On Thu, 23.07.15 10:41, Daurnimator (q...@daurnimator.com) wrote:
> On 23 July 2015 at 04:41, Lennart Poettering wrote:
> > Maybe we can change the manager core to propagate Reload() calls
> > for unit type that do not support it natively to other units listed in
> > PropagateReloadsTo= and then
On 23 July 2015 at 04:41, Lennart Poettering wrote:
> Maybe we can change the manager core to propagate Reload() calls
> for unit type that do not support it natively to other units listed in
> PropagateReloadsTo= and then become a NOP.
>
> Or in other words: invoking reload on a target that knows
On Fri, 17.07.15 13:13, David Sommerseth (dav...@redhat.com) wrote:
>
> Hi,
>
> I'm looking through some journals now, and even though I've seen it a
> few times I haven't thought about it until now.
>
>systemd-journal[1151]: Runtime journal is using 8.0M (max allowed
> 4.0G, t
On Tue, 21.07.15 13:24, Florian Weimer (fwei...@redhat.com) wrote:
> And that's fine. But doing hardening for UID=0 services seems a very
> bad practice to me because it looks like someone is assuming that UID=0
> without capabilities is just another “nobody” user. Which is not
> surprising, bec
B1;4002;0cOn Mon, 20.07.15 13:58, Florian Weimer (fwei...@redhat.com) wrote:
> On 07/20/2015 01:52 PM, Reindl Harald wrote:
> >
> >
> > Am 20.07.2015 um 13:24 schrieb Florian Weimer:
> >> CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
> >> m4_ifdef(`HAVE_SMACK', CAP_MAC_AD
Am 21.07.2015 um 13:24 schrieb Florian Weimer:
On 07/20/2015 02:34 PM, Reindl Harald wrote:
Am 20.07.2015 um 13:58 schrieb Florian Weimer:
On 07/20/2015 01:52 PM, Reindl Harald wrote:
Am 20.07.2015 um 13:24 schrieb Florian Weimer:
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID
Am 20.07.2015 um 13:24 schrieb Florian Weimer:
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
m4_ifdef(`HAVE_SMACK', CAP_MAC_ADMIN )
…
What's the intent of these settings? Is it a form of hardening? If
yes, it is rather ineffective because UID=0 does not need any
capabi
Am 20.07.2015 um 13:58 schrieb Florian Weimer:
On 07/20/2015 01:52 PM, Reindl Harald wrote:
Am 20.07.2015 um 13:24 schrieb Florian Weimer:
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
m4_ifdef(`HAVE_SMACK', CAP_MAC_ADMIN )
…
What's the intent of these settings? Is
On Mon, 20.07.15 13:24, Florian Weimer (fwei...@redhat.com) wrote:
> What's the intent of these settings? Is it a form of hardening? If
> yes, it is rather ineffective because UID=0 does not need any
> capabilities to completely compromise the system.
Well, we run our stuff with minimal attack
On Wed, 22.07.15 20:28, Michael Biebl (mbi...@gmail.com) wrote:
> 2015-07-22 19:15 GMT+02:00 Lennart Poettering :
> > On Tue, 21.07.15 13:43, Marc Haber (mh+systemd-de...@zugschlus.de) wrote:
> >> Can I write my nifty.target as a service? I have seen in this case
> >> nifty.service files with Exec
2015-07-22 19:15 GMT+02:00 Lennart Poettering :
> On Tue, 21.07.15 13:43, Marc Haber (mh+systemd-de...@zugschlus.de) wrote:
>> Can I write my nifty.target as a service? I have seen in this case
>> nifty.service files with Exec=/bin/true to basically create a no-op
>> service, but that's ugly.
>
> T
On Sat, 18.07.15 19:06, Marc Haber (mh+systemd-de...@zugschlus.de) wrote:
> On Tue, Jun 09, 2015 at 01:02:43PM +0200, Lennart Poettering wrote:
> > On Mon, 01.06.15 22:43, Michael Biebl (mbi...@gmail.com) wrote:
> >
> > > 2015-06-01 20:12 GMT+02:00 David Herrmann :
> > > > Hi
> > > >
> > > > As o
On Tue, 21.07.15 16:39, Florian Weimer (fwei...@redhat.com) wrote:
> On 07/21/2015 01:52 PM, David Herrmann wrote:
> > Hi
> >
> > On Tue, Jul 21, 2015 at 1:37 PM, Florian Weimer wrote:
> >> We have quite a zoo of services which listen on localhost, on a fixed
> >> TCP port, for use by local clie
On Tue, 21.07.15 13:37, Florian Weimer (fwei...@redhat.com) wrote:
> We have quite a zoo of services which listen on localhost, on a fixed
> TCP port, for use by local clients. The canonical example is PostgreSQL
> on 5432/TCP, for the benefit of Java clients (which cannot use the UNIX
> domain s
On Tue, 21.07.15 13:43, Marc Haber (mh+systemd-de...@zugschlus.de) wrote:
> Hi,
>
> I am trying to systemd'ize a daemon which is useful to be run in two
> instances. It is usually the case that both instances need to be
> started and stopped simultaneously, and the local admin would want a
> _sin
On Mon, 20.07.15 17:09, Pradeepa Kumar (cdprade...@gmail.com) wrote:
> Hi
> I need to use functions to call method, get property value etc from
> dbus.
See http://0pointer.net/blog/the-new-sd-bus-api-of-systemd.html and
have a look at the sd-bus.h header file:
https://github.com/systemd/systemd/
On Wed, Jul 22, 2015 at 04:17:36PM +0800, Xtonic wrote:
> Hi,
>
> I am new to systemd. I am using CoreOS 717.3.0 with systemd 220.
>
>
> When I checked the status of systemd-networkd I got:
>
> systemctl status systemd-networkd
>
> ● systemd-networkd.service - Network Service
>
>Loaded: l
Hi,
I am new to systemd. I am using CoreOS 717.3.0 with systemd 220.
When I checked the status of systemd-networkd I got:
systemctl status systemd-networkd
● systemd-networkd.service - Network Service
Loaded: loaded (/usr/lib64/systemd/system/systemd-networkd.service;
disabled; vendor pres
On Tue, Jul 21, 2015 at 09:42:38PM +0200, Michael Biebl wrote:
> Have a look at the openvpn package in Debian. It implements something
> like you have in mind.
> There are multiple openvpn@.service instances and a single
> openvpn.service which can be used by the admin to start/stop/restart
> them.
19 matches
Mail list logo
