn Landden 
---
 src/nspawn/nspawn.c | 19 +++
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index dd7337b..f400a65 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -481,10 +481,8 @@ static int setup_timezone(const char *dest) {
 return 0;
 }
 
-z = path_startswith(p, "../usr/share/zoneinfo/");
-if (!z)
-z = path_startswith(p, "/usr/share/zoneinfo/");
-if (!z) {
+if (!((z = path_startswith(p, "../usr/share/zoneinfo/")) ||
+  (z = path_startswith(p,   "/usr/share/zoneinfo/" {
 log_warning("/etc/localtime does not point into 
/usr/share/zoneinfo/, not updating container timezone.");
 return 0;
 }
@@ -495,14 +493,11 @@ static int setup_timezone(const char *dest) {
 
 r = readlink_malloc(where, &q);
 if (r >= 0) {
-y = path_startswith(q, "../usr/share/zoneinfo/");
-if (!y)
-y = path_startswith(q, "/usr/share/zoneinfo/");
-
-
-/* Already pointing to the right place? Then do nothing .. */
-if (y && streq(y, z))
-return 0;
+if ((y = path_startswith(q, "../usr/share/zoneinfo/")) ||
+(y = path_startswith(q,   "/usr/share/zoneinfo/")))
+/* Already pointing to the right place? Then do 
nothing .. */
+if (streq(y, z))
+return 0;
 }
 
 check = strjoin(dest, "/usr/share/zoneinfo/", z, NULL);
-- 
1.8.4.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/4] shared: mark strv_length() _pure_

2013-12-01 Thread Zbigniew Jędrzejewski-Szmek 
On Sun, Dec 01, 2013 at 02:50:15PM -0800, Shawn Landden wrote:
> ---
>  src/shared/strv.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/shared/strv.c b/src/shared/strv.c
> index 607c221..cc6adfa 100644
> --- a/src/shared/strv.c
> +++ b/src/shared/strv.c
> @@ -84,7 +84,7 @@ char **strv_copy(char * const *l) {
>  return r;
>  }
>  
> -unsigned strv_length(char * const *l) {
> +_pure_ unsigned strv_length(char * const *l) {
>  unsigned n = 0;
>  
_pure_ only makes sense in .h files, except for static functions of course, 
which
are not declared in an .h file. This annotation tells the compiler how to 
optimize
calls to the function, so it must be available where it is used.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] nspawn: --populate with dynamic libs and one-file scripts

2013-12-01 Thread Shawn Landden 
the whitelist of dynamic linker paths comes from clang
---
 man/systemd-nspawn.xml |   8 +--
 src/nspawn/elf.c   | 161 +
 src/nspawn/elf.h   |  14 +++-
 src/nspawn/nspawn.c| 191 ++---
 src/shared/util.c  |  80 +
 src/shared/util.h  |   2 +
 6 files changed, 430 insertions(+), 26 deletions(-)

diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 24bc0d7..723ec09 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -214,11 +214,11 @@
 -p
 --populate
 
-If COMMAND does not exist in
-target root directory, launch host 
COMMAND.
+Use COMMAND from host.
 
-Can be used on empty target directories
-(if COMMAND a static 
executable).
+Can be used on empty target directories,
+if COMMAND an ELF executable, or
+one-file script.
 
 
 
diff --git a/src/nspawn/elf.c b/src/nspawn/elf.c
index f91b374..63ada56 100644
--- a/src/nspawn/elf.c
+++ b/src/nspawn/elf.c
@@ -26,44 +26,90 @@
 #include "elf.h"
 #include "util.h"
 #include "log.h"
+#include "strv.h"
 
 int analyze_executable(const char *path,
int *_fd,
bool *_elf64,
char **_linker,
-   char **shebang) {
+   char **shebang,
+   char ***_libs) {
 
-char e_ident[sizeof(Elf64_Ehdr)];
+char e_ident[MAX(2u + PATH_MAX, sizeof(Elf64_Ehdr))];
 uint16_t e_type;
 off_t e_phoff;
 uint16_t e_phentsize, e_phnum;
 bool elf64;
-int fd = -1;
+_cleanup_close_ int fd = -1;
 bool have_interp = false;
 int r;
 
 assert(path);
+assert(_fd);
 assert(_elf64);
 assert(_linker);
 assert(shebang);
+assert(_libs);
 
 fd = open(path, O_RDONLY | O_CLOEXEC);
 if (fd < 0) {
-log_error("open(\"%s\") failed: %m", path);
+log_error("open(%s) failed: %m", path);
 return -errno;
 }
 
-r = read(fd, e_ident, sizeof(Elf64_Ehdr));
+r = read(fd, e_ident, MAX(2u + PATH_MAX, sizeof(Elf64_Ehdr)));
 if (r < 0) {
-log_error("read() on %s failed: %m", path);
+log_error("read(%s) failed: %s", path, strerror(errno));
 return -errno;
 }
 
 if (memcmp(e_ident, ELFMAG, SELFMAG) != 0) {
-log_error("%s is not an ELF executable.", path);
-return -ENOSYS;
-} else
+if (startswith(e_ident, "#!")) {
+_cleanup_close_ int shebang_fd = -1;
+char shebang_e_ident[sizeof(Elf64_Ehdr)];
+char *t;
+
+  /* from 
fs/binfmt_script.c:42 */
+t = e_ident + strcspn(e_ident, " \t\n");
+t[0] = '\0';
+
+t = &e_ident[2];
+
+shebang_fd = open(t, O_RDONLY|O_CLOEXEC);
+if (shebang_fd < 0) {
+log_error("Cannot open interpreter %s: %m", t);
+return -errno;
+}
+
+r = read(shebang_fd, shebang_e_ident, 
sizeof(Elf64_Ehdr));
+if (r < SELFMAG) {
+log_error("read(%s) failed: %s", t, strerror(r 
< 0 ? errno : EIO));
+return -errno;
+}
+
+/* The kernel actually supports interpreters of 
interpreters
+ * but we don't support that here. */
+if (memcmp(shebang_e_ident, ELFMAG, SELFMAG) != 0) {
+log_error("Interpreter %s is not an ELF 
executable.", t);
+return -EINVAL;
+}
+
+*_fd = fd;
+fd = shebang_fd; /* analyze and */
+shebang_fd = -1; /* don't close ELF */
+*shebang = strdup(t);
+if (!*shebang)
+return log_oom();
+
+memcpy(e_ident, shebang_e_ident, sizeof(Elf64_Ehdr));
+} else {
+log_error("%s is not an ELF executable or script 
starting with #!.", path);
+return -ENOSYS;
+}
+} else {
+*_fd

[systemd-devel] [PATCH 4/4] nspawn: --populate with dynamic libs and one-file scripts

2013-12-01 Thread Shawn Landden 
the whitelist of dynamic linker paths comes from clang
---
 man/systemd-nspawn.xml |   8 +--
 src/nspawn/elf.c   | 162 +
 src/nspawn/elf.h   |  14 +++-
 src/nspawn/nspawn.c| 191 ++---
 src/shared/util.c  |  80 +
 src/shared/util.h  |   2 +
 6 files changed, 431 insertions(+), 26 deletions(-)

diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 24bc0d7..723ec09 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -214,11 +214,11 @@
 -p
 --populate
 
-If COMMAND does not exist in
-target root directory, launch host 
COMMAND.
+Use COMMAND from host.
 
-Can be used on empty target directories
-(if COMMAND a static 
executable).
+Can be used on empty target directories,
+if COMMAND an ELF executable, or
+one-file script.
 
 
 
diff --git a/src/nspawn/elf.c b/src/nspawn/elf.c
index f91b374..62d0fda 100644
--- a/src/nspawn/elf.c
+++ b/src/nspawn/elf.c
@@ -26,44 +26,90 @@
 #include "elf.h"
 #include "util.h"
 #include "log.h"
+#include "strv.h"
 
 int analyze_executable(const char *path,
int *_fd,
bool *_elf64,
char **_linker,
-   char **shebang) {
+   char **shebang,
+   char ***_libs) {
 
-char e_ident[sizeof(Elf64_Ehdr)];
+char e_ident[MAX(2u + PATH_MAX, sizeof(Elf64_Ehdr))];
 uint16_t e_type;
 off_t e_phoff;
 uint16_t e_phentsize, e_phnum;
 bool elf64;
-int fd = -1;
+_cleanup_close_ int fd = -1;
 bool have_interp = false;
 int r;
 
 assert(path);
+assert(_fd);
 assert(_elf64);
 assert(_linker);
 assert(shebang);
+assert(_libs);
 
 fd = open(path, O_RDONLY | O_CLOEXEC);
 if (fd < 0) {
-log_error("open(\"%s\") failed: %m", path);
+log_error("open(%s) failed: %m", path);
 return -errno;
 }
 
-r = read(fd, e_ident, sizeof(Elf64_Ehdr));
+r = read(fd, e_ident, MAX(2u + PATH_MAX, sizeof(Elf64_Ehdr)));
 if (r < 0) {
-log_error("read() on %s failed: %m", path);
+log_error("read(%s) failed: %s", path, strerror(errno));
 return -errno;
 }
 
 if (memcmp(e_ident, ELFMAG, SELFMAG) != 0) {
-log_error("%s is not an ELF executable.", path);
-return -ENOSYS;
-} else
+if (startswith(e_ident, "#!")) {
+_cleanup_close_ int shebang_fd = -1;
+char shebang_e_ident[sizeof(Elf64_Ehdr)];
+char *t;
+
+  /* from 
fs/binfmt_script.c:42 */
+t = e_ident + strcspn(e_ident, " \t\n");
+t[0] = '\0';
+
+t = e_ident[2];
+
+shebang_fd = open(t, O_RDONLY|O_CLOEXEC);
+if (shebang_fd < 0) {
+log_error("Cannot open interpreter %s: %m", t);
+return -errno;
+}
+
+r = read(shebang_fd, shebang_e_ident, 
sizeof(Elf64_Ehdr));
+if (r < SELFMAG) {
+log_error("read(%s) failed: %s", t, strerror(r 
< 0 ? errno : EIO));
+return -errno;
+}
+
+/* The kernel actually supports interpreters of 
interpreters
+ * but we don't support that here. */
+if (memcmp(shebang_e_ident, ELFMAG, SELFMAG) != 0) {
+log_error("Interpreter %s is not an ELF 
executable.", t);
+return -EINVAL;
+}
+
+*_fd = fd;
+fd = shebang_fd; /* analyze and */
+shebang_fd = -1; /* don't close ELF */
+*shebang = strdup(t);
+if (!*shebang)
+return log_oom();
+
+memcpy(e_ident, shebang_e_ident, sizeof(Elf64_Ehdr));
+} else {
+log_error("%s is not an ELF executable or script 
starting with #!.", path);
+return -ENOSYS;
+}
+} else {
+*_fd

[systemd-devel] [PATCH 3/4] nspawn: --populate to run static binaries on empty target directory

2013-12-01 Thread Shawn Landden 
nspawn has been called "chroot on steroids".

Continue that tradition by supporting target directories that
are not root directories.

This patch handles the simple case: a static binary.
---
 Makefile.am|   2 +
 man/systemd-nspawn.xml |  11 +
 src/nspawn/elf.c   | 131 +
 src/nspawn/elf.h   |  30 +++
 src/nspawn/nspawn.c|  47 +++---
 src/shared/path-util.c |  57 +++--
 src/shared/path-util.h |   5 +-
 7 files changed, 260 insertions(+), 23 deletions(-)
 create mode 100644 src/nspawn/elf.c
 create mode 100644 src/nspawn/elf.h

diff --git a/Makefile.am b/Makefile.am
index 7a45029..67c26f4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1832,6 +1832,8 @@ systemd_cgtop_LDADD = \
 # 
--
 systemd_nspawn_SOURCES = \
src/nspawn/nspawn.c \
+   src/nspawn/elf.c \
+   src/nspawn/elf.h \
src/core/mount-setup.c \
src/core/mount-setup.h \
src/core/loopback-setup.c \
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 75d2e6d..24bc0d7 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -211,6 +211,17 @@
 
 
 
+-p
+--populate
+
+If COMMAND does not exist in
+target root directory, launch host 
COMMAND.
+
+Can be used on empty target directories
+(if COMMAND a static 
executable).
+
+
+
 -u
 --user=
 
diff --git a/src/nspawn/elf.c b/src/nspawn/elf.c
new file mode 100644
index 000..f91b374
--- /dev/null
+++ b/src/nspawn/elf.c
@@ -0,0 +1,131 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+  This file is part of systemd.
+
+  Copyright 2013 Shawn Landden
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see .
+***/
+
+
+#include 
+#include 
+
+#include "elf.h"
+#include "util.h"
+#include "log.h"
+
+int analyze_executable(const char *path,
+   int *_fd,
+   bool *_elf64,
+   char **_linker,
+   char **shebang) {
+
+char e_ident[sizeof(Elf64_Ehdr)];
+uint16_t e_type;
+off_t e_phoff;
+uint16_t e_phentsize, e_phnum;
+bool elf64;
+int fd = -1;
+bool have_interp = false;
+int r;
+
+assert(path);
+assert(_elf64);
+assert(_linker);
+assert(shebang);
+
+fd = open(path, O_RDONLY | O_CLOEXEC);
+if (fd < 0) {
+log_error("open(\"%s\") failed: %m", path);
+return -errno;
+}
+
+r = read(fd, e_ident, sizeof(Elf64_Ehdr));
+if (r < 0) {
+log_error("read() on %s failed: %m", path);
+return -errno;
+}
+
+if (memcmp(e_ident, ELFMAG, SELFMAG) != 0) {
+log_error("%s is not an ELF executable.", path);
+return -ENOSYS;
+} else
+*shebang = NULL;
+
+switch (e_ident[EI_CLASS]) {
+case ELFCLASS32:
+elf64 = false;
+break;
+case ELFCLASS64:
+elf64 = true;
+break;
+default:
+log_error("Unknown ELF class.");
+return -EINVAL;
+}
+
+if (elf64) {
+Elf64_Ehdr *ehdr = (Elf64_Ehdr *)&e_ident;
+
+e_type = ehdr->e_type;
+e_phoff = ehdr->e_phoff;
+e_phentsize = ehdr->e_phentsize;
+e_phnum = ehdr->e_phnum;
+} else {
+Elf32_Ehdr *ehdr = (Elf32_Ehdr *)&e_ident;
+
+e_type = ehdr->e_type;
+e_phoff = ehdr->e_phoff;
+e_phentsize = ehdr->e_phentsize;
+e_phnum = ehdr->e_phnum;
+}
+
+/* Not checking e_ident[E_DATA], file is assumed to be of host 
endianness. */
+if (e_type != ET_EXEC) {
+log_error("%s is not an ELF executable, or is of alien 
endianness.", path);
+

[systemd-devel] [PATCH 2/4] shared: mark strv_length() _pure_

2013-12-01 Thread Shawn Landden 
---
 src/shared/strv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/strv.c b/src/shared/strv.c
index 607c221..cc6adfa 100644
--- a/src/shared/strv.c
+++ b/src/shared/strv.c
@@ -84,7 +84,7 @@ char **strv_copy(char * const *l) {
 return r;
 }
 
-unsigned strv_length(char * const *l) {
+_pure_ unsigned strv_length(char * const *l) {
 unsigned n = 0;
 
 if (!l)
-- 
1.8.4.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/4] nspawn: shorten conditional path

2013-12-01 Thread Shawn Landden 
---
 src/nspawn/nspawn.c | 19 +++
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index dd7337b..0151cf3 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -481,10 +481,8 @@ static int setup_timezone(const char *dest) {
 return 0;
 }
 
-z = path_startswith(p, "../usr/share/zoneinfo/");
-if (!z)
-z = path_startswith(p, "/usr/share/zoneinfo/");
-if (!z) {
+if ((z = path_startswith(p, "../usr/share/zoneinfo/")) ||
+(z = path_startswith(p, "/usr/share/zoneinfo/"))) {
 log_warning("/etc/localtime does not point into 
/usr/share/zoneinfo/, not updating container timezone.");
 return 0;
 }
@@ -495,14 +493,11 @@ static int setup_timezone(const char *dest) {
 
 r = readlink_malloc(where, &q);
 if (r >= 0) {
-y = path_startswith(q, "../usr/share/zoneinfo/");
-if (!y)
-y = path_startswith(q, "/usr/share/zoneinfo/");
-
-
-/* Already pointing to the right place? Then do nothing .. */
-if (y && streq(y, z))
-return 0;
+if ((y = path_startswith(q, "../usr/share/zoneinfo/")) ||
+(y = path_startswith(q, "/usr/share/zoneinfo/")))
+/* Already pointing to the right place? Then do 
nothing .. */
+if (streq(y, z))
+return 0;
 }
 
 check = strjoin(dest, "/usr/share/zoneinfo/", z, NULL);
-- 
1.8.4.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-commits] 4 commits - catalog/systemd-fr.catalog catalog/systemd-ru.catalog configure.ac Makefile.am po/.gitignore po/LINGUAS po/ru.po

2013-12-01 Thread David Herrmann 
Hi

On Sun, Dec 1, 2013 at 4:13 PM, Colin Walters  wrote:
> On Sun, 2013-12-01 at 01:26 +0100, Zbigniew Jędrzejewski-Szmek wrote:
>
>> Actually I don't think we need to totally forbid declarations after 
>> statements.
>
> I don't have an opinion myself on making -Wdeclaration-after-statement
> an error or not, but presently with GCC 4.7 as in gnome-continuous,
> we get a spam of warnings:
>
> http://build.gnome.org/continuous/buildmaster/builds/2013/11/30/25/build/warnings-systemd.txt
>
> And the goal of the patch is to quiet those with older gcc versions.

Same for gcc-4.8.2 here on Arch. The Fedora (also 4.8.2) apparently
doesn't have these problems. So seems to be related to gcc
build-flags.. maybe some-one can report them upstream?

As a workaround you can always pass -Wno-declaration-after-statement
to local CFLAGS.

Cheers
David
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/7] Give the user permissions to their session's cgroup

2013-12-01 Thread Hristo Venev 
See systemd src/core/execute.c:1299-1312, especially lines 1300 and
1307.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd session mode

2013-12-01 Thread Hristo Venev 
What about DISPLAY being different for different graphical sessions?

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/7] Give the user permissions to their session's cgroup

2013-12-01 Thread Kay Sievers 
On Sun, Dec 1, 2013 at 8:25 PM, Hristo Venev  wrote:
> User is given permissions to their user@*.service cgroup so that user mode
> systemd can run. session-*.scope cgroup permissions are required for
> session mode.

Systemd cannot delegate access to cgroupfs, it all has to happen
inside of PID1. Ordinary users are not supposed to be able to write to
cgroupfs.

Kay
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd session mode

2013-12-01 Thread Kay Sievers 
On Sun, Dec 1, 2013 at 8:25 PM, Hristo Venev  wrote:
> I've implemented session mode for systemd. I am currently using it and it 
> works
> pretty okay. I just had to generate D-Bus user services for D-Bus activation 
> to
> work.
>
> A new variable, XDG_SESSION_DIR, has been added. It defaults to
> /run/session/$XDG_SESSION_ID and is to be used for session-specific files as 
> it
> is `rm -rf`-ed on logout. There, in ./systemd/private, the systemd socket is
> stored. Also, my implementation of session units stores the D-Bus socket in
> ./dbus/session_bus_socket.

There is intentionally only support for "systemd --user", no plan to
support any sort of systemd session instance. The one instance for the
user will be shared by all sessions of the same user.

With kdbus, the bus will be created by systemd itself, and also one
per user, not one per session.

D-Bus activation will be handled by new .busname units, read by
systemd. the current D-Bus config and policy will go away.

Kay
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd session mode

2013-12-01 Thread Shawn Landden 
On Sun, Dec 1, 2013 at 11:25 AM, Hristo Venev  wrote:
> I've implemented session mode for systemd. I am currently using it and it 
> works
> pretty okay. I just had to generate D-Bus user services for D-Bus activation 
> to
> work.
>
> A new variable, XDG_SESSION_DIR, has been added. It defaults to
> /run/session/$XDG_SESSION_ID and is to be used for session-specific files as 
> it
> is `rm -rf`-ed on logout. There, in ./systemd/private, the systemd socket is
> stored. Also, my implementation of session units stores the D-Bus socket in
> ./dbus/session_bus_socket.
>
> Sorry if I am sending this for the third time but I can't see it in the 
> mailing
> list.
nope, we only got it once :)
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 0/1] bus: make sure we always return valid error messages

2013-12-01 Thread Djalal Harouni 
On Sat, Nov 30, 2013 at 07:48:26PM +0100, Lennart Poettering wrote:
> On Sat, 30.11.13 19:08, Lennart Poettering (lenn...@poettering.net) wrote:
> 
> > < 0 → temporarily const, deep copies necessary to keep around, no free() on 
> > free
> >   0 → forever const, shallow copy OK, no free() on free
> > > 0 → dynamic, deep copy always, free() on free
> > 
> > I'll make the necessary changes!
> 
> Done now. Could you check if this fixes the bug you found?
I've just done a couple of tests and yes the bug was fixed.

> Thanks for tracking this down!
You are welcome!

> Lennart
> 
> -- 
> Lennart Poettering, Red Hat

-- 
Djalal Harouni
http://opendz.org
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [systemd-commits] 4 commits - catalog/systemd-fr.catalog catalog/systemd-ru.catalog configure.ac Makefile.am po/.gitignore po/LINGUAS po/ru.po

2013-12-01 Thread Colin Walters 
On Sun, 2013-12-01 at 01:26 +0100, Zbigniew Jędrzejewski-Szmek wrote:

> Actually I don't think we need to totally forbid declarations after 
> statements.

I don't have an opinion myself on making -Wdeclaration-after-statement
an error or not, but presently with GCC 4.7 as in gnome-continuous,
we get a spam of warnings:

http://build.gnome.org/continuous/buildmaster/builds/2013/11/30/25/build/warnings-systemd.txt

And the goal of the patch is to quiet those with older gcc versions.

(I briefly investigated the memset one but couldn't find it...)


___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 7/7] run: Support KillMode via --kill-mode=... flag

2013-12-01 Thread Hristo Venev 
---
 src/run/run.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/run/run.c b/src/run/run.c
index 537b725..c5c5c77 100644
--- a/src/run/run.c
+++ b/src/run/run.c
@@ -35,6 +35,7 @@ static bool arg_remain_after_exit = false;
 static const char *arg_unit = NULL;
 static const char *arg_description = NULL;
 static const char *arg_slice = NULL;
+static const char *arg_kill_mode = NULL;
 static bool arg_send_sighup = false;
 static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
 static char *arg_host = NULL;
@@ -55,7 +56,8 @@ static int help(void) {
" --description=TEXT   Description for unit\n"
" --slice=SLICERun in the specified slice\n"
"  -r --remain-after-exit  Leave service around until 
explicitly stopped\n"
-   " --send-sighupSend SIGHUP when terminating\n",
+   " --send-sighupSend SIGHUP when terminating\n"
+   " --kill-mode=KillMode Specify KillMode of service\n",
program_invocation_short_name);
 
 return 0;
@@ -73,6 +75,7 @@ static int parse_argv(int argc, char *argv[]) {
 ARG_DESCRIPTION,
 ARG_SLICE,
 ARG_SEND_SIGHUP,
+ARG_KILL_MODE
 };
 
 static const struct option options[] = {
@@ -89,6 +92,7 @@ static int parse_argv(int argc, char *argv[]) {
 { "send-sighup",   no_argument,   NULL, 
ARG_SEND_SIGHUP },
 { "host",  required_argument, NULL, 'H'
 },
 { "machine",   required_argument, NULL, 'M'
 },
+{ "kill-mode", required_argument, NULL, ARG_KILL_MODE  
 },
 {},
 };
 
@@ -141,6 +145,10 @@ static int parse_argv(int argc, char *argv[]) {
 arg_send_sighup = true;
 break;
 
+case ARG_KILL_MODE:
+arg_kill_mode = optarg;
+break;
+
 case 'r':
 arg_remain_after_exit = true;
 break;
@@ -276,6 +284,12 @@ static int start_transient_service(
 if (r < 0)
 return r;
 
+if (arg_kill_mode ) {
+r = sd_bus_message_append(m, "(sv)", "KillMode", "s", 
arg_kill_mode);
+if (r < 0)
+return r;
+}
+
 r = sd_bus_message_open_container(m, 'r', "sv");
 if (r < 0)
 return r;
-- 
1.8.4.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 3/7] Preparations for session mode

2013-12-01 Thread Hristo Venev 
Replace the conditions of some ifs that make no difference now but are
the correct behavior if session mode is added
---
 src/core/dbus.c   | 2 +-
 src/core/main.c   | 4 ++--
 src/core/manager.c| 2 +-
 src/core/service.c| 2 +-
 src/core/unit.c   | 2 +-
 src/shared/path-lookup.c  | 2 +-
 src/systemctl/systemctl.c | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/core/dbus.c b/src/core/dbus.c
index 7d7c6cb..ef9a64b 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -969,7 +969,7 @@ static int bus_init_private(Manager *m) {
 
 strcpy(sa.un.sun_path, "/run/systemd/private");
 salen = offsetof(union sockaddr_union, un.sun_path) + 
sizeof("/run/systemd/private") - 1;
-} else {
+} else if (m->running_as == SYSTEMD_USER) {
 size_t left = sizeof(sa.un.sun_path);
 char *p = sa.un.sun_path;
 const char *e;
diff --git a/src/core/main.c b/src/core/main.c
index 6c3d9bf..ce5b64c 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1392,7 +1392,7 @@ int main(int argc, char *argv[]) {
 goto finish;
 }
 
-if (arg_running_as == SYSTEMD_USER &&
+if (arg_running_as != SYSTEMD_SYSTEM &&
 arg_action == ACTION_RUN &&
 sd_booted() <= 0) {
 log_error("Trying to run as user instance, but the system has 
not been booted with systemd.");
@@ -1519,7 +1519,7 @@ int main(int argc, char *argv[]) {
 }
 }
 
-if (arg_running_as == SYSTEMD_USER) {
+if (arg_running_as != SYSTEMD_SYSTEM) {
 /* Become reaper of our children */
 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) {
 log_warning("Failed to make us a subreaper: %m");
diff --git a/src/core/manager.c b/src/core/manager.c
index badf19e..ada62d0 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1597,7 +1597,7 @@ static int manager_dispatch_signal_fd(sd_event_source 
*source, int fd, uint32_t
 break;
 
 case 24:
-if (m->running_as == SYSTEMD_USER) {
+if (m->running_as != SYSTEMD_SYSTEM) {
 m->exit_code = MANAGER_EXIT;
 return 0;
 }
diff --git a/src/core/service.c b/src/core/service.c
index fcfeda7..76de567 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1145,7 +1145,7 @@ static int service_add_default_dependencies(Service *s) {
 if (r < 0)
 return r;
 
-} else if (UNIT(s)->manager->running_as == SYSTEMD_USER) {
+} else {
 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, 
UNIT_REQUIRES,
   SPECIAL_SOCKETS_TARGET, 
NULL, true);
 if (r < 0)
diff --git a/src/core/unit.c b/src/core/unit.c
index 31d5f11..69e701c 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -2653,7 +2653,7 @@ int unit_exec_context_defaults(Unit *u, ExecContext *c) {
 return -ENOMEM;
 }
 
-if (u->manager->running_as == SYSTEMD_USER &&
+if (u->manager->running_as != SYSTEMD_SYSTEM &&
 !c->working_directory) {
 
 r = get_home_dir(&c->working_directory);
diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
index 1a47ea9..be605ca 100644
--- a/src/shared/path-lookup.c
+++ b/src/shared/path-lookup.c
@@ -293,7 +293,7 @@ int lookup_paths_init(
 if (!p->unit_path)
 return -ENOMEM;
 
-} else {
+} else if (running_as == SYSTEMD_SYSTEM) {
 p->unit_path = strv_new(
 /* If you modify this you also want to 
modify
  * systemdsystemunitpath= in 
systemd.pc.in! */
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index a6f95d6..edc3cb6 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -6155,7 +6155,7 @@ int main(int argc, char*argv[]) {
 }
 
 if (!avoid_bus())
-r = bus_open_transport_systemd(arg_transport, arg_host, 
arg_scope != UNIT_FILE_SYSTEM, &bus);
+r = bus_open_transport_systemd(arg_transport, arg_host, 
arg_as, &bus);
 
 /* systemctl_main() will print an error message for the bus
  * connection, but only if it needs to */
-- 
1.8.4.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 4/7] Session mode

2013-12-01 Thread Hristo Venev 
systemctl --session restart gnome-settings-daemon
Add a new environment variable:
XDG_SESSION_DIR=/run/session/$XDG_SESSION_ID

The session instance runs in session-*.scope and is started as a normal
process inside a session. The socket is stored in
$XDG_SESSION_DIR/systemd/private

It would be a good idea to implement DBus activation for most present
user services like the 47 I have in /usr/share/dbus-1/services. My
xsession also puts the DBus socket in $XDG_SESSION_DIR/dbus/session_bus_socket.
Good enough to become default? That's another patch series.
---
 Makefile.am   |  33 +
 src/core/dbus.c   |  17 +++
 src/core/main.c   |  18 ++-
 src/core/service.c|   1 +
 src/core/unit-printf.c|  56 +
 src/core/unit.c   |  24 
 src/libsystemd-bus/bus-util.c |  46 +++
 src/libsystemd-bus/bus-util.h |   1 +
 src/libsystemd-bus/sd-bus.c   |  55 +
 src/login/logind-dbus.c   |   5 +-
 src/login/logind-session-dbus.c   |   6 +-
 src/login/logind-session.c|  36 +-
 src/login/logind-session.h|   1 +
 src/login/pam-module.c|  11 +-
 src/run/run.c |   7 ++
 src/shared/install.c  |  32 -
 src/shared/install.h  |   2 +
 src/shared/path-lookup.c  | 225 +-
 src/shared/path-lookup.h  |   2 +
 src/systemctl/systemctl.c |  14 +++
 src/systemd/sd-bus.h  |   2 +
 units/session/.gitignore  |   1 +
 units/session/Makefile|   1 +
 units/session/default.target  |  11 ++
 units/session/exit.target |  17 +++
 units/session/systemd-exit.service.in |  17 +++
 26 files changed, 629 insertions(+), 12 deletions(-)
 create mode 100644 units/session/.gitignore
 create mode 12 units/session/Makefile
 create mode 100644 units/session/default.target
 create mode 100644 units/session/exit.target
 create mode 100644 units/session/systemd-exit.service.in

diff --git a/Makefile.am b/Makefile.am
index 7a45029..985a7f7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -84,6 +84,7 @@ catalogstatedir=$(systemdstatedir)/catalog
 # Our own, non-special dirs
 pkgsysconfdir=$(sysconfdir)/systemd
 userunitdir=$(prefix)/lib/systemd/user
+sessionunitdir=$(prefix)/lib/systemd/session
 userpresetdir=$(prefix)/lib/systemd/user-preset
 tmpfilesdir=$(prefix)/lib/tmpfiles.d
 sysctldir=$(prefix)/lib/sysctl.d
@@ -91,6 +92,7 @@ networkdir=$(prefix)/lib/systemd/network
 pkgincludedir=$(includedir)/systemd
 systemgeneratordir=$(rootlibexecdir)/system-generators
 usergeneratordir=$(prefix)/lib/systemd/user-generators
+sessiongeneratordir=$(prefix)/lib/systemd/session-generators
 systemshutdowndir=$(rootlibexecdir)/system-shutdown
 systemsleepdir=$(rootlibexecdir)/system-sleep
 systemunitdir=$(rootprefix)/lib/systemd/system
@@ -154,6 +156,8 @@ AM_CPPFLAGS = \
-DSYSTEM_SYSVRCND_PATH=\"$(SYSTEM_SYSVRCND_PATH)\" \
-DUSER_CONFIG_UNIT_PATH=\"$(pkgsysconfdir)/user\" \
-DUSER_DATA_UNIT_PATH=\"$(userunitdir)\" \
+   -DSESSION_CONFIG_UNIT_PATH=\"$(pkgsysconfdir)/session\" \
+   -DSESSION_DATA_UNIT_PATH=\"$(sessionunitdir)\" \
-DCATALOG_DATABASE=\"$(catalogstatedir)/database\" \
-DSYSTEMD_CGROUP_AGENT_PATH=\"$(rootlibexecdir)/systemd-cgroups-agent\" 
\
-DSYSTEMD_BINARY_PATH=\"$(rootlibexecdir)/systemd\" \
@@ -168,6 +172,7 @@ AM_CPPFLAGS = \
-DSYSTEMD_CRYPTSETUP_PATH=\"$(rootlibexecdir)/systemd-cryptsetup\" \
-DSYSTEM_GENERATOR_PATH=\"$(systemgeneratordir)\" \
-DUSER_GENERATOR_PATH=\"$(usergeneratordir)\" \
+   -DSESSION_GENERATOR_PATH=\"$(sessiongeneratordir)\" \
-DSYSTEM_SHUTDOWN_PATH=\"$(systemshutdowndir)\" \
-DSYSTEM_SLEEP_PATH=\"$(systemsleepdir)\" \
-DSYSTEMD_KBD_MODEL_MAP=\"$(pkgdatadir)/kbd-model-map\" \
@@ -223,6 +228,7 @@ TIMERS_TARGET_WANTS =
 
 SYSTEM_UNIT_ALIASES =
 USER_UNIT_ALIASES =
+SESSION_UNIT_ALIASES =
 
 GENERAL_ALIASES =
 
@@ -257,6 +263,8 @@ install-aliases-hook:
dir=$(systemunitdir) && $(install-aliases)
set -- $(USER_UNIT_ALIASES) && \
dir=$(userunitdir) && $(install-aliases)
+   set -- $(SESSION_UNIT_ALIASES) && \
+   dir=$(sessionunitdir) && $(install-aliases)
set -- $(GENERAL_ALIASES) && \
dir= && $(install-aliases)
 
@@ -460,9 +468,16 @@ dist_userunit_DATA = \
units/user/default.target \
units/user/exit.target
 
+dist_sessionunit_DATA = \
+   units/session/default.target \
+   units/session/exit.target
+
 nodist_userunit_DATA = \
units/user/systemd-exit.service
 
+nodist_sessionunit_DATA = \
+   units/session/systemd-exit.service
+
 EXTRA_DIST += \
units/getty@.service.m4 \
units/serial-getty@.service

[systemd-devel] [PATCH 6/7] Better paths for transient user/session units

2013-12-01 Thread Hristo Venev 
---
 src/core/unit.c  | 14 ++
 src/shared/path-lookup.c | 34 ++
 src/shared/path-lookup.h |  2 ++
 3 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/src/core/unit.c b/src/core/unit.c
index c963870..029f7ee 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -2727,7 +2727,10 @@ static int drop_in_file(Unit *u, UnitSetPropertiesMode 
mode, const char *name, c
 if (u->manager->running_as == SYSTEMD_USER) {
 _cleanup_free_ char *c = NULL;
 
-r = user_config_home(&c);
+if (mode & UNIT_PERSISTENT)
+r = user_config_home(&c);
+else
+r = user_path_transient(&c);
 if (r < 0)
 return r;
 if (r == 0)
@@ -2737,7 +2740,10 @@ static int drop_in_file(Unit *u, UnitSetPropertiesMode 
mode, const char *name, c
 } else if (u->manager->running_as == SYSTEMD_SESSION) {
 _cleanup_free_ char *c = NULL;
 
-r = session_config_home(&c);
+if (mode & UNIT_PERSISTENT)
+r = session_config_home(&c);
+else
+r = session_path_transient(&c);
 if (r < 0)
 return r;
 if (r == 0)
@@ -2882,7 +2888,7 @@ int unit_make_transient(Unit *u) {
 if (u->manager->running_as == SYSTEMD_USER) {
 _cleanup_free_ char *c = NULL;
 
-r = user_config_home(&c);
+r = user_path_transient(&c);
 if (r < 0)
 return r;
 if (r == 0)
@@ -2896,7 +2902,7 @@ int unit_make_transient(Unit *u) {
 } else if (u->manager->running_as == SYSTEMD_SESSION) {
 _cleanup_free_ char *c = NULL;
 
-r = session_config_home(&c);
+r = session_path_transient(&c);
 if (r < 0)
 return r;
 if (r == 0)
diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
index 58b1315..e7c9c7d 100644
--- a/src/shared/path-lookup.c
+++ b/src/shared/path-lookup.c
@@ -69,6 +69,23 @@ int user_config_home(char **config_home) {
 return 0;
 }
 
+int user_path_transient(char **path) {
+const char *e;
+char *r;
+
+e = getenv("XDG_RUNTIME_DIR");
+if (!e) {
+return 0;
+}
+r = strappend(e, "/systemd/user");
+if (!r)
+return -ENOMEM;
+
+*path = r;
+
+return 1;
+}
+
 int session_config_home(char **config_home) {
 const char *e;
 char *r;
@@ -98,6 +115,23 @@ int session_config_home(char **config_home) {
 return 0;
 }
 
+int session_path_transient(char **path) {
+const char *e;
+char *r;
+
+e = getenv("XDG_SESSION_DIR");
+if (!e) {
+return 0;
+}
+r = strappend(e, "/systemd/session");
+if (!r)
+return -ENOMEM;
+
+*path = r;
+
+return 1;
+}
+
 static char** user_dirs(
 const char *generator,
 const char *generator_early,
diff --git a/src/shared/path-lookup.h b/src/shared/path-lookup.h
index b1341aa..3d95fe2 100644
--- a/src/shared/path-lookup.h
+++ b/src/shared/path-lookup.h
@@ -43,7 +43,9 @@ const char* systemd_running_as_to_string(SystemdRunningAs i) 
_const_;
 SystemdRunningAs systemd_running_as_from_string(const char *s) _pure_;
 
 int user_config_home(char **config_home);
+int user_path_transient(char **path);
 int session_config_home(char **config_home);
+int session_path_transient(char **path);
 
 int lookup_paths_init(LookupPaths *p, SystemdRunningAs running_as, bool 
personal, const char *generator, const char *generator_early, const char 
*generator_late);
 void lookup_paths_free(LookupPaths *p);
-- 
1.8.4.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd session mode

2013-12-01 Thread Hristo Venev 
I've implemented session mode for systemd. I am currently using it and it works
pretty okay. I just had to generate D-Bus user services for D-Bus activation to
work.

A new variable, XDG_SESSION_DIR, has been added. It defaults to
/run/session/$XDG_SESSION_ID and is to be used for session-specific files as it
is `rm -rf`-ed on logout. There, in ./systemd/private, the systemd socket is
stored. Also, my implementation of session units stores the D-Bus socket in
./dbus/session_bus_socket.

Sorry if I am sending this for the third time but I can't see it in the mailing
list.

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 5/7] Move generator directories to XDG_{RUNTIME, SESSION}_DIR

2013-12-01 Thread Hristo Venev 
More predictable names, easier to find if debugging, deleted on
session/user termination
---
 src/core/manager.c | 35 ---
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/src/core/manager.c b/src/core/manager.c
index ada62d0..617fc9f 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2436,7 +2436,7 @@ void manager_check_finished(Manager *m) {
 }
 
 static int create_generator_dir(Manager *m, char **generator, const char 
*name) {
-char *p;
+char *p, *e;
 int r;
 
 assert(m);
@@ -2459,16 +2459,37 @@ static int create_generator_dir(Manager *m, char 
**generator, const char *name)
 free(p);
 return r;
 }
-} else {
-p = strjoin("/tmp/systemd-", name, ".XX", NULL);
+} else if (m->running_as == SYSTEMD_USER) {
+e = secure_getenv("XDG_RUNTIME_DIR");
+if (!e)
+return -ENOENT;
+
+p = strjoin(e, "/systemd/", name, NULL);
 if (!p)
 return log_oom();
 
-if (!mkdtemp(p)) {
-log_error("Failed to create generator directory %s: 
%m",
-  p);
+r = mkdir_p_label(p, 0755);
+if (r < 0) {
+log_error("Failed to create generator directory %s: 
%s",
+  p, strerror(-r));
 free(p);
-return -errno;
+return r;
+}
+} else if (m->running_as == SYSTEMD_SESSION) {
+e = secure_getenv("XDG_SESSION_DIR");
+if (!e)
+return -ENOENT;
+
+p = strjoin(e, "/systemd/", name, NULL);
+if (!p)
+return log_oom();
+
+r = mkdir_p_label(p, 0755);
+if (r < 0) {
+log_error("Failed to create generator directory %s: 
%s",
+  p, strerror(-r));
+free(p);
+return r;
 }
 }
 
-- 
1.8.4.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 2/7] Give the user permissions to their session's cgroup

2013-12-01 Thread Hristo Venev 
User is given permissions to their user@*.service cgroup so that user mode
systemd can run. session-*.scope cgroup permissions are required for
session mode.
---
 src/core/dbus-scope.c  |  6 ++
 src/core/scope.c   | 16 
 src/core/scope.h   |  2 ++
 src/login/logind-dbus.c|  5 +
 src/login/logind-session.c |  2 +-
 src/login/logind.h |  2 +-
 6 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c
index 13ff49d..fd110e7 100644
--- a/src/core/dbus-scope.c
+++ b/src/core/dbus-scope.c
@@ -106,6 +106,12 @@ static int bus_scope_set_transient_property(
 }
 
 return 1;
+} else if (streq(name, "ChownCgroup")) {
+r = sd_bus_message_read(message, "(uu)", &s->chown_cgroup_uid, 
&s->chown_cgroup_gid);
+if (r < 0)
+return r;
+
+return 1;
 }
 
 return 0;
diff --git a/src/core/scope.c b/src/core/scope.c
index a3c9479..870ea59 100644
--- a/src/core/scope.c
+++ b/src/core/scope.c
@@ -55,6 +55,9 @@ static void scope_init(Unit *u) {
 
 UNIT(s)->ignore_on_isolate = true;
 UNIT(s)->ignore_on_snapshot = true;
+
+s->chown_cgroup_uid = getuid();
+s->chown_cgroup_gid = getgid();
 }
 
 static void scope_done(Unit *u) {
@@ -274,6 +277,19 @@ static int scope_start(Unit *u) {
 return r;
 }
 
+if (s->chown_cgroup_uid != getuid() || s->chown_cgroup_gid != 
getgid()) {
+r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, 
u->cgroup_path, 0644, s->chown_cgroup_uid, s->chown_cgroup_gid);
+if (r < 0) {
+return r;
+}
+
+
+r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, 
u->cgroup_path, 0755, s->chown_cgroup_uid, s->chown_cgroup_gid);
+if (r < 0) {
+return r;
+}
+}
+
 r = cg_attach_many_everywhere(u->manager->cgroup_supported, 
u->cgroup_path, s->pids);
 if (r < 0)
 return r;
diff --git a/src/core/scope.h b/src/core/scope.h
index 4d8a171..199bf29 100644
--- a/src/core/scope.h
+++ b/src/core/scope.h
@@ -57,6 +57,8 @@ struct Scope {
 
 Set *pids;
 
+uint32_t chown_cgroup_uid, chown_cgroup_gid;
+
 sd_event_source *timer_event_source;
 };
 
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 0461d18..c3518f6 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -2181,6 +2181,7 @@ int manager_start_scope(
 const char *description,
 const char *after,
 const char *kill_mode,
+User *u,
 sd_bus_error *error,
 char **job) {
 
@@ -2252,6 +2253,10 @@ int manager_start_scope(
 if (r < 0)
 return r;
 
+r = sd_bus_message_append(m, "(sv)", "ChownCgroup", "(uu)", u->uid, 
u->gid);
+if (r < 0)
+return r;
+
 r = sd_bus_message_close_container(m);
 if (r < 0)
 return r;
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index beaa601..66292ef 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -533,7 +533,7 @@ static int session_start_scope(Session *s) {
 
 kill_mode = manager_shall_kill(s->manager, s->user->name) ? 
"control-group" : "none";
 
-r = manager_start_scope(s->manager, scope, s->leader, 
s->user->slice, description, "systemd-user-sessions.service", kill_mode, 
&error, &job);
+r = manager_start_scope(s->manager, scope, s->leader, 
s->user->slice, description, "systemd-user-sessions.service", kill_mode, 
s->user, &error, &job);
 if (r < 0) {
 log_error("Failed to start session scope %s: %s %s",
   scope, bus_error_message(&error, r), 
error.name);
diff --git a/src/login/logind.h b/src/login/logind.h
index b84137c..cd267ff 100644
--- a/src/login/logind.h
+++ b/src/login/logind.h
@@ -162,7 +162,7 @@ int manager_send_changed(Manager *manager, const char 
*property, ...) _sentinel_
 
 int manager_dispatch_delayed(Manager *manager);
 
-int manager_start_scope(Manager *manager, const char *scope, pid_t pid, const 
char *slice, const char *description, const char *after, const char *kill_mode, 
sd_bus_error *error, char **job);
+int manager_start_scope(Manager *manager, const char *scope, pid_t pid, const 
char *slice, const char *description, const char *after, const char *kill_mode, 
User *u, sd_bus_error *error, char **job);
 int manager_start_unit(Manager *manager, const char *unit, sd_bus_error 
*error, char **job);
 int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, 
char **job);
 int manager_kill_unit(Manager *manager, const char *unit, KillWho who, i

[systemd-devel] [PATCH 1/7] bus_open_transport: use SystemdRunningAs instead of bool

2013-12-01 Thread Hristo Venev 
SYSTEMD_USER/SYSTEMD_SYSTEM is far more clear than true/false
---
 src/analyze/analyze.c |  8 
 src/hostname/hostnamectl.c|  2 +-
 src/libsystemd-bus/bus-util.c | 39 ---
 src/libsystemd-bus/bus-util.h |  5 +++--
 src/libsystemd-bus/busctl.c   |  8 
 src/locale/localectl.c|  2 +-
 src/login/loginctl.c  |  2 +-
 src/machine/machinectl.c  |  2 +-
 src/run/run.c | 10 +-
 src/systemctl/systemctl.c |  4 
 src/timedate/timedatectl.c|  2 +-
 11 files changed, 49 insertions(+), 35 deletions(-)

diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index eb85276..3ffd85d 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -73,7 +73,7 @@ static usec_t arg_fuzz = 0;
 static bool arg_no_pager = false;
 static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
 static char *arg_host = NULL;
-static bool arg_user = false;
+static bool arg_as = SYSTEMD_SYSTEM;
 
 struct boot_times {
 usec_t firmware_time;
@@ -1200,11 +1200,11 @@ static int parse_argv(int argc, char *argv[]) {
 return 0;
 
 case ARG_USER:
-arg_user = true;
+arg_as = SYSTEMD_USER;
 break;
 
 case ARG_SYSTEM:
-arg_user = false;
+arg_as = SYSTEMD_SYSTEM;
 break;
 
 case ARG_ORDER:
@@ -1271,7 +1271,7 @@ int main(int argc, char *argv[]) {
 if (r <= 0)
 goto finish;
 
-r = bus_open_transport(arg_transport, arg_host, arg_user, &bus);
+r = bus_open_transport(arg_transport, arg_host, arg_as, &bus);
 if (r < 0) {
 log_error("Failed to create bus connection: %s", strerror(-r));
 goto finish;
diff --git a/src/hostname/hostnamectl.c b/src/hostname/hostnamectl.c
index 3e51778..569b253 100644
--- a/src/hostname/hostnamectl.c
+++ b/src/hostname/hostnamectl.c
@@ -476,7 +476,7 @@ int main(int argc, char *argv[]) {
 if (r <= 0)
 goto finish;
 
-r = bus_open_transport(arg_transport, arg_host, false, &bus);
+r = bus_open_transport(arg_transport, arg_host, SYSTEMD_SYSTEM, &bus);
 if (r < 0) {
 log_error("Failed to create bus connection: %s", strerror(-r));
 goto finish;
diff --git a/src/libsystemd-bus/bus-util.c b/src/libsystemd-bus/bus-util.c
index 5069aaa..9459e6f 100644
--- a/src/libsystemd-bus/bus-util.c
+++ b/src/libsystemd-bus/bus-util.c
@@ -953,7 +953,7 @@ int bus_map_all_properties(sd_bus *bus,
 return r;
 }
 
-int bus_open_transport(BusTransport transport, const char *host, bool user, 
sd_bus **bus) {
+int bus_open_transport(BusTransport transport, const char *host, 
SystemdRunningAs running_as, sd_bus **bus) {
 int r;
 
 assert(transport >= 0);
@@ -961,18 +961,22 @@ int bus_open_transport(BusTransport transport, const char 
*host, bool user, sd_b
 assert(bus);
 
 assert_return((transport == BUS_TRANSPORT_LOCAL) == !host, -EINVAL);
-assert_return(transport == BUS_TRANSPORT_LOCAL || !user, -ENOTSUP);
+assert_return(transport == BUS_TRANSPORT_LOCAL || running_as == 
SYSTEMD_SYSTEM, -ENOTSUP);
 
 switch (transport) {
 
 case BUS_TRANSPORT_LOCAL:
-if (user)
-r = sd_bus_default_user(bus);
-else
-r = sd_bus_default_system(bus);
-
+switch (running_as) {
+case SYSTEMD_SYSTEM:
+r = sd_bus_default_system(bus);
+break;
+case SYSTEMD_USER:
+r = sd_bus_default_user(bus);
+break;
+default:
+assert_not_reached("Unknown running_as.");
+}
 break;
-
 case BUS_TRANSPORT_REMOTE:
 r = sd_bus_open_system_remote(host, bus);
 break;
@@ -988,7 +992,7 @@ int bus_open_transport(BusTransport transport, const char 
*host, bool user, sd_b
 return r;
 }
 
-int bus_open_transport_systemd(BusTransport transport, const char *host, bool 
user, sd_bus **bus) {
+int bus_open_transport_systemd(BusTransport transport, const char *host, 
SystemdRunningAs running_as, sd_bus **bus) {
 int r;
 
 assert(transport >= 0);
@@ -996,16 +1000,21 @@ int bus_open_transport_systemd(BusTransport transport, 
const char *host, bool us
 assert(bus);
 
 assert_return((transport == BUS_TRANSPORT_LOCAL) == !host, -EINVAL);
-assert_return(transport == BUS_TRANSPORT_LOCAL || !user, -ENOTSUP);
+assert_return(transport == BUS_TRANSPORT_LOCAL || running_as == 
SYSTEMD_SYSTEM, -ENOTSUP);
 
 switc

Re: [systemd-devel] script assigned via Unit's ExecStartPre= only partially executes, fails to complete ?

2013-12-01 Thread jen142 
> There is no reason to lose valuable debugging information. All output
> is collected by systemd and is available via journal. Hiding it makes
> really no sense.
...
> Show quoted textThis is not a shell, and you cannot reference $PATH like 
> this. Full
> content of the variable has to included instead.

I fixed both of those.

Now,

cat /etc/systemd/system/openvpn.service 
[Unit]
Description=OpenVPN Server
After=syslog.target network.target
Before=openvpn.target

[Service]
Type=forking
PrivateTmp=true
PIDFile=/var/run/openvpn/openvpn.pid

Environment=PATH="/usr/local/openvpn-unpriv:/usr/local/scripts:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
ExecStartPre=/usr/local/etc/openvpn/up.script
ExecStart=/usr/local/sbin/openvpn --daemon --writepid
/var/run/openvpn/openvpn.pid --cd
/usr/local/etc/openvpn/ --config server.conf
ExecStopPost=/usr/local/etc/openvpn/down.script

[Install]
WantedBy=multi-user.target

and

cat /usr/local/etc/openvpn/up.script
#!/bin/sh
/usr/local/sbin/openvpn --rmtun --dev tun1
/usr/local/sbin/openvpn --mktun --dev tun1 --dev-type
tun --user openvpn --group openvpn
/usr/sbin/iptables -v -I FORWARD -i eth0 -o tun1 -j
ACCEPT
/usr/sbin/iptables -v -I FORWARD -i tun1 -o eth0 -j
ACCEPT

, adding the "-v" verbose flag to iptables

> Use "journalctl -u openvpn.service", this will show *all* output
> associated with your unit start/stop.

The output from 'journalctl -u openvpn.service' was helpful.  Thanks for
the pointer!

A colleague pointed out permissions problems for iptables & insmod, and
suggested a solution

Adding 

Defaults:openvpn !requiretty
openvpn ALL=(ALL) NOPASSWD: /usr/sbin/iptables
openvpn ALL=(ALL) NOPASSWD: /usr/sbin/ip6tables
openvpn ALL=(ALL) NOPASSWD: /sbin/insmod

to

/etc/sudoers.d/openvpn

seems to do the trick.

Now, after boot,

journalctl -u openvpn.service

...
Dec 01 09:44:45 test systemd[4461]: Executing:
/usr/local/etc/openvpn/up.script
Dec 01 09:44:46 test up.script[4461]: Sun Dec  1
09:44:46 2013 TUN/TAP device tun1 opened
Dec 01 09:44:46 test up.script[4461]: Sun Dec  1
09:44:46 2013 Persist state set to: OFF
Dec 01 09:44:46 test up.script[4461]: Sun Dec  1
09:44:46 2013 TUN/TAP device tun1 opened
Dec 01 09:44:46 test up.script[4461]: Sun Dec  1
09:44:46 2013 Persist state set to: ON
Dec 01 09:44:46 test up.script[4461]: ACCEPT  all opt --
in eth0 out tun1  0.0.0.0/0  -> 0.0.0.0/0
Dec 01 09:44:46 test up.script[4461]: ACCEPT  all opt --
in tun1 out eth0  0.0.0.0/0  -> 0.0.0.0/0
Dec 01 09:44:46 test systemd[4489]: Executing:
/usr/local/sbin/openvpn --daemon --writepid
/var/run/openvpn/openvpn.pid --cd
/usr/local/etc/openvpn/ --config server.conf
Dec 01 09:44:47 test sudo[4504]: root : TTY=unknown ;
PWD=/usr/local/etc/openvpn ; USER=root ;
COMMAND=/sbin/ip link set dev tun1 up mtu 1500
Dec 01 09:44:47 test sudo[4530]: root : TTY=unknown ;
PWD=/usr/local/etc/openvpn ; USER=root ;
COMMAND=/sbin/ip addr add dev tun1 local 10.1.1.1 peer
10.1.1.2
Dec 01 09:44:47 test sudo[4552]: root : TTY=unknown ;
PWD=/usr/local/etc/openvpn ; USER=root ;
COMMAND=/sbin/ip route add 10.1.1.0/24 via 10.1.1.2

there's no more permission errors, and it appears iptables execs, now.

checking,

iptables -L -v -n | grep tun
0 0 ACCEPT all  --  tun1   eth00.0.0.0/0
   0.0.0.0/0   
0 0 ACCEPT all  --  eth0   tun10.0.0.0/0
   0.0.0.0/0  

it's clearly been exec'd.

iptables & insmod needing root perms via sudoers I _suspect_ has to do
with openvpn being chroot'd, with user:group == openvpn:openvpn.

I don't know is there's a systemd-specific method of granting those
permissions correctly, without using sudoers.

The "-v" flag to iptables is required in the unit's referenced
ExecStartPre= script -- without it, there's NO trace of iptables
exec'ing in the journalctl output.

JenL
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC] logind: introduce session "positions"

2013-12-01 Thread Shawn Landden 
On Sun, Dec 1, 2013 at 3:43 AM, David Herrmann  wrote:
> logind has no concept of session ordering. Sessions have a unique name,
> some attributes about the capabilities and that's already it. There is
> currently no stable+total order on sessions. If we use the logind API to
> switch between sessions, we are faced with an unordered list of sessions
> we have no clue of.
>
> This used to be no problem on seats with VTs or on seats with only a
> single active session. However, with the introduction of multi-session
> capability for seats without VTs, we need to find a way to order sessions
> in a stable way.
>
> This patch introduces session "positions". A position is a simple integer
> assigned to a session which is never changed implicitly (currently, we
> also don't change it explicitly, but that may be changed someday). For
> seats with VTs, we force the position to be the same as the VTnr. Without
> VTs, we simply find the lowest unassigned number and use it as position.
> If position-assignment fails or if, for any reason, we decide to not
> assign a position to a session, the position is set to 0 (which is treated
> as invalid position).
> During session_load() or if two sessions have the same VTnr, we may end up
> with two sessions with the same position (this shouldn't happen, but lets
> be fail-safe in case some other part of the stack fails). This case is
> dealt with gracefully by ignoring any session but the first session
> assigned to the position. Thus, session->pos is a hint, seat->positions[i]
> is the definite position-assignment. Always verify both match in case you
> need to modify them!
>
> Additionally, we introduce SwitchTo(unsigned int) on the seat-dbus-API.
> You can call it with any integer value != 0 and logind will try to switch
> to the request position. If you implement a compositor or any other
> session-controller, you simply watch for ctrl+alt+F1 to F12 and call
> SwitchTo(Fx). logind will figure a way out deal with this number.
> For convenience, we also introduce SwitchToNext/Previous(). It should be
> called on ctrl+alt+Left/Right (like the kernel-console used to support).
This has some conflict with workspaces, but not in gnome-shell (w/o
gnome-tweak-tool)
as there workspaces are all vertical. I personally like the idea.
>
> Note that the public API (SwitchTo*()) is *not* bound to the underlying
> logic that is implemented now. We don't export "session-positions" on the
> dbus/C API! They are an implementation detail. Instead, the SwitchTo*()
> API is supposed to be a hint to let logind choose the session-switching
> logic. Any foreground session-controller is free to enumerate/order
> existing sessions according to their needs and call Session.Activate()
> manually. But the SwitchTo*() API provides a uniform behavior across
> session-controllers.
>
> Background: Session-switching keys depend on the active keymap. The XKB
> specification provides the XKB_KEY_XF86Switch_VT_1-12 key-symbols which
> have to be mapped by all keymaps to allow session-switching. It is usually
> bound to ctrl+alt+Fx but may be set differently. A compositor passes any
> keyboard input to XKB before passing it to clients. In case a key-press
> invokes the XKB_KEY_XF86Switch_VT_x action, the keypress is *not*
> forwarded to clients, but instead a session-switch is scheduled.
>
> This actually prevents us from handling these keys outside of the session.
> If an active compositor has a keymap with a different mapping of these
> keys, and logind itself tries to catch these combinations, we end up with
> the key-press sent to the compositor's clients *and* handled by logind.
> This is *bad* and we must avoid this. The only situation where a
> background process is allowed to handle key-presses is debugging and
> emergency-keys. In these cases, we don't care for keymap mismatches and
> accept the double-event. Another exception is unmapped keys like
> PowerOff/Suspend (even though this one is controversial).
>
> Future ideas: As this commit-msg isn't long enough, yet, some notes on
> future ideas. The current position-assignment is compatible with the
> legacy VT numbers. However, it is a rather outdated way of addressing
> sessions. Instead, we can make use of session-classes of logind. We
> already tag session with one of the classes "greeter", "user",
> "background", "lock-screen". So one of my ideas is to make
> "position-assignment" a "per-class" thing. And instead of mapping F1-F12
> directly to the positions, we map it as follows:
>  - F1: Activate the last-spawned session in the "greeter" class. Usually,
>only a single greeter should be active, but in case
>systemd-welcomed runs and gdm is spawned later, this will switch to
>gdm (actually gdm.service should stop systemd-welcomed.service but
>lets be overly pedantic here).
>  - F2: Activate the session from the "user" class which has been active
>last. So if you switch to F1 and back to F2, you're guarante

Re: [systemd-devel] Italian translation + revision proposals (wording) on english labels

2013-12-01 Thread Zbigniew Jędrzejewski-Szmek 
On Mon, Nov 25, 2013 at 11:13:35AM +0100, Daniele Medri wrote:
> Dear systemd maintainers,
> 
> I've made a pull request on github with some patches:
> 
> - Add new po/it.po (Italian translation)
> - Revision proposals (wording) on english labels
> 
> http://github.com/systemd/systemd/pull/7
Catalog and po translations are applied now, thanks. I added the necessary
bits to po/LINGUAS and Makefile.am, and also removed (c) Lennart Poettering
on the Italian translation. You wrote it, take credit and blame :)

Proposed changes to the English messages are mostly wrong, I think. Although
the replacements *sound* nicer, they are less precise. Also, it's not possible
to move .in.in to .in, since all three suffixes (.policy, .policy.in, 
.policy.in.in)
are used during build. The last is the source, the middle one has paths 
replaced,
and the first one has translations added.

Can you close the pull request, I don't think I have privileges.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] The whole su/pkexec session debate

2013-12-01 Thread David Herrmann 
Hi

>>> But in the case of screen I'm specifically asking for a new, stand alone
>>> session.
>>
>> I'd agree; but the fix would be fairly invasive for screen.  I think
>> it'd have to become setuid root, so it could request a new session.
>
> Yeah that was my fear too.
>
> Although perhaps this is just something that can be done via policy -
> e.g. perhaps screen can just ask logind to create a new session for us
> and then running some specific shell therein (i.e. a
> screen@$newsid.service) then immediately attaching to it.
>
> Perhaps this just needs something to control whether or not it's allowed
> to ask logind for a shell. This can perhaps be something controlled by
> system policy - e.g. you may be allowed but have to enter your password
> again, or you may just be allowed without further auth.
>
> I think eventually the semantics could be quite nice and could
> potentially avoid the need for setuid but I don't really know the extent
> of the needed infra here.

Screen can be fixed to call:
  pam_start(&pamh)
  pam_open_session(pamh)

and during shutdown:
  pam_close_session(pamh)
  pam_end(pamh)

This way, screen will keep an "active" reference to the session and
systemd-logind will not mark it as "closing". So the session that was
initiated by sshd will be kept open by "screen". Note that
pam_open_session() without pam_authenticate() will *not* create a new
session but only attach to the current session.

I know, people often complain that they cannot spawn new sessions from
within an existing session, but I haven't seen any compelling argument
why it's needed. Are there other use-cases I'm not aware of?

Thanks
David
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC] logind: introduce session "positions"

2013-12-01 Thread David Herrmann 
Hi

On Sun, Dec 1, 2013 at 4:13 PM, Zbigniew Jędrzejewski-Szmek
 wrote:
> On Sun, Dec 01, 2013 at 12:43:35PM +0100, David Herrmann wrote:
>> This patch introduces session "positions". A position is a simple integer
>> assigned to a session which is never changed implicitly (currently, we
>> also don't change it explicitly, but that may be changed someday). For
>> seats with VTs, we force the position to be the same as the VTnr. Without
>> VTs, we simply find the lowest unassigned number and use it as position.
>> If position-assignment fails or if, for any reason, we decide to not
>> assign a position to a session, the position is set to 0 (which is treated
>> as invalid position).
> I like the idea. Stable ordering is good when switching back and forth.
>
>> During session_load() or if two sessions have the same VTnr, we may end up
>> with two sessions with the same position (this shouldn't happen, but lets
>> be fail-safe in case some other part of the stack fails). This case is
>> dealt with gracefully by ignoring any session but the first session
>> assigned to the position. Thus, session->pos is a hint, seat->positions[i]
>> is the definite position-assignment. Always verify both match in case you
>> need to modify them!
>>
>> Additionally, we introduce SwitchTo(unsigned int) on the seat-dbus-API.
>> You can call it with any integer value != 0 and logind will try to switch
>> to the request position. If you implement a compositor or any other
>> session-controller, you simply watch for ctrl+alt+F1 to F12 and call
>> SwitchTo(Fx). logind will figure a way out deal with this number.
>> For convenience, we also introduce SwitchToNext/Previous(). It should be
>> called on ctrl+alt+Left/Right (like the kernel-console used to support).
> Is this necessary? If positions are known, then the compositor can ask
> which session is at this position and ask for the switch to the session.
> The advantage is that if there's no session at this position, the compositor
> can display an error immedatiely.

SwitchToNext/Previous can skip positions. So it can jump from 5 to 8
if positions 6+7 are unassigned. But see below.

>> Note that the public API (SwitchTo*()) is *not* bound to the underlying
>> logic that is implemented now. We don't export "session-positions" on the
>> dbus/C API! They are an implementation detail. Instead, the SwitchTo*()
>> API is supposed to be a hint to let logind choose the session-switching
>> logic. Any foreground session-controller is free to enumerate/order
>> existing sessions according to their needs and call Session.Activate()
>> manually. But the SwitchTo*() API provides a uniform behavior across
>> session-controllers.
> Hm, this add a lot of complexity. But below you argue that a different
> behaviour (with F1, F2 being special) might be implemented soon. And
> then one compositor would be using F3 to switch to the third session,
> and another to switch to the first user session, so there'd be no consistency
> anyway. Maybe it's better to just let compositors handle this?

I explicitly distinguish between "Sessions" and "Keys" here. So a
compositor *never* uses "SwitchTo(3)" to switch to "session #3".
Instead, SwitchTo(3) means "logind, do whatever you think should run
at position #3". And if logind decides every 3rd switch to position #3
means play RickRoll on full volume, then that's fine.

If a compositor wants to switch to an explicit session, it uses
Session.Activate(). This is what gdm or gnome would use for
"fast-user-switching". You click on some system-menu and get a list of
other active sessions which you can then switch to (or gdm displays
these sessions for you). Or you pass a user-name and gdm looks whether
there's a session with the given user-name already and switches to it.

The F1 to F12 keys are not part of that. In the current VT design,
Gnome *never* gets to see these keys. They're handled transparently
inside the xorg-server. However, without VTs, these keys are unused. A
compositor simply doesn't know what to do with them. It can no longer
call VT_ACTIVATE / chvt().

Therefore, I wanna *add* consistency by providing a central logic for
these keys. Instead of having each compositor implement them
differently, they forward the keys to logind which then has a uniform
logic to map them. The logic I propose in this patch follows the
VT-style logic. But I'm explicitly stating, that the logic is an
implementation detail. It's not exported via the bus-API. If we change
the logic later, we break consistency in systemd as we change how it
works. But we don't break consistency across sessions. And I'm not
saying we should change the logic whenever we want. I'm actually all
for a properly designed single logic that we will keep. So I proposed
two of them in this patch: The implemented sequential logic, and a
"grouping" logic as explained in the commit-msg. I'm not going to push
this patch and then later revise it. I am just trying to get some
input on how it *should* work.

Re: [systemd-devel] script assigned via Unit's ExecStartPre= only partially executes, fails to complete ?

2013-12-01 Thread Zbigniew Jędrzejewski-Szmek 
On Sun, Dec 01, 2013 at 12:10:36AM -0800, jen...@promessage.com wrote:
> I'm using an openvpn unit,
> 
>   cat openvpn.service
>   [Unit]
>   Description=OpenVPN
>   After=syslog.target network.target
>   Before=openvpn.target
> 
>   [Service]
>   PrivateTmp=true
>   Environment=PATH="/usr/local/openvpn-unpriv:$PATH"
This is not a shell, and you cannot reference $PATH like this. Full
content of the variable has to included instead.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC] logind: introduce session "positions"

2013-12-01 Thread Zbigniew Jędrzejewski-Szmek 
On Sun, Dec 01, 2013 at 12:43:35PM +0100, David Herrmann wrote:
> This patch introduces session "positions". A position is a simple integer
> assigned to a session which is never changed implicitly (currently, we
> also don't change it explicitly, but that may be changed someday). For
> seats with VTs, we force the position to be the same as the VTnr. Without
> VTs, we simply find the lowest unassigned number and use it as position.
> If position-assignment fails or if, for any reason, we decide to not
> assign a position to a session, the position is set to 0 (which is treated
> as invalid position).
I like the idea. Stable ordering is good when switching back and forth.

> During session_load() or if two sessions have the same VTnr, we may end up
> with two sessions with the same position (this shouldn't happen, but lets
> be fail-safe in case some other part of the stack fails). This case is
> dealt with gracefully by ignoring any session but the first session
> assigned to the position. Thus, session->pos is a hint, seat->positions[i]
> is the definite position-assignment. Always verify both match in case you
> need to modify them!
> 
> Additionally, we introduce SwitchTo(unsigned int) on the seat-dbus-API.
> You can call it with any integer value != 0 and logind will try to switch
> to the request position. If you implement a compositor or any other
> session-controller, you simply watch for ctrl+alt+F1 to F12 and call
> SwitchTo(Fx). logind will figure a way out deal with this number.
> For convenience, we also introduce SwitchToNext/Previous(). It should be
> called on ctrl+alt+Left/Right (like the kernel-console used to support).
Is this necessary? If positions are known, then the compositor can ask
which session is at this position and ask for the switch to the session.
The advantage is that if there's no session at this position, the compositor
can display an error immedatiely.

> Note that the public API (SwitchTo*()) is *not* bound to the underlying
> logic that is implemented now. We don't export "session-positions" on the
> dbus/C API! They are an implementation detail. Instead, the SwitchTo*()
> API is supposed to be a hint to let logind choose the session-switching
> logic. Any foreground session-controller is free to enumerate/order
> existing sessions according to their needs and call Session.Activate()
> manually. But the SwitchTo*() API provides a uniform behavior across
> session-controllers.
Hm, this add a lot of complexity. But below you argue that a different
behaviour (with F1, F2 being special) might be implemented soon. And
then one compositor would be using F3 to switch to the third session,
and another to switch to the first user session, so there'd be no consistency
anyway. Maybe it's better to just let compositors handle this?

> Background: Session-switching keys depend on the active keymap. The XKB
> specification provides the XKB_KEY_XF86Switch_VT_1-12 key-symbols which
> have to be mapped by all keymaps to allow session-switching. It is usually
> bound to ctrl+alt+Fx but may be set differently. A compositor passes any
> keyboard input to XKB before passing it to clients. In case a key-press
> invokes the XKB_KEY_XF86Switch_VT_x action, the keypress is *not*
> forwarded to clients, but instead a session-switch is scheduled.
> 
> This actually prevents us from handling these keys outside of the session.
> If an active compositor has a keymap with a different mapping of these
> keys, and logind itself tries to catch these combinations, we end up with
> the key-press sent to the compositor's clients *and* handled by logind.
> This is *bad* and we must avoid this. The only situation where a
> background process is allowed to handle key-presses is debugging and
> emergency-keys. In these cases, we don't care for keymap mismatches and
> accept the double-event. Another exception is unmapped keys like
> PowerOff/Suspend (even though this one is controversial).
> 
> Future ideas: As this commit-msg isn't long enough, yet, some notes on
> future ideas. The current position-assignment is compatible with the
> legacy VT numbers. However, it is a rather outdated way of addressing
> sessions. Instead, we can make use of session-classes of logind. We
> already tag session with one of the classes "greeter", "user",
> "background", "lock-screen". So one of my ideas is to make
> "position-assignment" a "per-class" thing. And instead of mapping F1-F12
> directly to the positions, we map it as follows:
>  - F1: Activate the last-spawned session in the "greeter" class. Usually,
>only a single greeter should be active, but in case
>systemd-welcomed runs and gdm is spawned later, this will switch to
>gdm (actually gdm.service should stop systemd-welcomed.service but
>lets be overly pedantic here).
>  - F2: Activate the session from the "user" class which has been active
>last. So if you switch to F1 and back to F2, you're guaranteed to
>get back t

Re: [systemd-devel] [RFC 05/12] gfx: add sd-gfx library with unifont section

2013-12-01 Thread David Herrmann 
Hi

On Sun, Dec 1, 2013 at 3:48 PM, Zbigniew Jędrzejewski-Szmek
 wrote:
> On Sun, Dec 01, 2013 at 03:32:14PM +0100, Zbigniew Jędrzejewski-Szmek wrote:
>> On Sun, Dec 01, 2013 at 10:05:49AM +0100, David Herrmann wrote:
>> > On Sun, Dec 1, 2013 at 6:28 AM, Zbigniew Jędrzejewski-Szmek
>> > > Also, if the font was embedded in systemd, distributions would then
>> > > remove it in order to replace is with the system version. So I think
>> > > that including the font sources is pointless... Debian has it packaged 
>> > > [1],
>> > > but an old version, I'm not sure if there have been recent updates, and
>> > > possibly in the wrong format. Fedora doesn't seem to have it yet.
>> > > But adding fonts is easy, I'd do the Fedora package myself, and other
>> > > distributions could surely add/update it.
>> >
>> > I'm fine with installing the file into the system, but I doubt we win
>> > much. It's meant as fallback for early-boot, initrd and so on. If we
>> > keep it separate, we must make sure to include it in any systems we
>> > build (initrd, containers, vms, ..). So if there's no reason beside
>> > license issues, I'd like to keep it built-in.
>> There's no reason beside license issues.
> Ooops, I was too fast here - there's also the issue of distributions
> wanting to avoid duplicated sources, whether it be source code or
> fonts or anything else.
>
> I think that there's little point to explore alternative solutions and
> wasting more time on this. I'm now pretty sure that assuming that
> unifont.hex is available as a compilation time dependency and
> transforming it and including in the systemd-gfx binary is the proper
> thing to do.

Thanks for the comments. I agree that link-time inclusion works best.
I also sent an email to the unifoundry-developers. I hope they can
give a clear statement. But the least we can do is let them know that
we're unsure.

Thanks
David
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC 05/12] gfx: add sd-gfx library with unifont section

2013-12-01 Thread Zbigniew Jędrzejewski-Szmek 
On Sun, Dec 01, 2013 at 03:32:14PM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Sun, Dec 01, 2013 at 10:05:49AM +0100, David Herrmann wrote:
> > On Sun, Dec 1, 2013 at 6:28 AM, Zbigniew Jędrzejewski-Szmek
> > > Also, if the font was embedded in systemd, distributions would then
> > > remove it in order to replace is with the system version. So I think
> > > that including the font sources is pointless... Debian has it packaged 
> > > [1],
> > > but an old version, I'm not sure if there have been recent updates, and
> > > possibly in the wrong format. Fedora doesn't seem to have it yet.
> > > But adding fonts is easy, I'd do the Fedora package myself, and other
> > > distributions could surely add/update it.
> > 
> > I'm fine with installing the file into the system, but I doubt we win
> > much. It's meant as fallback for early-boot, initrd and so on. If we
> > keep it separate, we must make sure to include it in any systems we
> > build (initrd, containers, vms, ..). So if there's no reason beside
> > license issues, I'd like to keep it built-in.
> There's no reason beside license issues.
Ooops, I was too fast here - there's also the issue of distributions
wanting to avoid duplicated sources, whether it be source code or
fonts or anything else.

I think that there's little point to explore alternative solutions and
wasting more time on this. I'm now pretty sure that assuming that
unifont.hex is available as a compilation time dependency and
transforming it and including in the systemd-gfx binary is the proper
thing to do.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC 05/12] gfx: add sd-gfx library with unifont section

2013-12-01 Thread Zbigniew Jędrzejewski-Szmek 
On Sun, Dec 01, 2013 at 10:05:49AM +0100, David Herrmann wrote:
> Hi
> 
> On Sun, Dec 1, 2013 at 6:28 AM, Zbigniew Jędrzejewski-Szmek
>  wrote:
> > On Wed, Nov 27, 2013 at 07:48:40PM +0100, David Herrmann wrote:
> >> As a first step, we add the required header+build-chain and add the
> >> font-handling. To avoid heavy font-pipelines in systemd, we only provide
> >> a statically-sized fallback-font based on GNU-Unifont.
> > Hi David,
> > I don't think that GNU-Unifont is licensed in a way that allows it to
> > be embedded in systemd. Systemd is LGPLv2+, while Unifont is GPLv2+ + 
> > FontException.
> > FontException allows embedding in "documents", so it doesn't apply.
> 
> I disagree. I'm allowed to embed GNU-Unifont in a pdf/postscript file,
> right? However, postscript is as turing-complete as x86-assembler, so
> I don't see the difference between an ELF-document and a
> postscript-document.
I don't think you can convincigly argue that either systemd-208.tar.gz
or systemd-gfx are "documents". The *intent* of the FontException is pretty
clear, and embedding in arbitrary programs is not it.

> > It would be possible have some sources which are GPLv2+ only, but I
> > think we want to avoid such complications.
> 
> It's not about sources. Assuming the font-exception doesn't apply,
> this only means all binaries linking to libsystemd-gfx are GPLv2. The
> sources stay LGPL as usual.
It is also about sources. If you include unifont.hex in the systemd tarball,
the distribution of the tarball also has to satisfy the license of unifont.hex.

> > Also, if the font was embedded in systemd, distributions would then
> > remove it in order to replace is with the system version. So I think
> > that including the font sources is pointless... Debian has it packaged [1],
> > but an old version, I'm not sure if there have been recent updates, and
> > possibly in the wrong format. Fedora doesn't seem to have it yet.
> > But adding fonts is easy, I'd do the Fedora package myself, and other
> > distributions could surely add/update it.
> 
> I'm fine with installing the file into the system, but I doubt we win
> much. It's meant as fallback for early-boot, initrd and so on. If we
> keep it separate, we must make sure to include it in any systems we
> build (initrd, containers, vms, ..). So if there's no reason beside
> license issues, I'd like to keep it built-in.
There's no reason beside license issues.

> > So if it is acceptable for systemd-gfx *binary* to be GPLv2+ licensed,
> > we could use the system unifont.hex file at build time, and actually
> > link it into the binary. I propose that we try to go this way.
> 
> That's what I currently do.
> 
> > Or we could have the package also contain the converted font in appropriate
> > format, and mmap it at runtime. But this is more complex, and doesn't 
> > actually
> > avoid the licensing issue, since the font would still be GPLv2+.
> 
> Where is the difference between build-time linking and mmap()?
> (regarding licensing)
With build-time linking the resulting binary is a derivative work of
all sources. With mmap you can replace the font file by something
different without any trouble, at least theoretically, so there's no
derivative work and no license issue.

> Also, where's the point of keeping libsystemd-gfx.so LGPL just to have
> a *mandatory* dependency which is GPL?
We can have dependencies which are GPL only, e.g. dbus. But we don't really
care if you can use systemd without GPL-only stuff. The point is to maintain
consistency between individual components and the declared LGPLv2+ license
of the systemd tarball.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] script assigned via Unit's ExecStartPre= only partially executes, fails to complete ?

2013-12-01 Thread Andrey Borzenkov 
В Sun, 01 Dec 2013 00:10:36 -0800
jen...@promessage.com пишет:

I cannot answer why iptables do not work, but general comment

> with the ExecStartPre= script,
> 
>   cat /usr/local/etc/openvpn/up.script
> 
>   #!/bin/sh
>   /usr/local/sbin/openvpn --rmtun --dev tun1 > /dev/null
>   2>&1

There is no reason to lose valuable debugging information. All output
is collected by systemd and is available via journal. Hiding it makes
really no sense.
 
>   /usr/sbin/iptables -I FORWARD -i eth0 -o tun1 -j ACCEPT
>   iptables -L -v -n | grep tun
>   0 0 ACCEPT all  --  eth0   tun10.0.0.0/0
>  0.0.0.0/0
> 
> journalctl shows the up.script launched, and the tun1 device is broight
> up,
> 
>   journalctl -xb | egrep -i "up.script|tables"

Use "journalctl -u openvpn.service", this will show *all* output
associated with your unit start/stop.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [RFC] logind: introduce session "positions"

2013-12-01 Thread David Herrmann 
logind has no concept of session ordering. Sessions have a unique name,
some attributes about the capabilities and that's already it. There is
currently no stable+total order on sessions. If we use the logind API to
switch between sessions, we are faced with an unordered list of sessions
we have no clue of.

This used to be no problem on seats with VTs or on seats with only a
single active session. However, with the introduction of multi-session
capability for seats without VTs, we need to find a way to order sessions
in a stable way.

This patch introduces session "positions". A position is a simple integer
assigned to a session which is never changed implicitly (currently, we
also don't change it explicitly, but that may be changed someday). For
seats with VTs, we force the position to be the same as the VTnr. Without
VTs, we simply find the lowest unassigned number and use it as position.
If position-assignment fails or if, for any reason, we decide to not
assign a position to a session, the position is set to 0 (which is treated
as invalid position).
During session_load() or if two sessions have the same VTnr, we may end up
with two sessions with the same position (this shouldn't happen, but lets
be fail-safe in case some other part of the stack fails). This case is
dealt with gracefully by ignoring any session but the first session
assigned to the position. Thus, session->pos is a hint, seat->positions[i]
is the definite position-assignment. Always verify both match in case you
need to modify them!

Additionally, we introduce SwitchTo(unsigned int) on the seat-dbus-API.
You can call it with any integer value != 0 and logind will try to switch
to the request position. If you implement a compositor or any other
session-controller, you simply watch for ctrl+alt+F1 to F12 and call
SwitchTo(Fx). logind will figure a way out deal with this number.
For convenience, we also introduce SwitchToNext/Previous(). It should be
called on ctrl+alt+Left/Right (like the kernel-console used to support).

Note that the public API (SwitchTo*()) is *not* bound to the underlying
logic that is implemented now. We don't export "session-positions" on the
dbus/C API! They are an implementation detail. Instead, the SwitchTo*()
API is supposed to be a hint to let logind choose the session-switching
logic. Any foreground session-controller is free to enumerate/order
existing sessions according to their needs and call Session.Activate()
manually. But the SwitchTo*() API provides a uniform behavior across
session-controllers.

Background: Session-switching keys depend on the active keymap. The XKB
specification provides the XKB_KEY_XF86Switch_VT_1-12 key-symbols which
have to be mapped by all keymaps to allow session-switching. It is usually
bound to ctrl+alt+Fx but may be set differently. A compositor passes any
keyboard input to XKB before passing it to clients. In case a key-press
invokes the XKB_KEY_XF86Switch_VT_x action, the keypress is *not*
forwarded to clients, but instead a session-switch is scheduled.

This actually prevents us from handling these keys outside of the session.
If an active compositor has a keymap with a different mapping of these
keys, and logind itself tries to catch these combinations, we end up with
the key-press sent to the compositor's clients *and* handled by logind.
This is *bad* and we must avoid this. The only situation where a
background process is allowed to handle key-presses is debugging and
emergency-keys. In these cases, we don't care for keymap mismatches and
accept the double-event. Another exception is unmapped keys like
PowerOff/Suspend (even though this one is controversial).

Future ideas: As this commit-msg isn't long enough, yet, some notes on
future ideas. The current position-assignment is compatible with the
legacy VT numbers. However, it is a rather outdated way of addressing
sessions. Instead, we can make use of session-classes of logind. We
already tag session with one of the classes "greeter", "user",
"background", "lock-screen". So one of my ideas is to make
"position-assignment" a "per-class" thing. And instead of mapping F1-F12
directly to the positions, we map it as follows:
 - F1: Activate the last-spawned session in the "greeter" class. Usually,
   only a single greeter should be active, but in case
   systemd-welcomed runs and gdm is spawned later, this will switch to
   gdm (actually gdm.service should stop systemd-welcomed.service but
   lets be overly pedantic here).
 - F2: Activate the session from the "user" class which has been active
   last. So if you switch to F1 and back to F2, you're guaranteed to
   get back to your last active user-session.
 - F3-F11: Direct mapping to "user" sessions. So F3 maps to the
   user-session with position 3, F11 to position 11 (or apply a
   "-2" offset, so F3=>1 and F11=>9..)
 - F12: Switch to the last-spawned session in the "emergency" class. This
doesn't exist, yet, but we could

Re: [systemd-devel] [RFC 11/12] gfx: add unbuilt GL test

2013-12-01 Thread David Herrmann 
Hi

On Sun, Dec 1, 2013 at 6:21 AM, Zbigniew Jędrzejewski-Szmek
 wrote:
> On Wed, Nov 27, 2013 at 07:48:46PM +0100, David Herrmann wrote:
>> The test-gl helper shows how sd_gfx_card can be used to get a full OpenGL
>> context on the device. It is not added to the build-tools as it requires
>> mesa and might break on Khronos header-updates (yes, they break API *and*
>> ABI compatibility often!).
>> ---
>>  .gitignore   |   1 +
>>  Makefile.am  |  18 +++
>>  configure.ac |   3 +
>>  src/libsystemd-gfx/test-gl.c | 342 
>> +++
>>  4 files changed, 364 insertions(+)
>>  create mode 100644 src/libsystemd-gfx/test-gl.c
>>
>> diff --git a/.gitignore b/.gitignore
>> index a61f68d..c856412 100644
>> --- a/.gitignore
>> +++ b/.gitignore
>> @@ -116,6 +116,7 @@
>>  /test-event
>>  /test-fileio
>>  /test-gfx
>> +/test-gl
>>  /test-hashmap
>>  /test-hostname
>>  /test-id128
>> diff --git a/Makefile.am b/Makefile.am
>> index aa17876..1e8aeed 100644
>> --- a/Makefile.am
>> +++ b/Makefile.am
>> @@ -3886,6 +3886,19 @@ test_gfx_LDADD = \
>>   libsystemd-shared.la \
>>   libsystemd-gfx.la
>>
>> +test_gl_SOURCES = \
>> + src/libsystemd-gfx/test-gl.c
>> +
>> +test_gl_CFLAGS = \
>> + $(AM_CFLAGS) \
>> + $(GFX_GL_CFLAGS)
>> +
>> +test_gl_LDADD = \
>> + $(GFX_GL_LIBS) \
>> + libsystemd-bus-internal.la \
>> + libsystemd-shared.la \
>> + libsystemd-gfx.la
>> +
>>  test_kbd_SOURCES = \
>>   src/libsystemd-gfx/test-kbd.c
>>
>> @@ -3903,6 +3916,11 @@ tests += \
>>   test-gfx \
>>   test-kbd
>>
>> +if HAVE_GFX_GL
>> +# Uncomment this to enable test-gl builds
>> +#tests += test-gl
>> +endif
> Telling people to edit the makefile doesn't seem right. Maybe add a configure
> swith a la bd441fa27a? Then the GFX_GL switch below could be changed to 
> actually
> error out if any of those modules are not found.

Yeah, I think I will remove it entirely instead. It was just a
proof-of-concept that you can use sd_gfx_card with OpenGL. Doesn't
make much sense to keep it.

>>  src/libsystemd-gfx/unifont.bin: make-unifont.py 
>> src/libsystemd-gfx/unifont.hex
>>   $(AM_V_GEN)cat $(top_srcdir)/src/libsystemd-gfx/unifont.hex | 
>> $(PYTHON) $< >$@
> src/libsystemd-gfx/unifont.bin: src/libsystemd-gfx/unifont.hex make-unifont.py
> $(AM_V_at)$(MKDIR_P) $(dir $@)
> $(AM_V_GEN)$(PYTHON) $+ >$@
>
> ... and make make-unitfont.py accept an arg.
> mkdir -p is needed for out of tree builds.

Hm, "make update-unifont" should only be used by maintainers to update
the hex-file. You actually need to download the file and rename it to
src/libsystemd-gfx/unifont.hex for this to make sense. So is there any
reason to support out-of-tree builds for that? Doesn't make sense to
me, as you only want to call it if you check the result into git.

Argument seems fine, I will try to fix it up (if I only knew python better..).

>> +r = sd_gfx_card_new(&card, "/dev/dri/card0", gl_fd, event);
> Maybe 'argv[1] ?: "/dev/dri/card0"' for manual testing?

The other tests already use udev, I should fix this either up or
remove it, yepp.

Thanks for reviewing!
David
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] DBus signal on unit start/stop

2013-12-01 Thread Holger Winkelmann [TP] 
Hi Lennart,

Thanks for pointing this out... 

> There are standard dbus PropertiesChanged signals sent out for ActiveState
> changes, which invalidate the properties when they change in released
> versions of systemd, and which carry the new values along in git.
> 
> We probably should document which ones we generate this for in
> 
> http://www.freedesktop.org/wiki/Software/systemd/dbus/

I few lines of doc pointing in the right direction would be definitely
helpful. Its always amazing whats already in systemd once you start asking...

> Lennart
> 
> --
> Lennart Poettering, Red Hat
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> 

-- 
Holger Winkelmann

email: h...@travelping.com
phone: +49-391-819099-223
mobil: +49-171-5594745
http://www.linkedin.com/in/hwinkel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [RFC 05/12] gfx: add sd-gfx library with unifont section

2013-12-01 Thread David Herrmann 
Hi

On Sun, Dec 1, 2013 at 6:28 AM, Zbigniew Jędrzejewski-Szmek
 wrote:
> On Wed, Nov 27, 2013 at 07:48:40PM +0100, David Herrmann wrote:
>> As a first step, we add the required header+build-chain and add the
>> font-handling. To avoid heavy font-pipelines in systemd, we only provide
>> a statically-sized fallback-font based on GNU-Unifont.
> Hi David,
> I don't think that GNU-Unifont is licensed in a way that allows it to
> be embedded in systemd. Systemd is LGPLv2+, while Unifont is GPLv2+ + 
> FontException.
> FontException allows embedding in "documents", so it doesn't apply.

I disagree. I'm allowed to embed GNU-Unifont in a pdf/postscript file,
right? However, postscript is as turing-complete as x86-assembler, so
I don't see the difference between an ELF-document and a
postscript-document.

> It would be possible have some sources which are GPLv2+ only, but I
> think we want to avoid such complications.

It's not about sources. Assuming the font-exception doesn't apply,
this only means all binaries linking to libsystemd-gfx are GPLv2. The
sources stay LGPL as usual.

> Also, if the font was embedded in systemd, distributions would then
> remove it in order to replace is with the system version. So I think
> that including the font sources is pointless... Debian has it packaged [1],
> but an old version, I'm not sure if there have been recent updates, and
> possibly in the wrong format. Fedora doesn't seem to have it yet.
> But adding fonts is easy, I'd do the Fedora package myself, and other
> distributions could surely add/update it.

I'm fine with installing the file into the system, but I doubt we win
much. It's meant as fallback for early-boot, initrd and so on. If we
keep it separate, we must make sure to include it in any systems we
build (initrd, containers, vms, ..). So if there's no reason beside
license issues, I'd like to keep it built-in.

> So if it is acceptable for systemd-gfx *binary* to be GPLv2+ licensed,
> we could use the system unifont.hex file at build time, and actually
> link it into the binary. I propose that we try to go this way.

That's what I currently do.

> Or we could have the package also contain the converted font in appropriate
> format, and mmap it at runtime. But this is more complex, and doesn't actually
> avoid the licensing issue, since the font would still be GPLv2+.

Where is the difference between build-time linking and mmap()?
(regarding licensing)
Also, where's the point of keeping libsystemd-gfx.so LGPL just to have
a *mandatory* dependency which is GPL?

Thanks
David
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] script assigned via Unit's ExecStartPre= only partially executes, fails to complete ?

2013-12-01 Thread jen142 
I'm using an openvpn unit,

cat openvpn.service
[Unit]
Description=OpenVPN
After=syslog.target network.target
Before=openvpn.target

[Service]
PrivateTmp=true
Environment=PATH="/usr/local/openvpn-unpriv:$PATH"

Type=forking
PIDFile=/var/run/openvpn/openvpn.pid
ExecStartPre=/usr/local/etc/openvpn/up.script
ExecStart=/usr/local/sbin/openvpn --daemon --writepid
/var/run/openvpn/openvpn.pid --cd
/usr/local/etc/openvpn/ --config server.conf
ExecStopPost=/usr/local/etc/openvpn/down.script

[Install]
WantedBy=multi-user.target

with the ExecStartPre= script,

cat /usr/local/etc/openvpn/up.script

#!/bin/sh
/usr/local/sbin/openvpn --rmtun --dev tun1 > /dev/null
2>&1
/usr/local/sbin/openvpn --mktun --dev tun1 --dev-type
tun --user openvpn --group openvpn
/usr/sbin/iptables -I FORWARD -i eth0 -o tun1 -j ACCEPT
/usr/sbin/iptables -I FORWARD -i tun1 -o eth0 -j ACCEPT

After boot, checking for the iptables tun1 rules, nothing's been added,

iptables -L -v -n | grep tun
(nothing ...)

testing manually @ shell works,

/usr/sbin/iptables -I FORWARD -i eth0 -o tun1 -j ACCEPT
iptables -L -v -n | grep tun
0 0 ACCEPT all  --  eth0   tun10.0.0.0/0
   0.0.0.0/0

journalctl shows the up.script launched, and the tun1 device is broight
up,

journalctl -xb | egrep -i "up.script|tables"
Dec 01 00:16:18 test kernel: TCP: Hash tables configured
(established 16384 bind 16384)
Dec 01 00:16:18 test kernel: ip_tables: (C) 2000-2006
Netfilter Core Team
Dec 01 00:16:18 test kernel: ip6_tables: (C) 2000-2006
Netfilter Core Team
Dec 01 00:16:27 test systemd[1]: About to execute:
/usr/local/etc/openvpn/up.script
Dec 01 00:16:27 test systemd[1]: Forked
/usr/local/etc/openvpn/up.script as 1653
Dec 01 00:16:27 test systemd[1653]: Executing:
/usr/local/etc/openvpn/up.script
Dec 01 00:16:28 test up.script[1653]: Sun Dec  1
00:16:28 2013 TUN/TAP device tun1 opened
Dec 01 00:16:28 test up.script[1653]: Sun Dec  1
00:16:28 2013 Persist state set to: ON
Dec 01 00:16:32 test kernel: Ebtables v2.0 registered

but provides no clue why the iptables rules aren't added.

Is there a problem with a dependency here, or running iptables from a
systemd script?  something else?

JenL
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel