[systemd-devel] how to make the systemd init faster
Hello all, I am trying t improve my embedded system boot time which uses systemd. debugging understood that it spends lot time around ~1.3 second in my iMX6 board running @800MHz on initialization of the systemd plotting the graph using “systemd-analyze plot > /tmp/bootime.svg “ i am seeing that, it spend around 1 second reading config file and generating dyunamic file at /run/systemd. And then it start executing unit files My questions are, since its an embedded system where the hardware and configuration are always constant once you build the image so all these dynamic stuff reading from files are not required 1) what all i should be doing to make the boot faster 2) is there a way I can configure the files statically at compile time, which will reduce the time of reading each file from eMMC. 3) How can I disable the mounting of the root partition from the systemd-generators as I see the kernel mounts it in my systemd and gets remounted, even though I commented the line in fstab Thanks for the support Dino ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-nspawn with filesystem id mapping
Hi again, after some more debugging this EOVERFLOW seems to be the result of a call to may_o_create in fs/namei.c in the kernel. There is a check: if (!fsuidgid_has_mapping(dir->dentry->d_sb, mnt_userns)) return -EOVERFLOW; This seems to be the one returning EOVERFLOW to nspawn and resulting in the container spawn to fail. My guess would be that this is a systemd bug when combining filesystem id mapping with --bind. Before I start spending more time debugging this, has anyone so far used --bind with --private-users=pick and --private-users-ownership=map successfull? As far as I understand the pull request #19438 , didn't add any handling to the mount_bind function. Was this maybe overlooked? In my understanding there is a remount_idmap missing in that function well as the touch needs to be done in the correct user namespace or with mapped uid/gids. I'm new to the systemd source code, could somebody confirm that I'm on the right track there and not heading in the wrong direction? Thanks, nd OpenPGP_signature Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Antw: [EXT] Re: Adding USB ID to hwdb/usb.ids
On Fri, Jun 4, 2021 at 7:49 AM Ulrich Windl < ulrich.wi...@rz.uni-regensburg.de> wrote: > >>> Greg KH schrieb am 02.06.2021 um 16:39 in > Nachricht : > > On Wed, Jun 02, 2021 at 03:48:41PM +0200, Reindl Harald wrote: > >> > >> > >> Am 02.06.21 um 07:04 schrieb Greg KH: > >> > On Tue, Jun 01, 2021 at 09:38:37PM +0200, Michael Biebl wrote: > >> > > Am Di., 1. Juni 2021 um 20:44 Uhr schrieb Greg KH > >: > >> > > > Works for me! Make sure you are not trying to connect to 'https'. > >> > > > >> > > No https? Why? > >> > > >> > Because why would serving up text files about this topic requires > https? > >> > >> sorry, but we have 2021 > >> > >> * non‑https is a warning in most browsers > >> * certifictes are free and automated these days > >> * https is not only about encryption > >> > >> the point of https is > >> > >> a) you are connected to the host you think > >> b) no manipulation on the wire > >> > >> the encryption is not really the point > > > > Then don't connect to the site if you don't want the data there. Trying > > to tell others what to do with their spare time in maintaining a > > resource for all operating systems to use is a bit, well, you know... > > I think any website that has a form to fill in should offer https. > In the past there were websites asking for user and password without > offering > https. > I also think even a self-signed certificate is better tan no certificate at > all, but in the times of let'S encrypt setting up https shouldn't be a big > issue. > > All my opinion... > > Regards, > Ulrich > If I am not misinterpreting, Mr. Biden's recent cyber security execute order [1] will put a weight on how data is transferred, at least in the US, at least for the agencies which will probably ripple itself to the ordinary user eventually. [1] https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ Multiple mentions of "*encryption for data at rest and in transit*". Umut > > > > > greg "i am a horrible sysadmin" k‑h > > ___ > > systemd‑devel mailing list > > systemd‑de...@lists.freedesktop.org > > https://lists.freedesktop.org/mailman/listinfo/systemd‑devel > > > > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Antw: Antw: [EXT] Re: Adding USB ID to hwdb/usb.ids
>>> "Ulrich Windl" schrieb am 04.06.2021 um 07:48 in Nachricht <60b9bebf02a100041...@gwsmtp.uni-regensburg.de>: Greg KH schrieb am 02.06.2021 um 16:39 in > Nachricht : >> On Wed, Jun 02, 2021 at 03:48:41PM +0200, Reindl Harald wrote: >>> >>> >>> Am 02.06.21 um 07:04 schrieb Greg KH: >>> > On Tue, Jun 01, 2021 at 09:38:37PM +0200, Michael Biebl wrote: >>> > > Am Di., 1. Juni 2021 um 20:44 Uhr schrieb Greg KH >>: >>> > > > Works for me! Make sure you are not trying to connect to 'https'. >>> > > >>> > > No https? Why? >>> > >>> > Because why would serving up text files about this topic requires https? >>> >>> sorry, but we have 2021 >>> >>> * non‑https is a warning in most browsers >>> * certifictes are free and automated these days >>> * https is not only about encryption >>> >>> the point of https is >>> >>> a) you are connected to the host you think >>> b) no manipulation on the wire >>> >>> the encryption is not really the point >> >> Then don't connect to the site if you don't want the data there. Trying >> to tell others what to do with their spare time in maintaining a >> resource for all operating systems to use is a bit, well, you know... > > I think any website that has a form to fill in should offer https. > In the past there were websites asking for user and password without > offering > https. > I also think even a self-signed certificate is better tan no certificate at > all, but in the times of let'S encrypt setting up https shouldn't be a big > issue. > > All my opinion... Sorry to respond to my own post, but accidentially I read this comment on some RFC discussion: "I think it is common understanding that communication across the internet should be protect by security means. It also is common practice to protect LAN based communication since experience taught that it is a false sense of security to rely only on security gateways to protect against adversaries." > > Regards, > Ulrich > >> >> greg "i am a horrible sysadmin" k‑h >> ___ >> systemd‑devel mailing list >> systemd‑de...@lists.freedesktop.org >> https://lists.freedesktop.org/mailman/listinfo/systemd‑devel > > > > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
