Disclaimer: this may not be at all related to systemd...

When I run the Juniper Network Connect client (ncsvc) it terminates every time the DHCP license is renewed. It doesn't make a difference whether I specify CriticalConnection=true or false. Since systemd-networkd is managing the NIC and the DHCP license, I am suspecting it as the cause for the ncsvc problem. But then again, correlation is not causation as they say.

The log files of ncsvc are unfortunately rather cryptic. The only information I could extract from them is the following line:

20150603133456.514649 ncsvc[p6870.t6870] rmon.error Route to destination 192.168.1.1 is missing mask 255.255.255.255 with gw 0.0.0.0, metric 1, if_id 0, disconnecting (routemon.cpp:628)

which coincides with the following journal entries:

Jun 03 13:34:55.454967 host NetworkManager[1805]: address 192.168.1.16
Jun 03 13:34:55.454985 host NetworkManager[1805]: plen 24
Jun 03 13:34:55.454990 host NetworkManager[1805]: expires in 300 seconds
Jun 03 13:34:55.455026 host NetworkManager[1805]: gateway 192.168.1.1
Jun 03 13:34:55.455035 host NetworkManager[1805]: nameserver '192.168.1.1'
Jun 03 13:34:55.455210 host NetworkManager[1805]: (wlp6s0): DHCPv4 state changed bound -> bound
Jun 03 13:34:55.456679 host dbus[1799]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Jun 03 13:34:55.461372 host dbus[1799]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jun 03 13:34:55.462021 host nm-dispatcher[8295]: Dispatching action 'dhcp4-change' for wlp6s0
Jun 03 13:34:56.514958 host systemd-networkd[1803]: tun0 : lost carrier

Is the DHCP renewal triggering a change in the routing table, which in turn makes ncsvc unhappy?

systemd-218
networkmanager-1.0.2

Thanks for any suggestions

as maintainer of package, which distributes udev rules, i didn't found appropriate documentation regarding predefined tags for udev rules.

The for (;;) loop in server_process_datagram might prevent journal
from feeding the watchdog if there is always something to receive in
the syslog socket. Potentially journald is restarted, applications
stall if the syslog socket is staying full....

I thought about fixing it by checking the watchdog on every iteration
of for (;;) by using watchdog_last, watchdog_period and feeding
watchdog if necessary but none of those properties are public.

Current rate limit check is done right before we store the message
(after we receive it, after we forward it to console, wall, kmsg). I
think it is too late.

Maybe the best approach is having a rate limit on sd-event
(sd-event-source) so we can map rate limit options in journald.conf to
journal's sd-event.

Thoughts?

PS: Moving the discussion off the mailing list to get it tracked.

From the manpage:
“Note that this generator has no effect on non-GPT systems, on systems where the units are explicitly configured (for example, listed in fstab(5))[...]“

In reality, I have my encrypted home partition in both fstab and crypttab, but gpt-auto-generator tries to unlock it at boot, ignoring the noauto directive. This leads to the entire boot process stopping and waiting indefinitely for a password.

And where can I translate systemd?

This should be suppressed. It happens inside the initrd and on the real system:
Jun 11 11:17:24 ank systemd[1]: Failed to insert module 'kdbus'

Currently, running the test-suite as root fails on python2 ./test/sysv-generator-test.py. If run as user it works fine.

As my python knowledge is pretty limited, I'd prefer if someone of the authors (@martinpitt ?) could have a look. Maybe a simple if geteuid() == 0: return 72 is enough.

Some Alienware notebooks and desktops support an external graphics
housing called the "Alienware Graphics Amplifier". It allows the usage
of a larger or more modern graphics card than your gaming PC would
already support. In order to provide a good experience, systems that
support it can provide notification to the OS via the scancodes on the
the keyboard controller of events related to the cable.

The following 4 events are supported (and the presumed OS response):

• Cable plugged in (An app on the existing display or terminal would
  tell the user to reboot the system to activate)
• Undock cable pressed (An app would let the user know to reboot the
  system to complete undock process; also when supported by GFX driver,
  driver can clean up and work without a reboot)
• Surprise removal of cable (System reboots).

Here's a patch for mapping these events to codes that can be recognized by a keycode Xorg can pick up.

From 747fa737562fd176d30ab8a79a82bd43fad06833 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <[email protected]>
Date: Wed, 27 May 2015 18:55:42 -0500
Subject: [PATCH] Add support for Alienware graphics amplifier

Unplugging and plugging in the cable will create various scancodes
on the keyboard controller.

Userspace within X should be able to interact with these to show
interesting messages. Assign them to generic prog1/prog2.

---
 hwdb/60-keyboard.hwdb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hwdb/60-keyboard.hwdb b/hwdb/60-keyboard.hwdb
index 9c7e553..0a0700c 100644
--- a/hwdb/60-keyboard.hwdb
+++ b/hwdb/60-keyboard.hwdb
@@ -144,6 +144,11 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnAOA*:pvr*
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAlienware*:pn*
  KEYBOARD_KEY_8a=ejectcd

+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAlienware*:pn*:pvr*
+ KEYBOARD_KEY_bf=!prog1                                 #graphics amplifier, cable plug-in event
+ KEYBOARD_KEY_c1=!prog2                                 #graphics amplifier, undock-button event
+ KEYBOARD_KEY_c2=!power                                 #graphics amplifier, surprise undock event
+
 ###########################################################
 # Asus
 ###########################################################
-- 
1.9.1

#96 causes #96 (comment)

==31==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000017ed0 at pc 0x7ff1def30c65 bp 0x7ffd9b003290 sp 0x7ffd9b002a40

We need to sort out the cyclic linking errors. Proposed layout:

generic library code, everything in the tree can use it, but it itself cannot use anything outside of its own directory:
src/util/strv.c
src/util/hashmap.c
...

public libraries, they cannot use anything in shared/
src/libsystemd/sd-bus/bus.c
src/libsystemd/sd-event/mainloop.c
...

specialized internal libraries with a specific topic in a subdirectory, they can use libsystemd/
src/shared/machine/container.c
src/shared/bus/convenience.c
...

I have in fstab mount bind line ( /A /B none bind 0 0 ), followed by nfs4 mount to /A/mountA.

Expected end result be to have nfs share mounted on /A/mountA and local files on /B/mountA.

But systemd generators seem to make mount in inverted order, so I get nfsmount on both ends of bind-mount.

That is, it first does nfs mount to /A/mountA and then mount-binds that to /B/mountA.

BTW; I haven't had the chance to try the latest git yet but v220, but suspect it does the same...

We really should figure out what's going on here:

http://lists.freedesktop.org/archives/systemd-devel/2015-June/032797.html

Currently, when sd_network_monitor clients start before networkd the constructor will fail. This should be fixed, see PR #62 for details.

I'm currently adding this rule (which I obtained from someone else) so I can use my YubiKey Neo's U2F support with Google Chrome -- or any other regular user application:

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess"

systemd-boot displays only efi stubs containing a VERSION_ID field in their embedded os-release file, yet VERSION_ID is listed as an optional field in the manpage of os-release.

The percentage value of cpu usage of systemd-cgtop is %100 x number of cores system has. This is not so easy to understand when you are using the program. You need to know how many cores your system has. I don't think this is how it is in "top".

We should either scale the number down so we don't exceed %100 or indicate somewhere how many cores this system has with max possible %.

I'm setting my system up so that when I connect an external sound card (Native Instruments Komplete Audio 6) to any USB port, user units start and stop. I'm see weird behaviour from the user instance of systemd when the card is connected to a different USB port.

$ systemctl --version
systemd 219
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD +IDN

The device unit is created by the following udev rule.

/etc/udev/rules/50-komplete-audio-6.rules

SUBSYSTEM=="sound", KERNEL=="controlC[0-9]*", ATTRS{idVendor}=="17cc", ATTRS{idProduct}=="1001", ENV{SYSTEMD_ALIAS}="/dev/k6", SYMLINK+="k6", TAG+="systemd"

When the card is connected to the first USB port, the system and users instances report the following.

$ systemctl status dev-k6.device

● dev-k6.device - Komplete_Audio_6
   Follow: unit currently follows state of sys-devices-pci0000:00-0000:00:14.0-usb2-2\x2d2-2\x2d2:1.0-sound-card1-controlC1.device
   Loaded: loaded
   Active: active (plugged) since Mon 2015-06-08 13:40:50 BST; 12min ago
   Device: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/sound/card1/controlC1

$ systemctl --user status dev-k6.device

● dev-k6.device - Komplete_Audio_6
   Follow: unit currently follows state of sys-devices-pci0000:00-0000:00:14.0-usb2-2\x2d2-2\x2d2:1.0-sound-card1-controlC1.device
   Loaded: loaded
   Active: active (plugged) since Mon 2015-06-08 13:40:50 BST; 6min ago
   Device: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/sound/card1/controlC1

When I disconnect the card, we get the following. Note, the difference between the system and user instances.

$ systemctl status dev-k6.device

● dev-k6.device
   Loaded: loaded
   Active: inactive (dead)

$ systemctl --user status dev-k6.device

● dev-k6.device - Komplete_Audio_6
   Loaded: loaded
   Active: inactive (dead) since Mon 2015-06-08 13:54:35 BST; 1s ago
   Device: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/sound/card1/controlC1

Now when I connect to a different USB port, we get;

$ systemctl status dev-k6.device

● dev-k6.device - Komplete_Audio_6
   Follow: unit currently follows state of sys-devices-pci0000:00-0000:00:14.0-usb2-2\x2d1-2\x2d1:1.0-sound-card1-controlC1.device
   Loaded: loaded
   Active: active (plugged) since Mon 2015-06-08 13:56:15 BST; 9s ago
   Device: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-1/2-1:1.0/sound/card1/controlC1

$ systemctl --user -l status dev-k6.device

● dev-k6.device - Komplete_Audio_6
   Loaded: loaded
   Active: inactive (dead) since Mon 2015-06-08 13:56:14 BST; 10s ago
   Device: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/sound/card1/controlC1

 Jun 08 13:56:15 wall systemd[598]: Device dev-k6.device appeared twice with different sysfs paths /sys/devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/sound/card1/controlC1 and /sys/devices/pci0000:00/0000:00:14.0/usb2/2-1/2-1:1.0/sound/card1/controlC1
 Jun 08 13:56:15 wall systemd[598]: Device dev-k6.device appeared twice with different sysfs paths /sys/devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/sound/card1/controlC1 and /sys/devices/pci0000:00/0000:00:14.0/usb2/2-1/2-1:1.0/sound/card1/controlC1

Notice that the system systemd is happy but the user instance has borked itself. Is this expected behaviour, is it a bug, or am I using systemd wrong?

Opening on request of Lennart, see #115 (comment)

The question is whether the hwdb should read from /run/udev/hwdb.d or not, given that dropping any hwdb file in there requires re-building the database. This was documented in man/hwdb.xml but the implementation was missing until the pull request linked above.

Use-case is here:
http://lists.freedesktop.org/archives/wayland-devel/2015-June/022476.html
specifically: libinput ships a hwdb.d and a rules file to add properties for certain devices. To run the tests suite, these need to be put in place before a test (with a rules reload and a hwdb update) and removed after the test again.

This currently only affects the test suite where we shouldn't rely on libinput being installed, let alone having the latest hwdb updates. So we need some temporary directory for hwdb files, but personally I don't care whether it's /run or can be provided as an argument to hwdb update.

systemd-networkd tries to set packets_per_slave on a bond netdev even if its mode doesn't support it. This leads to the device not being created:

trunk (uninitialized): option packets_per_slave: mode dependency failed, not supoorted in mode 802.3ad(4)

The man page says PacketsPerSlave option "has effect only in balance-rr mode". That's right, but in addition to that networkd must not try to set it (even to networkd's default) in other modes.

Kludgy workaround: specifying a value > 65535 in the .netdev file will skip setting the option.

Verbs systemctl halt, systemctl poweroff and systemctl reboot, if invoked under a non-root user and logind is not available, are governed by polkit action org.freedesktop.systemd1.manage-units.

(For systemctl halt logind is obviously never available, as there's no corresponding bus method.)

However, halt, poweroff and reboot in the same conditions say "Must be root." and bail out. Shouldn't they be equivalent to systemctl %s in this regard?

Hello,

It looks like the graph produced by systemd-bootchart only considers the CPU time spent in the main thread of each process.

I believe it would be more correct if the bar displayed in the *.svg for each process also includes the CPU utilization of the subthreads.

Test case: I wrote a simple program available at https://github.com/gmacario/hello-thread which when executed creates 10 threads, and the first subthread is looping.

If you launch systemd-bootchart from another terminal while hello-thread is running

$ /usr/lib/systemd/systemd-bootchart --rel --freq=50 \
--samples=100 --scale-x=100 --scale-y=20 --cmdline

The resulting graph shows negligible CPU utilization on process hello-thread.

Is anybody able to confirm me whether it is the intended behaviour?

Thanks,

Gianpaolo

See #166 for details.

This issue exists merely to make sure we don't forget to fix systemd as soon as kmod has been fixed for this, too:

http://thread.gmane.org/gmane.linux.kernel.modules/1542

And we should bum the kmod dependency version then...

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788193

The default cleanup rules in /usr/lib/tmpfiles.d/tmp.conf will remove all files and directories, excluding systemd-private in /tmp and /var/tmp.

If /tmp or /var/tmp are on a separate partition, those directories can contain a lost+found folder from a previous fsck run. More inportantly, they might contain quota configuration files. Those should not be removed by systemd-tmpfiles.

In Debian, we had the following exceptions when cleaning up /tmp and /var/tmp in our old sysvinit setup:

    EXCEPT='! -name .
            ! ( -path ./lost+found -uid 0 )
            ! ( -path ./quota.user -uid 0 )
            ! ( -path ./aquota.user -uid 0 )
            ! ( -path ./quota.group -uid 0 )
            ! ( -path ./aquota.group -uid 0 )
            ! ( -path ./.journal -uid 0 )

For systemd, we should at least ignore the lost+found directory and the quota.{user,group} files.

I first intended to create a pull request, which adds those to tmp.conf and marks them as x, but @martinpitt mentioned, that it might be preferable to always ignore those paths when using "D" or "d" and add those ignore list to the source code instead.

I'm therefor looking for feedback first, which approach would be preferred.

Docker indexes have images without a user/namespace. In various places this is equivalent to the user "_". while in others it needs to be left out.

e.g. if you want to pull https://registry.hub.docker.com/_/debian/

$ machinectl pull-dkr --dkr-index-url=https://index.docker.io --verify=no debian
DKR name 'debian' is invalid.

$ machinectl pull-dkr --dkr-index-url=https://index.docker.io --verify=no _/debian
Pulling '_/debian' with tag 'latest', saving as 'debian'.
HTTP request to https://index.docker.io/v1/repositories/_/debian/images failed with code 404.
Failed to retrieve images list. (Wrong index URL?)
Exiting.

It appears that it is hosted without the '_' in the url: https://index.docker.io/v1/repositories/debian/images

We (as in RHEL and Fedora) have received complaints that $subject. To prevent having rather moot discussion in Red Hat bugzilla I'd like to gather upstream feedback first. @martinpitt any opinions in Ubuntu/Debian camp on this one?

On a fresh server with a fairly simple legacy init.d script, a setup process launches the service using "service name start" which works. However, before doing anything else, if the service is restarted using "/etc/init.d/name restart" it doesn't work. The log says:

Jun 08 12:29:04 instance0 sudo[5158]: pdr : TTY=pts/0 ; PWD=/home/pdr ; USER=root ; COMMAND=/etc/init.d/instance0 restart
Jun 08 12:29:04 instance0 sudo[5158]: pam_unix(sudo:session): session opened for user root by pdr(uid=0)
Jun 08 12:29:05 instance0 instance0[5173]: Starting Magnolia instance0 instance: instance0 (already running).

Subsequent calls to either then work as expected and this used to work before upgrading to Debian jessie.

After changing our scripts to consistently use the service script, everything now works.

@mbiebl noticed that AX_NORMALIZE_PATH replaces empty paths with ".".

That is problematic, because up until now, we were advocating the use of --with-rootprefix= (empty) for split-usr setups (see e.g. autogen.sh). After #39, this results in rootprefix = "." and roolibdir = "./lib", etc.

So this has the potential of breaking existing setups. In Debian/Ubuntu, they'd have to replace --with-rootprefix= with --with-rootprefix=/ in their build scripts when updating to v221.

I think the rationale to transforming (empty) to "." is that that's what it means for example when you have an empty entry in variables like $PATH, for instance PATH=/bin::/sbin means look in /bin first, then if it's not there look in the current directory, otherwise in /sbin, exactly the same as PATH=/bin:.:/sbin.

Though I see the point that using "." doesn't really make a lot of sense for paths passed to ./configure, after all we mostly want absolute paths most of the time. And your point that --prefix= already defaults to / is another good argument in that sense.

So, my proposal is:

1. Add a workaround in configure.ac to check for an empty ${with_rootprefix} and replace it with a / right before calling AX_NORMALIZE_PATH on it and refer to this issue as it's a temporary workaround.
2. Rework the AX_NORMALIZE_PATH macro and send it upstream to autoconf-archive project. My suggestion is to add an optional third argument to it to indicate what to do with an empty string and default that to "." if that's not passed around, so we can use something like AX_NORMALIZE_PATH(${with_rootprefix},,/) in our code.

@mbiebl @zonque @martinpitt

Jun 11 11:17:25 ank systemd-udevd[134]: Assertion 's->type == SOURCE_IO' failed at src/libsystemd/sd-event/sd-event.c:1892, function process_io(). Aborting.

Bug-Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=547916

Since commit 5c67cf2 systemd-udevd doesn't close std{in,out,err} anymore, even when running systemd-udevd daemonized (systemd-udevd --daemon).

As result you cannot use Python's subprocess module to start/restart systemd-udevd like you could do in <=systemd-216 for example. That's how I run into that problem:

I tried salt (a configuration management tool) to restart systemd-udevd, see saltstack/salt#14957 (comment)

According to http://www.freedesktop.org/software/systemd/man/daemon.html (9) a daemonized service should connect /dev/null to standard input, output, and error. Can we do the same with systemd-udevd when running daemonized?

PS: You maybe wondering why I am posting this issue here if the Gentoo bug is already closed and marked as fixed:
We thought that running systemd-udevd in foreground would be a workaround but we now run into another problem (https://bugs.gentoo.org/show_bug.cgi?id=551724 & https://bugs.gentoo.org/show_bug.cgi?id=551928) so we are in progress to revert running in foreground and use the daemon again.

There is convenient tool to change MAC address of the interface to arbitrary/random value - see https://github.com/alobbs/macchanger for details. That's handy for security reasons for example.

Seems like such a low-level functionality really belongs to systemd-networkd instead of external which is tricky to integrate into boot process properly.

I have a simple unit, a program starts it via the bus, and then waits for it to end.
(the current unit is just /bin/sleep 10)

The problem is that when the unit finishes, the unit gets removed before the ActiveState is set to inactive, making my program unable to reliably detect the finishing of the unit trough PropertiesChanged.

I have a bunch of headless servers that sometimes need manual fsck of the /
It would be really nice to have an "emergency with networking" option, if possible

Without it, it's required to connect a KVM every time this happens...

Jun 11 11:17:24 ank systemd-tmpfiles[132]: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring

The ask.XXX ini does not contain any information about the path to the source device for which password is to be queried.

This is needed for e.g. Petera https://github.com/npmccallum/petera

A possible fix is to add the device path to the Id.

ID=cryptsetup:/dev/block/<maj>:<min>

Since commit 747ca69 from PR #152 distcheck fails:

  GEN      ../man/systemd.directives.xml
Traceback (most recent call last):
  File "../tools/make-directive-index.py", line 320, in <module>
    with open(sys.argv[1], 'wb') as f:
PermissionError: [Errno 13] Permission denied: '../man/systemd.directives.xml'
Makefile:21408: recipe for target '../man/systemd.directives.xml' failed
make[5]: *** [../man/systemd.directives.xml] Error 1
Makefile:18568: recipe for target 'check-recursive' failed
make[4]: *** [check-recursive] Error 1
Makefile:19791: recipe for target 'check' failed
make[3]: *** [check] Error 2
Makefile:19706: recipe for target 'distcheck' failed
make[2]: *** [distcheck] Error 1

Reverting this fixes distcheck again. This is happening in our daily distcheck builds (e. g. https://launchpadlibrarian.net/209133087/buildlog_ubuntu-wily-amd64.systemd-upstream-qa_0.v220-20150614-63432f5-0~ubuntu15.10.1_BUILDING.txt.gz) but I also get it locally. This doesn't happen with normal make/make check, as I usually don't build in a separate build dir with read-only parent (which is what distcheck does). Missing $(build_dir) somewhere? @zonque, any idea?

If I override/extend the instance of a template unit, this is not shown in systemd-delta.

Example: I wanted to override the TTYVTDisallocate= setting to "no" for tty1

I tried the following two approaches
a) /etc/systemd/system/[email protected]/noclear.conf drop-in
b) copy /lib/systemd/system/[email protected] to /etc/systemd/system/[email protected]

In both cases, systemd-delta did not show me, that this instance differed from the default template.

commit 5d40903 broke the test suite

condition = condition_new(CONDITION_PATH_IS_MOUNT_POINT, "/bin", false, false);
assert_se(!condition_test(condition));

with /bin being a symlink to usr/bin and /usr being a symlink

path_get_parent("/bin") -> "/"
and then "/" is compared to "/usr/bin"

with AT_FOLLOW_SYMLINK we should probably
path_get_parent(readlink("/bin"))

5d40903#diff-1e0521b9fbd642fe79e03e479c7b9559R650

See #41 (comment) for details

There a plenty of systemd-private-632623626-smth folders in /var/tmp. Is there a way to move all that into /var/tmp/systemd/... if so than it's probably a documentation bug (hard to find) otherwise consider it a feature request.

Many systemctl commands do not produce json output when --output json is set.

# systemctl -o json list-dependencies glusterd
glusterd.service
● ├─system.slice
● └─basic.target
●   ├─alsa-restore.service
●   ├─alsa-state.service
●   ├─dnf-makecache.timer
●   ├─fedora-autorelabel-mark.service
●   ├─fedora-autorelabel.service
●   ├─fedora-loadmodules.service
●   ├─firewalld.service
●   ├─paths.target
●   ├─slices.target
●   │ ├─-.slice
●   │ └─system.slice
●   ├─sockets.target
●   │ ├─avahi-daemon.socket
●   │ ├─cups.socket
●   │ ├─dbus.socket
●   │ ├─dm-event.socket
...

Somewhere in systemd there's functionality to find and break dependency cycles. Would be excellent to expose this via systemctl or systemd-analyze so system could be checked for cycles in unit dependencies without actually booting it.

Here I try to bind-mount a directory that doesn't exist. It doesn't print an error message, it just exists with status 1:

iaguis@locke-work: ~/temp
> sudo systemd-nspawn --bind /idontexist:/tmp -bD ~/temp/nspawn/arch-tree 
Spawning container arch-tree on /home/iaguis/temp/nspawn/arch-tree.
Press ^] three times within 1s to kill container.
iaguis@locke-work: ~/temp/rkt 
> echo $?
1

However, if I redirect stdout to a file it does print the error:

iaguis@locke-work: ~/temp/rkt 
> sudo systemd-nspawn --bind /idontexist:/tmp -bD ~/temp/nspawn/arch-tree  > /tmp/kk.txt
Spawning container arch-tree on /home/iaguis/temp/nspawn/arch-tree.
Press ^] three times within 1s to kill container.
/etc/localtime is not a symlink, not updating container timezone.
Failed to stat /idontexist: No such file or directory

systemd-nspawn closes the stdout file descriptor when running interactively so after that point, no error messages are printed on screen.

Is this intended behavior?

the man files don't include "both". I found it on some wiki because I knew there has to be some option to enable both. I think this should be added to the network manpage.

Not sure if it's just me, but I find some of the test-journal-* checks to be quite flaky...

In particular, a few runs of them and I found these two issues:

$ ./test-journal-stream
[...]
cursor: s=466c949d6722469ca60cd42f5f3dd740;i=7;b=9c6c4c72091a4c8a84c34e4fd7ab58c2;m=52092a9e;t=51846e9b0a5b9;x=cdf0656632f104b5
        MAGIC=waldo
        NUMBER=21
Assertion 'i == u' failed at src/journal/test-journal-stream.c:60, function verify_contents(). Aborting.
Aborted (core dumped)

(This happens about 50% of the runs for me.)

And:

$ ./test-journal-interleaving
Reserving 2047 entries in hash table.
Reserving 2047 entries in hash table.
Root directory /tmp/journal-skip-QrN8IG added.
File /tmp/journal-skip-QrN8IG/two.journal added.
File /tmp/journal-skip-QrN8IG/one.journal added.
Assertion 'n == x' failed at src/journal/test-journal-interleaving.c:87, function test_check_number(). Aborting.
NUMBER=1
NUMBER=3
FAIL test-journal-interleaving (exit status: 134)

(This one I saw only once...)

I wonder if it's just me or if others have been seeing these as well?

This is on Arch Linux with kernel 4.1-rc6 on a virtual machine with 32 vCPUs, running a pretty recent systemd from git (in case that helps.)

Cheers,
Filipe

localectl
System Locale: n/a

   VC Keymap: es
  X11 Layout: es
   X11 Model: pc105
 X11 Options: terminate:ctrl_alt_bksp

==90==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 36 byte(s) in 4 object(s) allocated from:
0 0x7f899be1b93f in strdup (/usr/lib64/libasan.so.2+0x6293f)
1 0x555f493890c8 in free_and_strdup src/basic/util.c:5417
2 0x555f4933605c in map_basic src/shared/bus-util.c:974
3 0x555f493367c4 in bus_message_map_all_properties src/shared/bus-util.c:1084
4 0x555f49336eca in bus_map_all_properties src/shared/bus-util.c:1171
5 0x555f4932e07b in show_status src/locale/localectl.c:169
6 0x555f493306a8 in localectl_main src/locale/localectl.c:657
7 0x555f49330853 in main src/locale/localectl.c:678
8 0x7f899b1ea8c4 in __libc_start_main (/lib64/libc.so.6+0x208c4)

SUMMARY: AddressSanitizer: 36 byte(s) leaked in 4 allocation(s).

A similar leak is also triggered with loginctl seat-status

==83==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x7f6de112a93f in strdup (/usr/lib64/libasan.so.2+0x6293f)
#1 0x559b8a00c356 in free_and_strdup src/basic/util.c:5417
#2 0x559b89fa77d1 in map_basic src/shared/bus-util.c:974
#3 0x559b89fa7f39 in bus_message_map_all_properties src/shared/bus-util.c:1084
#4 0x559b89fa863f in bus_map_all_properties src/shared/bus-util.c:1171
#5 0x559b89f92a0a in print_seat_status_info src/login/loginctl.c:614
#6 0x559b89f93c6f in show_seat src/login/loginctl.c:810
#7 0x559b8a010b2c in dispatch_verb src/basic/verbs.c:81
#8 0x559b89f967a9 in loginctl_main src/login/loginctl.c:1358
#9 0x559b89f9696c in main src/login/loginctl.c:1381
#10 0x7f6ddffec8c4 in __libc_start_main (/lib64/libc.so.6+0x208c4)

I didn't spot anything wrong with the tools', I suspect the leak is in sd-bus library. it might be worth to take a look.

When using systemd-nspawn --ephemeral, the temporary subvolume will contain a nested subvolume for var/lib/machines; which makes the temporary subvolume non-deletable:

Container stuff terminated by signal KILL.
Cannot remove subvolume '/var/lib/machines/.#stuff7ebdaddeb5da4865', ignoring: Directory not empty

This can be fixed by executing btrfs subvolume delete /var/lib/machines from within the container, or btrfs subvolume delete /var/lib/machines/#stuff7ebdaddeb5da4865/var/lib/machines from the host before exiting the container.

Removing the subvolume from the original template won't work (nspawn will recreate it anyway), the only work-around is to create a normal directory in the template; so the container won't copy/create the subvolume

I have created a dummy service that create a sleep process at start and kill the sleep process with several signals when you type systemctl stop sleep.service.

I have tried with signal 9 (SIGKILL), signal 23 (SIGSTOP) and signal 18 (SIGTSTP) and when I type systemctl status sleep.service it always says the signal was TERM (from SIGTERM, I suppose). My signal reference is http://man7.org/linux/man-pages/man7/signal.7.html

Here aretwo examples of the problem:

• http://pastebin.centos.org/28616/
• http://pastebin.centos.org/28621/

So starting to rebase our patch series on to master, and it's not fun. A bunch of things could be upstreamed, and then I would need to care about less patches.

There is a bulk of patches that either:

• speed up execution
• allow measuring fast execution

It's small one-liner patches, which do speed-up boot. Given that we boot in sub-second time, we also had to add patches to logging/bootchart to display stuff in "ms" rather than seconds.

I will push a few small patches related to this, for a quick "yea or nay". All of them will reference this issue. If you are happy to take them, do take them. Otherwise, I will not advocate much to take them in, and will just continue maintaining them downstream.

@zonque see the post-commit review of PR #79 i made. Also, PR #99.

https://bugzilla.redhat.com/show_bug.cgi?id=1227537

disk has LABEL=/1
systemd unescapes "\x2f1" at unit call resulting in /dev/disk/by-label//1 whereas it should be /dev/disk/by-label/\x2f1 which exists.