Re: [systemd-devel] udev-buildin-net_id.c hotplug slot with SRIOV

Forwarding this again to the full list, On Mon, 2015-08-17 at 06:25 +, Keller, Jacob E wrote: > Hi, > > > -Original Message- > > From: Andrei Borzenkov [mailto:[email protected]] > > Sent: Friday, August 14, 2015 10:52 PM > > To: Keller, Jacob E > > Subject: Re: [systemd-devel] udev

Re: [systemd-devel] Who has rights to override/ignore inhibitors?

Dear Lennart! That's what I have in my /usr/share/polkit-1/actions/org.freedesktop.login1.policy: Power off the system while an application asked to inhibit it Authentication is required for powering off the system while an application asked to inhibit

Re: [systemd-devel] [PATCH 1/1] rfkill: Rework systemd-rfkill

Patchset imported to github. To create a pull request, one of the main developers has to initiate one via: -- Generated by https://github.com/haraldh/mail2git ___

[systemd-devel] [PATCH 0/1] Rework systemd-rfkill

Currently systemd-rfkill does not support devices that lose power over suspend and do a disconnect()/probe() cycle (when the driver does not implement a reset_resume() callback): systemd-rfkill will restore the RFKill state that was saved on the last shutdown instead of the one right before suspend

[systemd-devel] [PATCH 1/1] rfkill: Rework systemd-rfkill

This commit adds a udev rule to save the RFKill state on every change, so systemd-rfkill always have the most up-to-date state. This also removes the need for saving the RFKill state on shutdown, so [email protected] does not have to be active until shutdown, which in turn removes the need fo

[systemd-devel] About the state of two posts

Hello. I just re-read Lennart's posts (which i loved): - Factory Reset, Stateless Systems, Reproducible Systems & Verifiable Systems and - Revisiting How We Put Together Linux Systems And i would like to know what's the state of both? Is there a place i can get news about this two subjects

Re: [systemd-devel] grant users access to certain services only

On Fri, 21.08.15 13:29, Christian Seiler ([email protected]) wrote: > On 21.08.2015 12:04, Jóhann B. Guðmundsson wrote: > > Should not the solution for this be tied to the user and group field > > mentioned in the unit so for example the postgresql type service unit > > contains... > > User=postg

Re: [systemd-devel] grant users access to certain services only

On 21.08.2015 12:04, Jóhann B. Guðmundsson wrote: > Should not the solution for this be tied to the user and group field > mentioned in the unit so for example the postgresql type service unit > contains... > User=postgres > Group=postgres > > Which would mean that the posgres user could start,sto

Re: [systemd-devel] systemd-networkd doesn't delete netdev when parent interface is deleted

What workaround do you suggest in the meantime ? I'm currently using a very ugly hack which is an oneshot service that runs "ip tunnel del" right before the PPP service starts (and ignores eventual errors); is there a better way, possibly without touching the actual PPP service file (I'd like

Re: [systemd-devel] grant users access to certain services only

On Fri, Aug 21, 2015 at 01:50:31PM +0300, Mantas Mikulėnas wrote: > On Fri, Aug 21, 2015 at 1:43 PM, Dominick Grift > wrote: > > > On Fri, Aug 21, 2015 at 01:38:28PM +0300, Mantas Mikulėnas wrote: > > > > > > > > Do they have access to `cat /proc/self/mounts`? > > > > Ouch yes... ok that is a dea

Re: [systemd-devel] grant users access to certain services only

On Fri, Aug 21, 2015 at 1:43 PM, Dominick Grift wrote: > On Fri, Aug 21, 2015 at 01:38:28PM +0300, Mantas Mikulėnas wrote: > > > > > Do they have access to `cat /proc/self/mounts`? > > Ouch yes... ok that is a dead end i suppose Right. That was my point. Restricting individual commands like `mo

Re: [systemd-devel] grant users access to certain services only

On Fri, Aug 21, 2015 at 01:38:28PM +0300, Mantas Mikulėnas wrote: > > Do they have access to `cat /proc/self/mounts`? Ouch yes... ok that is a dead end i suppose > > -- > Mantas Mikulėnas -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vin

Re: [systemd-devel] grant users access to certain services only

On Fri, Aug 21, 2015 at 1:29 PM, Dominick Grift wrote: > On Fri, Aug 21, 2015 at 01:10:51PM +0300, Mantas Mikulėnas wrote: > > > > > > > > i think it kind of sucks that systemctl --user list-units can be used > to > > > determine who is currently logged in. ( it shows active mount units for > >

Re: [systemd-devel] grant users access to certain services only

On Fri, Aug 21, 2015 at 08:25:56PM +1000, Daurnimator wrote: > On 21 August 2015 at 19:57, Dominick Grift wrote: > > i think it kind of sucks that systemctl --user list-units can be used to > > determine who is currently logged in. > > You can see with `loginctl list-users` too My restricted use

Re: [systemd-devel] grant users access to certain services only

On Fri, Aug 21, 2015 at 01:10:51PM +0300, Mantas Mikulėnas wrote: > > > > i think it kind of sucks that systemctl --user list-units can be used to > > determine who is currently logged in. ( it shows active mount units for > > XDG_RUNTIME_DIR and since those have UID as name you can see who is >

Re: [systemd-devel] grant users access to certain services only

On 21 August 2015 at 19:57, Dominick Grift wrote: > i think it kind of sucks that systemctl --user list-units can be used to > determine who is currently logged in. You can see with `loginctl list-users` too I once tried to prevent getting a list of users, but it's hard... I locked out: - `w`

[systemd-devel] Partition with random key in crypttab

Hi, I'm not experienced at all with systemd, and not much more in system administration, and I don't know if I should post this here, but it is the only list I found that seems to provide general support for systemd. I want to encrypt my /tmp directory by putting it in an encrypted partition (

Re: [systemd-devel] grant users access to certain services only

On Fri, Aug 21, 2015 at 12:57 PM, Dominick Grift wrote: > Made a demo because i was bored: > https://www.youtube.com/watch?v=KrK5a7D77l0 > > In practice though this is probably not an option for you. It is very > expensive. however it is (optionally) supported by systemd and i just > wanted to co

Re: [systemd-devel] grant users access to certain services only

On 08/20/2015 10:02 PM, Lennart Poettering wrote: On Thu, 20.08.15 23:41, Michael Biebl ([email protected]) wrote: Hi, say I wanted to grant an unprivileged userA the ability to systemctl start/stop/restart/reload foo.service and only grant this for foo.service. Is there a way to achieve tha

Re: [systemd-devel] grant users access to certain services only

Made a demo because i was bored: https://www.youtube.com/watch?v=KrK5a7D77l0 In practice though this is probably not an option for you. It is very expensive. however it is (optionally) supported by systemd and i just wanted to counter the misinformation. i think it kind of sucks that systemctl

Re: [systemd-devel] grant users access to certain services only

systemd has a built-in extension to the SELinux MAC framework. If that, and SELinux is enabled. Then you can use the SELinux framework and systemd SELinux extension to configure which services may be controlled by specified processes on a fined grained level using mandatory access control. Policyk