/srv/irclogs.ubuntu.com/2014/11/28/#ubuntu-devel.txt

=== darkxst_ is now known as darkxst
=== Quintasan_ is now known as Quintasan
pittiGood morning04:22
pittistgraber: so current systemd in vivid works reasonably well with per-session containers if you log in through the VT or ssh, but not in lightdm sessions; there is some kind of weird race condition there which I've tried tracking down for like 3 days now04:24
pittistgraber: but at least for those ssh/VT logins you should be in the user-XXXX.slice cgroups in all controllers and user containers should work04:25
stgraberpitti: go back to bed! :)04:25
pittistgraber: heh, couldn't sleep any more after my wife got up04:26
pittiand so much to do04:26
stgraber:)04:26
stgraberusually I take you saying good morning as a sign that I should really be sleeping but every so often you're just up way too early :)04:26
stgraberpitti: so what do you end up with when you hit that race condition?04:27
pittistgraber: sometimes processes propagate up to user.slice, sometimes all the way to /04:28
pittistgraber: I added all kinds of debugging cgroups ops (http://paste.ubuntu.com/9278143/), and I see that the lightdm session-child gets correctly placed into all controllers, and cgroups are created04:28
pittibut then they somehow disappear from those groups04:29
pittiand nothing in the systemd logs (i. e. the cgroups ops) tell me why04:29
stgraberthat's pretty scary04:29
pittiI disabled cgroups trimming (that seems to work fine, but with that I can see that the empty cgroups are still there), and logged all migrations04:30
pittiso somewhere in the chain of operations there's something which I don't understand which triggers a race condition04:30
stgraberbecause if that happens after the unprivileged process was spawned, then it means that there may be a way for someone to escape their cgroup through some systemd weirdness...04:30
stgraberhmm, so you suspect the cgroup becomes empty briefly and gets destroyed by systemd or something like that?04:31
pittistgraber: well, that can't "just happen", can it? once lightdm-session-child is in e. g. memory:/user.slice/user-1000.slice, it shouldn't "just" go away04:31
stgraberyou could try to unset the release_agent for all the cgroups and see if things then look reasonable, if so, then it'd indicate that the cgroup somehow got empty and triggered the release_agent (systemd's hook)04:32
pittiat least that initial lightdm process is still running after all04:32
stgraberyeah, it shouldn't be possible04:32
pittistgraber: ah, good idea04:32
pittistgraber: I thought I already disabled the release agent by commenting out the trimming, but I might have missed something04:32
pittistgraber: anyway, I keep digging, just an intermediate status report04:32
=== Yufei_ is now known as Yufei
pittithe "systemd" controller is alright, so I guess there's some hidden cleanup or other thing which I'm missing04:33
seb128bdmurray, hey, we are supposed to have reports of unity-settings-daemon in vivid today (several users hitting a segfault with yesterday's update), any idea why that doesn't register on e.u.c?07:16
dholbachgood morning07:35
mvopitti: hey, good morning! do you happen to know what "[Install]\nWantedBy=.target" I need to put in a systemd unit file if I want to ensure its started after the sysv scripts got run?08:24
pittimvo: in meeting, brb08:24
mvopitti: no problem, it seems like "Reqires=runlevel2.target" is sufficient, but I double check now08:28
mvopitti: hm, no "After=" it seems, but lets talk when you have time :)08:31
didrocksmvo: we don't run runlevel targets in ubuntu IIRC08:32
didrocksmvo: maybe I can give you some hand, do you strictly want it to be started after all sysv scripts ran?08:33
mvodidrocks: well, strictly after apparmor which is currently a sysv init script is run08:34
mvodidrocks: its run early in rcS so maybe its already good, but I would prefer to be explicit about it and don't take any chances08:34
didrocksmvo: yeah, better to be explicit, you are raising an interesting question actually, I wonder if you can depend on generated units08:35
didrocksmvo: let me have a try08:35
mvota08:35
didrocksmvo: FYI, you are looking for sysinit.target, but let's see if you can depend explicitly on apparmor08:36
didrocksmvo: sorry, I meant multi-user.target08:36
didrocksnice, that works ;)08:39
mvodidrocks: so I add "After=multi-user.target"?08:40
didrocksmvo: so, you need multiple things, your service can't be socket-activated or have a hook started by apparmor?08:40
mvodidrocks: not socket activated, not problably no hook either, this is pretty generic08:41
didrocksmvo: tell me if I got you right:08:41
didrocks- it can only starts if apparmor started08:41
didrocks- it should go down if apparmor stops08:42
mvodidrocks: yes08:42
didrocksand it can't be started in parallel with apparmor?08:42
mvodidrocks: no, strictly after08:42
didrocksah, can be started in // then?08:42
mvowhat is "//" ?08:42
didrocksparallel :)08:43
mvoheh :)08:43
mvowell, it needs to run when apparmor is ready, not before, it needs to use the apparmor confinement08:43
didrocksok08:43
didrocksmvo: so you need that: http://paste.ubuntu.com/9280190/08:43
mvodidrocks: cool, this works? very nice08:44
didrocksmvo: yeah ;)08:44
mvodidrocks: thanks a lot08:44
didrocksyw :)08:44
didrocksfor reference:08:44
didrocksAfter -> ensure it's running only after service A (can't be started before)08:44
didrocksRequires -> if A requires B, stopping B will stop A (stronger than wants), starting A will start B, but they will both starts in parallel08:45
didrocks(hence the After)08:45
didrocksbut nothing asks your service to starts08:45
didrocksso WantedBy=multi-user.target08:45
didrocksthen you systemctl enable <your-service>08:45
didrocks(after a systemctl daemon-reload if you just changed your .service file)08:46
mvocool08:46
mvothanks again08:46
didrocksyw08:46
didrocksspeaking of which… /me looks at making a apparmor real unit then08:47
tkamppetermvo, hi08:48
mvohi tkamppeter08:49
tkamppetermvo, I have seen you have sometimes uploaded aptdaemon, can you help me with some problem with it?08:49
mvotkamppeter: maybe, unfortunately I'm super busy but I can have a look08:49
tkamppetermvo, I have forwarded an e-mail to you now.08:50
tkamppetermvo, I want to add a package repo with a given source.list line ("deb ....") which works on trusty but fails on Utopic+.08:51
mvook08:52
mvotkamppeter: I will reply to the mail, ok?08:52
tkamppeterOK.08:53
pittimvo: right, WantedBy= is just which target pulls it in; ordering is Before=/After=, so I think I'd just use After=multi-user.target08:57
mvopitti: yeah, thanks08:57
pittimvo: yeah, better avoid "runlevel2" or such, it's a legacy notion08:58
=== zsombi_ is now known as zsombi
* hyperair wonders if anyone else has unity-settings-daemon taking up ~1GB of memory09:06
=== LeonBo is now known as LBo
apwhyperair, you have one which works, you are pretty lucky09:25
hyperairapw: eh?09:25
apwhyperair, mine is exploding every 20s and making my screen jump09:25
hyperairurgh09:25
hyperairthat sounds terrible09:25
apwi am starting to feel a bit sick yes09:25
hyperairdo you have any idea what's wrong?09:26
ckinghyperair, https://launchpadlibrarian.net/191396414/upstart.unity-settings-daemon.log.txt09:28
apwhyperair, Laney seems to be on the case09:28
hyperairah, i see.09:28
hyperairlooks upower related09:29
apwwell i am interpreting his "everyone is telling me" to mean that09:29
pittiapw: just downgrade to the previous version09:29
* pitti did that this morning09:29
apwpitti, yeah will do, when i can get a copy, but i want to know how something which dumps with SIGABRT got past CI09:30
pittiwe have no CI for u-s-d09:30
seb128apw, Laney tested on a desktop and the issue seems to happen only if you have a battery09:31
apwseb128, yeah but we have CI which tests on real things ... right09:31
pittiapw: only for touch :)09:31
ckinglike most users are on battery powered devices nowadays ;-)09:32
apwseb128, and can i just say ... we tested a power related change on something which doesn't have power related things in it .. erm09:32
apwpitti, well that is a fail and no mistake09:32
ogra_and on touch only after the fact ...09:32
ogra_(once an app is in the image)09:32
pittiapw: oh for sure, I'm just saying that we don't have automatic tests for that09:32
seb128apw, the power plugin doesn't only do that, it handles screen blanking, suspend, etc09:33
ckingand i thought we were coverity scanning this code - I guess that's not happening now to catch this kind of bugs09:33
Laneyyeah great Laney is a failure, good work09:34
apwLaney, Laney isn't a fail, the automated testing which approved the change is a fail09:34
apwi am sure we make more than our fair share of errors in the kernel09:34
ckingi sure make enough coding errors, that's why I shove all my code through static analysers like cppcheck etc09:35
=== vrruiz_ is now known as rvr
didrockspitti: I'm looking at xdiagnose upstart job, what do you think for systemd to have graphical.target Requires a dm instead of wants, creating a graphical-failsafe.target and OnFailure=graphical-failsafe.target?11:10
didrocks(xdiagnose only worked with lightdm and gdm btw in the upstart job)11:13
jamespage@pilot in11:25
=== udevbot changed the topic of #ubuntu-devel to: Archive: open | Devel of Ubuntu (not support or app devel) | build failures -> http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of lucid -> utopic | #ubuntu-app-devel for app development on Ubuntu http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots: jamespage
didrockspitti: hum, it seems that xfailsafe is already not working with upstart anyway…11:32
didrocks(if you installed another dm in addition to the "failing one")11:32
pittididrocks: you're unstoppable :)11:33
pittididrocks: i. e. this only runs if lightdm actually fails to load, not if it succeeds and shows garbage, ok11:33
pittididrocks: ah, so you want to bind this on failure of graphical.target?11:33
pittididrocks: yeah, not sure why it's just a wants; presumably to avoid degraded mode if you uninstall or disable all WMs11:33
pittierr, DMs11:33
pittididrocks: got disconnected, replaying11:33
pittididrocks: you're unstoppable :)11:34
pittididrocks: i. e. this only runs if lightdm actually fails to load, not if it succeeds and shows garbage, ok11:34
pittididrocks: ah, so you want to bind this on failure of graphical.target?11:34
pittididrocks: yeah, not sure why it's just a wants; presumably to avoid degraded mode if you uninstall or disable all WMs11:34
pittierr, DMs11:34
pittididrocks: so why can't we bind that directly to display-manager.service instead of graphical.target (which might have other and unrelated things included)?11:34
didrockspitti: I'm unsure about the wants= only as well. (and yes, it's actually if the DM exit != 0)11:34
didrockspitti: hum, you mean, dynamically removing display-manager.service symlinks and retarget it?11:35
pittididrocks: no, I mean start up failsafe if display-manager.service fails, not graphical.target11:35
didrocksI wonder if we have a case nowdays of graphical.target without dm (knowing that lightdm can run now without a greeter)11:36
didrockspitti: it means we need to replace the Alias by an unit copy11:36
didrocksor have all DMs having OnFailure=11:36
didrockswhich was my other option :)11:36
pittididrocks: ah, we can't put alias names into dependencies?11:37
didrocksI just wonder if graphical.target succeeding without a DM makes sense11:37
pittididrocks: is there a "reverse" OnFailure?11:37
didrockspitti: hum, it's the other way around, right?11:37
didrocksI don't think so, let me check11:37
didrockspitti: not in the man, at least11:37
pittididrocks: and I meant that an admin might hook other things into graphical.target which may fail, but then we don't want the DM fallback11:38
didrocksyou think other Requires=, not Wants, right?11:38
didrocksyeah, maybe there can be a case for this, seems quite unlikely though11:39
=== _salem is now known as salem_
didrockswaow, if we succeed being back from failsafe, it's running gdm (unconditionally)11:41
didrocksI wonder how much this xdiagnose is broken anyway and if we shouldn't just purge it until we have Mir supporting that11:41
didrocksmlankhorst: you touched it last, so maybe you have an opinion as well? ^11:44
pittididrocks: yes11:47
pittididrocks: but as this is a fallback for a DM, I think we should hook it into DM11:47
pittididrocks: anyway, if Requires= makes things easier, we can also start with that11:47
pittididrocks: you are thinking of adding OnFailure= to graphical.target?11:47
didrockspitti: exactly, and create either an unit or a graphical-fallback target11:47
didrocks+ fix the script to be systemd and all dms more friendly11:48
mlankhorstdidrocks: not really, just don't break it :P11:50
didrocksmlankhorst: well, TBH, it's already broken if you don't have gdm installed :)11:51
didrocksbut nothing unfixable11:52
=== doko_ is now known as doko
=== MacSlow is now known as MacSlow|lunch
=== dholbach_ is now known as dholbac
=== dholbac is now known as dholbach
=== MacSlow|lunch is now known as MacSlow
=== tdc_ is now known as tdc
jamespage@pilot out14:44
=== udevbot changed the topic of #ubuntu-devel to: Archive: open | Devel of Ubuntu (not support or app devel) | build failures -> http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of lucid -> utopic | #ubuntu-app-devel for app development on Ubuntu http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots:
jamespagea somewhat disrupted piloting session I'm afraid...14:45
=== roadmr is now known as roadmr_afk
mdeslaurinfinity: so I'm looking at fixing CVE-2012-6656, CVE-2014-6040 and CVE-2014-7817...do you have a glibc update planned for vivid soon for CVE-2014-7817?15:36
ubottu** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656)15:36
ubottu** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040)15:36
ubottu** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817)15:36
mdeslaurubottu: !pastebin15:36
ubottuFor posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.15:36
mdeslaurubottu: I'm talking to you, stupid bot15:37
ubottumdeslaur: I am only a bot, please don't think I'm intelligent :)15:37
infinitymdeslaur: I'm not so good with CVEs without context.  Expand on that in #security for me?15:38
mdeslaurinfinity: do you plan a vivid upload with the wordexp fix?15:39
infinitymdeslaur: Yeahp.15:39
mdeslaurinfinity: cool, thanks15:39
infinitymdeslaur: I'll pull and test Carlos's final commit either today or over the weekend.15:40
mdeslaurinfinity: that would be a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c ?15:40
infinitymdeslaur: 33ceaf6187b31ea15284ac65131749e1cb68d2ae on the 2.20 branch.  Let me verify you're right on trunk. :15:42
mdeslauryeah, that's the same15:42
infinityLooks like.15:42
mdeslaurok, just wanted to make sure, thanks15:42
infinitymdeslaur: CVE-2014-6040 has a patch in the Debian/sid source you can snag.15:43
ubottu** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040)15:43
infinitymdeslaur: It's not in vivid because the 2.19 branch update supersedes it.15:43
mdeslauryeah, I already snagged it15:43
=== roadmr_afk is now known as roadmr
infinityI really should see if we have any CVE backports locall and commit them to the upstream branch.15:47
infinityWeekend "fun" I guess.15:47
ricotzpitti, yeah, systemd 217 :)15:50
ricotzpitti, is there a reason why you didnt pick up the stable-patch queue?15:51
tkamppeterpitti, could you help me with aptdaemon?16:15
infinitytkamppeter: You probably want mvo, not pitti.16:18
tkamppeterinfinity, I asked mvo already, but it seems that he is too busy and so I tried also pitti, as he also did some uploads of aptdaemon.16:19
infinityAhh. :)16:20
tkamppeterinfinity, do you know about glatzor? He seems to be the original author.16:20
infinitytkamppeter: https://launchpad.net/~glatzor/+karma implies he hasn't been around much since June.16:22
tkamppeterinfinity, thanks, so he has perhaps quit free software development.16:29
tkamppeterinfinity, pitti, mvo, bug 139737416:31
ubottubug 1397374 in aptdaemon (Ubuntu) "Adding repository via PackageKit D-Bus interface does not work" [High,New] https://launchpad.net/bugs/139737416:31
shadeslayermvo: poke16:47
shadeslayermvo: who should I talk to if I have questions about /run and systemd and the init process16:48
balloonsping mvo17:14
=== ddd is now known as Guest88731
Guest88731catbus1: ping18:56
mvoballoons: pong20:45
=== roadmr is now known as roadmr_afk
=== salem_ is now known as _salem
=== roadmr_afk is now known as roadmr

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!