I am trying to use SecComp and setting the SystemCallErrorNumber to EPERM, EACCES ... to only get a Warning when the System call happen. (Similar to SELinux Permissive mode). But I don't get any info in the logs !
I did not find a lot on Google too. Where could I find more info / forum ???
Thanks

Hello,

I've just updated to Ubuntu 18.04 where DNS is now handled by systemd-resolved.
My use case is to use many containers managed with LXD.
LXD supplies a bridged interface and a dns server listening on this interface which resolves containers name with a domain .lxd (ie: mycontainer.lxd).

On previous Ubuntu NetworkManager was shipped with a small dnsmasq which allows me to redirect the queries of one domain (lxd in occurence) to a specific dns server: I'm now trying to do the same thing with systemd-resolved.
Basically my aim is to be able to get a result when launching the command
dig mycontainer.lxd

I've read the manpages of resolved.conf & systemd-resolved about routed domains prefixed by ~

What I've done:
- create a folder /etc/systemd/resolved.conf.d
- create a lxd.conf with
[Resolve]
DNS={IP_OF_LXD_DNS}
Domains=~lxd

- restart systemd-resolved service

With that neither the output of systemd-resolve --status doesn't display the DNS server attached to the bridge interface neither systemd-resolve resolves my container names.
How can I succeed to declare it with configuration files ? Does it requires to have systemd-networkd service enabled ?

I've seen I can manually attach the DNS server and domain to the interface with systemd-resolve -i {myinterface} --set-dns={IP_OF_LXD_DNS}.
After doing that: systemd-resolve resolves my container names but not the dig command which query 127.0.0.53. I'm very surprised by this: I was naively thinking that the systemd resolver was using their own mechanism under the hood.
How can I do to make this resolving system-wide ?

I have one foo.target and one bar.service. foo.target Requires bar.service, and bar.service BindsTo foo.target.
Now the requirement is that once i restart foo.target, it should leads to the restart of of bar.service.
However, my test results are as expected except for one case: bar.service cannot be restart when its status of Active is "activating (start)".

Is there any way to interrupt the activating bar.service, and let it restart immediately by restarting foo.target?

details of my configuration are as follow:

foo.target
[Unit]
Description=foo target
Requires=bar.service

bar.service
[Unit]
Description=bar service
BindsTo=foo.target
[Service]
Type=notify
ExecStart=/path/to/wait_for_notify_ready.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

Post has shared content

Post has shared content

Let dnsmasq.service start after a TAP device is configured?

I'm using systemd.netdev and systemd.network to automatically create a TAP device network interface, named tap_soft. Then, I want dnsmasq to provide DHCP server for this interface (I use it for a VPN network).

However, when my server starts up, dnsmasq failed because it is started too early:

Nov 28 16:35:14 ubuntu-server dnsmasq[979]: dnsmasq: unknown interface tap_soft
Nov 28 16:35:14 ubuntu-server dnsmasq[979]: unknown interface tap_soft
Nov 28 16:35:14 ubuntu-server dnsmasq[979]: FAILED to start up
Nov 28 16:35:14 ubuntu-server systemd[1]: dnsmasq.service: Control process exited, code=exited status=2
Nov 28 16:35:14 ubuntu-server systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Nov 28 16:35:14 ubuntu-server systemd[1]: dnsmasq.service: Unit entered failed state.
Nov 28 16:35:14 ubuntu-server systemd[1]: dnsmasq.service: Failed with result 'exit-code'

How should I override dnsmasq.service to let it start after tap_soft has been configured fully?

Post has attachment
I would like to leverage systemd to manage proxy. My use case is that I may boot either at work or at home, but it does not change once booted.

I saw that there are some experiments going on:
- https://wiki.gnome.org/Projects/NetworkManager/Proxies
- https://clearlinux.org/features/autoproxy uses PacRunner
- https://lists.freedesktop.org/archives/systemd-devel/2015-April/030525.html

Issues: If I write in /etc/environment it is nice because almost all processes get the info. But it not practical, you have to reboot. I abandoned the idea.

If I write in profile.d/proxy.sh , it is re-executed each time I open a shell (not a big deal, but a waste of time). only the user's shell and beyond get the info.

How would you go about it? how do you manage environment variables, not for systemd, but for the users and others processes??

I am trying to use casync to backup one of my filesystem tree.

While casync make is running, Gnome crashed so the casync task running inside a terminal also terminated.

How can I know if the caysnc make task is completed or not?

If I re-run the casync make task, will it know just resume from what is left over?

Hello Lazyweb. Can someone tell me how to assemble the arguments to SetLinkDNS?
I can't find any example code. Passing simple arguments seems straight forward, but arrays confuse me.

I want to set two ipv4 adresses for DNS resovers on a link.

This code segfaults:
struct dns_address {
int32_t sin_family;
struct in_addr ip_addr;
};
struct dns_address addresses[2];


addresses[0].sin_family = AF_INET;
addresses[0].ip_addr = ns1;
addresses[1].sin_family = AF_INET;
addresses[1].ip_addr = ns2;

r = sd_bus_call_method(bus,
"org.freedesktop.resolve1", /* service to contact */
"/org/freedesktop/resolve1", /* object path */
"org.freedesktop.resolve1.Manager", /* interface name */
"SetLinkDNS", /* method name */
&error, /* object to return error in */
&m, /* return message on success */
"ia(iay)", /* input signature */
if_index,
2, /* Array size */
addresses);


My guess is that I can have it easier if I somehow use sd_bus_message_append() to assemble the message. But I don't see a clear path either.

Will red hat ever make journald optional for systemd or maybe add a pure text mode for journald?
Wait while more posts are being loaded