/srv/irclogs.ubuntu.com/2015/08/17/#snappy.txt

=== shuduo is now known as shuduo_afk
=== chihchun_afk is now known as chihchun
dholbach	good morning	07:16
=== carlo_ is now known as Guest69055
=== Guest69055 is now known as clobrano
=== zyga-afk is now known as zyga
=== _morphis is now known as morphis
=== shuduo_afk is now known as shuduo
longsleep	moin folks, first question of the wekk, can i somehow make a /var/log location available for a service in a snap?	08:30
ogra_	not under confinement i think	08:34
ogra_	stdout is logged to syslog though	08:35
ogra_	(or to joornald if you prefer that)	08:35
ogra_	*journald	08:35
longsleep	ogra_: well i have a daemon which opens /var/log/blah.log and logs there until it reads its config to change the location .. kind of sucks and i was wondering if i can get around to recompile it	08:44
ogra_	well, i assume somethin similar to /tmp might be possible here	08:48
longsleep	ogra_: yeah - thats what i was thinking	08:50
ogra_	kickinz1, whats up woth owncloud ? seems it doesnt work at all anymore since the docker update	09:39
kickinz1	ogra_, I started looking at it seems like it doesn't get SNAP_APP_DATA_PATH env. I need to recontruct it.	09:40
ogra_	well, as long as it is known :)	09:41
kickinz1	ogra_, I plan to upload it soon to the store (ran out of time last week to work on it)	09:43
ogra_	yeah, i didnt mean to be pushy or anything ... just noticed it on the weekend	09:43
longsleep	ogra_: just checked the code for ubuntu-core-launcher, there is no way to setup additional bind mounts for snaps. So seems like i have to recompile the service :/	10:12
ogra_	longsleep, well, there is code that handles /tmp somewhere ... the same code could be used for log handling	10:15
ogra_	(not by you ... )	10:15
ogra_	(transparently provided to you rather ... like /tmp is)	10:15
longsleep	ogra_: yes but this would need a change in ubuntu-core-launcher - too complicated i guess	10:17
longsleep	ogra_: code for tmp is here http://bazaar.launchpad.net/~snappy-dev/ubuntu-core-launcher/trunk/view/head:/src/main.c	10:17
ogra_	Chipaca, ^^^ ?	10:17
Chipaca	longsleep: "additional bind mounts for snaps"?	10:40
Chipaca	i'm probably missing context here	10:40
Chipaca	also i probably caught you in your lunch break :)	10:45
Chipaca	ah	10:45
Chipaca	longsleep: yeah, no, no way. either recompile, or wrap it with a preloader that changes open of things in /var/log to somewhere else	10:46
Chipaca	there's no way to tell it to use something else?	10:46
ogra_	Chipaca, well, on the phone we have per-app upstart los from ubuntu-app-launch ... i'm wondering if the same wouoldnt make sense on snappy	10:48
ogra_	*logs	10:48
Chipaca	ogra_: the per-app upstart logs are just logging stdout/err to a predetermined file, amirite?	10:48
Chipaca	ogra_: it's not that it allows you to write to /var/log/blah.log	10:48
ogra_	yeah	10:48
Chipaca	i think we might be able to tell journald to write the per-app journal to a file	10:50
Chipaca	but i'm not sure we want to	10:50
Chipaca	of anything, we might want to expose that to app devs	10:50
Chipaca	ie not make it the default	10:50
ogra_	hmm, yeah	10:51
Chipaca	s/of/if/ fwiw	10:51
Chipaca	still no new snappy :'(	11:35
=== vsuojane1 is now known as vsuojanen
lool	longsleep: I tried to pass the things you mentioned around RPi2 and other issues to Paolo, but it's not great on IRC; would you mind opening a bug describing the rpi2 smc issue? it seemed like something we could address in the kernel once and for all	11:45
lool	longsleep: the other things... these seemed like workload specific and we just need a facility to set them	11:45
=== om26er_ is now known as om26er
ogra_	lool, not sure what makes you think longsleep had the smsc issue :) we dont have a pckage for the RPi kernel or any way to track the bugs for it ... but paolo is aware of the issue and will work on it	12:17
lool	ogra_: I know the smc affects everyone, it's just that longsleep brought it up; I wasn't aware of it before that and wanted to pass it cleanly to paolo	12:18
ogra_	the smsc issue only affects people that have it	12:18
ogra_	and it was me who brought it up	12:19
lool	ogra_: how do you mean only affects people that have it?	12:19
lool	ogra_: so it's for an additional ethernet adapter, not the main one?	12:19
ogra_	and as i told you on friday there is no "suits all" solution	12:19
ogra_	smsc is a USB NIC	12:20
ogra_	only devices that use it will be affected by the turobo mode bug	12:20
lool	ogra_: I see	12:20
lool	ogra_: so what's the compromise here?	12:20
ogra_	and you have two ways to work around it ... either by switching off turbo mode or by bumping the vm_min size up	12:21
ogra_	for the RPi kernel we can easily do the latter so people dont see decreased performance ...	12:21
ogra_	if you would want to do this in -generic i wouldnt just bump the min addr	12:21
ogra_	since it might have other effects and the NIC is only used in sepcific boards	12:22
ogra_	(not in the BBB for example, which has a real NIC, nothing USB attached)	12:22
longsleep	lool: yeah rpi2 is more for ogra_	12:24
longsleep	lool: my issue was more a general one to inject kernel parameters (sysctl, proc stuff, ...) as early as possible without having to change initrd or other hacks	12:25
lool	longsleep: ack	12:25
longsleep	lool: if you want me to add a whishlist issue for that i can certainly do that	12:26
lool	longsleep: yeah, I don't think we have anything tracking this ATM	12:26
lool	it's all on our minds, but amongst a gazillion other issues	12:26
lool	ogra_: I don't feel I understand why it can't be fixed properly upstream; if it can't I guess we want to document how folks would do this on top of snappy and move on	12:27
lool	ogra_: is there an upstream pointer somewhere about this? you might have provided this on friday, but I can't find it right now	12:27
ogra_	GRMBL ...	12:29
longsleep	Chipaca: just saw you replies - yeah its compiled with a static path to /var/log and stuff is logged there until the config file is loaded - i guess i could hack some preloader	12:30
longsleep	Chipaca: but a general approach to add more bind mounts within snaps would be nice to have	12:30
lool	ogra_: https://www.raspberrypi.org/forums/viewtopic.php?f=28&t=5898&hilit=ethernet%2bhot&start=50 seems to have the most complete report of the smsc issue	12:34
ogra_	lool, we have like 6 bugs open for that in LP since 2009 :)	12:34
lool	ogra_: with this linaro bug describing a workaround in linaro ubuntu images https://bugs.launchpad.net/linux-linaro/+bug/664477	12:34
ubottu	Launchpad bug 664477 in Linaro Linux "System hangs due to cascade of smsc95xx errors " [Medium,Fix released]	12:34
lool	from 2011	12:34
ogra_	yeah, there are older ones too :)	12:34
* ogra_ researched all that last week before bringing it up here		12:35
ogra_	(and discussiong it with ppisati)	12:35
ogra_	for the Pi kernel we will just bump the value	12:35
ogra_	but there is no generic way of fixing it	12:35
longsleep	ogra_: the fix is to disable turbo mode?	12:36
lool	you can bump the vm.min_size too	12:36
ogra_	longsleep, well, that costs yoiu performance	12:36
longsleep	ogra_: yeah thats why i asked	12:37
longsleep	ogra_: what parameters are you actually adding now?	12:37
ogra_	right, we will bump the default of vm.min_size of the RPi kernel	12:37
lool	if I understand correctly, the speed at which frames come in overflows the memory the kernel can allocate from driver context	12:37
ogra_	which is 8192 or some such currently	12:37
longsleep	ah	12:37
lool	it would seem to me the kernel config at least, or the runtime should detect this combination of options and bump the vm.min_size	12:38
lool	but in any case, we should tune our config system to set it everywhere	12:38
ogra_	well, on devices where we have that HW and have a dedicated kernel it is easy to just change the kernel default	12:38
lool	ogra_: it's USB though, so you could plug it into anything	12:38
ogra_	yeah	12:39
ogra_	i wonder if it makes sense toi generally set the vm.min_size to 16k or 32 ...	12:39
ogra_	i'm not sure what impact that has	12:39
ogra_	(on devices that wouldnt necessarily need it)	12:40
lool	ogra_: I believe Kconfig can set a value as a recommended default; we could probably upstream a patch to do this	12:40
ogra_	i know in the past we fixed it in userspace by shipping a sysctl.d snippet by default for all arm builds	12:40
lool	yup	12:40
ogra_	grrr ... why dont we have parted on snappy :P	12:40
lool	ogra_: cause you haven't snap-ed it :-)	12:41
* ogra_ wrangles with partition resizing for /writable ...		12:41
ogra_	would be helpful if i could test on the actual install :)	12:41
ogra_	lool, i havent snap'ed it because nobody did rebuild the archive for static.archive.ubuntu.com yet :P	12:42
ogra_	(would be awesome if we could just do that :) )	12:42
lool	it's not clear whether we want static binaries of everything	12:42
lool	consider the case where you have like 50 binaries in your snap using the same libs	12:42
ogra_	no, indeed, but it makes "quickly snappin somethin" so much easier :)	12:43
lool	ogra_: you tried snapcraft?	12:43
lool	it's pretty good at this too	12:43
ogra_	(and my kbd still needs a new g key ...)	12:43
lool	snappin'	12:43
ogra_	yeah :)	12:43
lool	somethin'	12:43
ogra_	i should add some autocorrection to xchat to replace g with '	12:44
ogra_	it works if i hit it very hard ... just not while typing it in a normal way	12:44
* ogra_ knew it was a mistake to buy a logitech kbd when he bought it		12:45
ogra_	shiny technology ... krappy mechanics	12:45
kyrofa_	ogra_, it was made for angry people	13:02
ogra_	haha	13:02
kyrofa_	ogra_, you're just too laid back	13:02
=== om26er_ is now known as om26er
=== lp\|conference is now known as lazyPower
longsleep	one of my services seems to get killed by systemd - main process exited, code=killed, status=31/SYS - any ideas?	13:57
ogra_	well, there is surely more :)	13:58
ogra_	(in some log)	13:58
longsleep	no	13:58
longsleep	i cannot find any more information	13:58
longsleep	the service does log on stderr	13:59
longsleep	it has networking and netowrk-service caps	13:59
longsleep	Main PID: 1329 (code=killed, signal=SYS)	14:00
longsleep	mhm	14:00
=== charles_ is now known as chalres
=== chalres is now known as charles
=== kyrofa_ is now known as kyrofa
longsleep	mhm	14:26
longsleep	mkdir("/tmp/body", 0700) = 0	14:26
longsleep	stat64("/tmp/body", {st_mode=S_IFDIR\|0700, st_size=40, ...}) = 0	14:26
longsleep	+++ killed by SIGSYS +++	14:26
longsleep	Chipaca: ^^^ any idea?	14:26
ogra_	where is that mkdir ?	14:26
ogra_	inside your daemon ?	14:27
longsleep	in my confined service	14:27
longsleep	yes	14:27
Chipaca	longsleep: um, ouch?	14:29
Chipaca	longsleep: anything in syslog?	14:29
longsleep	Chipaca: nope :/	14:30
longsleep	rate limiting is off	14:30
* longsleep is trying to confine nginx		14:30
longsleep	well, it fails for /tmp too	14:31
longsleep	mkdir("/tmp", 0700) = -1 EEXIST (File exists)	14:31
longsleep	stat64("/tmp", {st_mode=S_IFDIR\|S_ISVTX\|0777, st_size=40, ...}) = 0	14:31
longsleep	+++ killed by SIGSYS +++	14:31
longsleep	so i think it is the stat64?	14:31
Chipaca	longsleep: what does it do after the stat64?	14:31
Chipaca	jdstrand: tyhicks: you around?	14:31
longsleep	i did not look into the code - hold on	14:32
=== chihchun is now known as chihchun_afk
ogra_	hmpf ... i thinnk i shouldnt pull parted into the initrd ...	14:35
ogra_	not sure we want libreadline in there	14:36
ogra_	(and ncurses through that )	14:37
longsleep	ogra_: sfdisk should be good enougth?	14:38
ogra_	well, we used to use that in the past for the same purpose ... i'd prefer parted since thats what we use everywhere else though	14:38
ogra_	(installer etc)	14:38
ogra_	but yeah, iirc that was actually the reason why we picked sfdisk back then too	14:40
=== chihchun_afk is now known as chihchun
jdstrand	Chipaca: I am, Tyler is not	14:43
Chipaca	longsleep: is the SIGSYS in a service, or in commandline?	14:44
longsleep	Chipaca: no idea what comes next :/ body folder is created fine and then bam	14:44
longsleep	Chipaca: service	14:44
Chipaca	jdstrand: these lackeys always slacking off, huh	14:44
jdstrand	heh	14:44
jdstrand	he is on holiday today, back tomorrow :)	14:44
Chipaca	jdstrand: would a SIGSYS be seccomp doing something?	14:46
Chipaca	or is it unrelated to that?	14:46
jdstrand	seccomp should send SIGKILL	14:46
jdstrand	and you would see a log entry	14:47
Chipaca	yah	14:47
Chipaca	longsleep: SIGSYS usually means "bad system call"	14:47
ogra_	longsleep, are you sure its not an amd64 binary ?	14:47
ogra_	:)	14:47
longsleep	ogra_: yes it runs fine when unconfined or run directly	14:48
Chipaca	ooh	14:48
Chipaca	longsleep: strace that :)	14:48
longsleep	Chipaca: output is from strace :)	14:48
Chipaca	longsleep: strace -f -s 999 -o /tmp/trace yoursvchere	14:48
Chipaca	longsleep: i mean unconfined	14:48
longsleep	ah	14:48
longsleep	ok	14:48
longsleep	good idea	14:48
Chipaca	longsleep: then we see what comes next \o/	14:48
longsleep	is there a quick way to unconfine a installed snap?	14:51
Chipaca	longsleep: edit the call to ubuntu-core-launcher and plug unconfined instead of the second parameter? never tried it though :)	14:52
Chipaca	longsleep: that'd mean editing /etc/systemd/system/something.service	14:52
Chipaca	longsleep: or you could just remove the call to the launcher entirely :)	14:53
longsleep	ok next comes chown32("/tmp/body", 65534, -1) = 0	14:53
longsleep	guess that is the problem	14:53
longsleep	so .. no change owner?	14:54
longsleep	at least not to nobody i guess	14:54
Chipaca	longsleep: that's interesting	14:55
Chipaca	jdstrand: would you expect that?	14:55
Chipaca	jdstrand: it's clearly something in our confining apparatus doing it, but i don't understand what/how	14:55
jdstrand	we don't allow chown because there is no reliable uid to chown to	14:56
jdstrand	but, this is unconfied, no? nothing should be blocking it	14:56
longsleep	i want to run it confined	14:56
longsleep	(this is a web server, so it really should be)	14:56
Chipaca	jdstrand: we found out it was chown running it unconfined	14:56
jdstrand	also, we are using SCMP_ACT_KILL in the launcher so a sigsys won't be sent	14:56
Chipaca	jdstrand: running it confined we get sigsys, and nothing in the logs	14:56
Chipaca	hence a puzzled chipaca	14:57
Chipaca	i say we, but it's all longsleep all the time :)	14:57
longsleep	yeah but what you say is how it is	14:57
jdstrand	seccomp can send sigsys, but only if seccomp_init is given SCMP_ACT_TRAP	14:57
Chipaca	which makes me think maybe i should do a test case and see if i can reproduce it	14:57
longsleep	Chipaca: well, this is nginx startup	14:58
jdstrand	systemd can also send sigsys if a syscall filter is setup through systemd	14:58
Chipaca	ooooh	14:58
Chipaca	jdstrand: that might be it then?	14:59
jdstrand	are we setting that up now? it has to be something specific in the service file	14:59
Chipaca	jdstrand: not unless we're doing it unawares	14:59
Chipaca	or it's the default or something	14:59
jdstrand	it should not be the default	15:00
jdstrand	everything would break	15:00
jdstrand	http://www.freedesktop.org/software/systemd/man/systemd.exec.html	15:00
jdstrand	SystemCallFilter=	15:00
longsleep	i do not see anything in the service file	15:01
longsleep	http://paste.ubuntu.com/12108429/	15:01
jdstrand	plus it would be redundant with the launcher syscll filtering	15:01
Chipaca	ok, meeting now	15:02
Chipaca	after meeting will reproduce with small case	15:02
Chipaca	then pester you again jdstrand ;)	15:02
longsleep	well what i see is that chown seems to trigger sigsys	15:02
longsleep	all right - thanks guys!	15:02
jdstrand	chown should trigger sigkill	15:02
jdstrand	and there should be a log entry	15:03
jdstrand	but I didn't think you got all the way to chown before	15:03
jdstrand	I thought the sigsys came before that and you only saw chown when you went unconfined	15:03
longsleep	jdstrand: well strace says +++ killed by SIGSYS +++	15:03
longsleep	yes	15:03
longsleep	jdstrand: here are the two strace parts http://paste.ubuntu.com/12108465/	15:05
longsleep	so i concluded the chown is the reason for the kill	15:06
jdstrand	longsleep: according to man 7 signal, SIGSYS is sent when a bad argument is used. are you specifying a uid to chown that doesn't exist?	15:07
longsleep	jdstrand: that could be it	15:07
longsleep	jdstrand: what uid should i actually use?	15:07
jdstrand	well, as mentioned, you shouldn't use chown at all	15:08
longsleep	jdstrand: but the uid 65534 is nobody and it does exist	15:08
jdstrand	if you picked one that existed, then seccomp would kill you	15:08
longsleep	jdstrand: well it is done by Nginx - i do not have much a say in the matter	15:08
longsleep	jdstrand: so you say when i chown to an existing uid then seccomp will kill the process?	15:09
jdstrand	yes	15:09
longsleep	thats it then	15:09
jdstrand	except I don't think it is	15:09
jdstrand	because you are seeing the wrong signal	15:09
jdstrand	but really, it doesn't matter, cause if you fixed whatever this problem is, seccomp would block you	15:10
longsleep	ok - but it is calling chown with a uid which does exist	15:10
jdstrand	the reason why we don't allow it at the moment is because the launcher doesn't support syscall argument filtering and because there is no reliable uid to chown to (in general)	15:11
jdstrand	so, patch out the chown or otherwise tell nginx to run as root	15:11
longsleep	jdstrand: nginx will not run as root, if you run it as root it will setuid to nobody	15:12
longsleep	and i was trying to avoid patches :/	15:12
jdstrand	it sounds like that behavior needs to be modified	15:12
jdstrand	fyi, syscall arg filtering is being tracked in bug #1446748	15:13
nothal	Bug #1446748: implement seccomp filtering by argument <ubuntu-core-launcher (Ubuntu):Triaged> <ubuntu-core-security (Ubuntu):Triaged> <http://launchpad.net/bugs/1446748>	15:13
ubottu	bug 1446748 in ubuntu-core-security (Ubuntu) "implement seccomp filtering by argument" [Wishlist,Triaged] https://launchpad.net/bugs/1446748	15:13
jdstrand	but that wouldn't be enough for your case-- you also need a non-root uid to start as	15:13
jdstrand	which is another unimplemented feature in snappy	15:13
jdstrand	from the seccomp security policy:	15:14
jdstrand	# snappy doesn't currently support per-app UID/GIDs so don't allow chown. To	15:14
jdstrand	# properly support chown, we need to have syscall arg filtering (LP: #1446748)	15:14
jdstrand	# and per-app UID/GIDs.	15:14
ubottu	Launchpad bug 1446748 in ubuntu-core-security (Ubuntu) "implement seccomp filtering by argument" [Wishlist,Triaged] https://launchpad.net/bugs/1446748	15:14
longsleep	jdstrand: all right, so if understand this correctly, i would need both to run nginx unconfined	15:15
longsleep	err confined	15:15
longsleep	because nginx does fail with chown, and then will try to change the uid as it is run as root	15:16
longsleep	jdstrand: so the much bigger problem is that there is no way to start a snap service with a uid other than root right?	15:17
jdstrand	it is a missing feature	15:18
longsleep	jdstrand: ah the trick was simple after i understood this: user root root;	15:20
longsleep	then it will not chown and not setuid/gid	15:20
longsleep	jdstrand: thans for explaining!	15:20
longsleep	+k	15:20
jdstrand	ok, glad that worked. still puzzled why you were sent a sigsys	15:21
longsleep	jdstrand: well yeah - no i get the next sigsys .. seems like the worker processes get killed of	15:23
longsleep	f	15:23
=== chihchun is now known as chihchun_afk
Chipaca	jdstrand: confirmed that i get SIGSYS not SIGKILL when running something that does chown	15:37
Chipaca	jdstrand: but, i do get something in the log	15:38
Chipaca	[Mon Aug 17 15:36:52 2015] audit: type=1326 audit(1439825813.354:13): auid=1000 uid=1000 gid=1000 ses=1 pid=994 comm="q" exe="/apps/hello-world.canonical/1.0.18/bin/q" sig=31 arch=c000003e syscall=92 compat=0 ip=0x7f65d470c4d7 code=0x0	15:38
longsleep	Chipaca: can the audit log crash, the last audit stuff i see is from ths morning :/	15:39
Chipaca	longsleep: what do you get if you say "sudo sc-logresolve"?	15:39
longsleep	Chipaca: nothing - no output	15:39
Chipaca	ah well	15:39
Chipaca	longsleep: i haven't known it to, but i tend to fire a kvm up, test stuff, and shut it down again	15:40
Chipaca	my bbb hasn't ever crashed in that way that i know of though	15:40
Chipaca	also i don't think it's "a thing" that can crash	15:40
longsleep	Chipaca: let me try to reboot, i have the next sigsys kill - means i can only run nginx without a master process which is not suitable for production	15:41
Chipaca	you'd lose all logs, not just the audit ones	15:41
longsleep	right	15:41
longsleep	rebooting now	15:41
longsleep	Chipaca: no audit logs for me but plenty of worker process 6715 exited on signal 31	15:43
longsleep	:(	15:43
Chipaca	it might because i'm not doing this as a service	15:44
Chipaca	that's next	15:44
Chipaca	man, i need tab completion on 'snappy install'	15:45
davmor2	Chipaca: alias si	15:46
Chipaca	longsleep: so, as a service, SIGSYS, with log entry	15:55
Chipaca	e.g. Aug 17 15:51:10 localhost kernel: [ 945.918847] audit: type=1326 audit(1439826670.799:20): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=1120 comm="q" exe="/apps/xkcd-webserver.canonical/0.5/bin/q" sig=31 arch=c000003e syscall=92(chown) compat=0 ip=0x7f8da417a4d7 code=0x0	15:55
Chipaca	(as output from sc-logresolve)	15:55
longsleep	Chipaca: mhm ok then - so any ideas why it could not log that for me?	15:59
Chipaca	longsleep: well, two ideas	15:59
Chipaca	longsleep: my environ is not your environ -- i'm trying on a kvm with wily rolling and you're on 15.04	15:59
longsleep	Chipaca: yes and on armhf	15:59
Chipaca	longsleep: and, your thing is doing a whole lot more than mine is	15:59
Chipaca	longsleep: want to try running my thing on your thing?	16:00
Chipaca	longsleep: otherwise i could try running my thing in your thing :)	16:00
longsleep	Chipaca: sure - do you have an armhf snap?	16:00
Chipaca	longsleep: no, i just compiled it and copied it over	16:00
Chipaca	longsleep: but i'll make one for you	16:01
Chipaca	give me a bit though :)	16:01
longsleep	Chipaca: you can try my snap if you have an armhf environment	16:01
Chipaca	longsleep: i've got a bbb, but i'd have to reflash it to know where it stands (i usually break them! because, um, i just compile stuff and copy them over ;) )	16:02
longsleep	Chipaca: btw, i see the audit logs when i install or remove snaps	16:03
longsleep	Chipaca: i meanm the profile status lines	16:04
Chipaca	longsleep: curiouser and curiouser	16:07
longsleep	Chipaca: just sent you the URL as pm, that triggers signal 31 kills constantly	16:11
Chipaca	longsleep: http://people.canonical.com/~john/min_0_armhf.snap	16:11
longsleep	Chipaca: (as the worker process is killed)	16:11
jdstrand	so, after looking at the kernel documentation (as opposed to the man page), it does look like the exit status of the task will be SIGSYS in we are setup for kill	16:11
Chipaca	jdstrand: \o/	16:12
Chipaca	jdstrand: so the only question remaining is why longsleep isn't seeing it in the logs	16:12
Chipaca	longsleep: that snap is untested ;) but it should give you a binary and a service	16:12
jdstrand	perhaps kernel rate limiting is in effect?	16:12
Chipaca	longsleep: that run the same thing	16:12
Chipaca	jdstrand: longsleep mentioned he'd disabled it i think	16:12
longsleep	jdstrand: sysctl -w kernel.printk_ratelimit=0	16:14
longsleep	i have that in effect	16:14
jdstrand	this is on armhf? I have a sneaking suspicion that there is something wrong with logging on armhf cause I have felt that sometimes messages were getting dropped when they should've been logged, but I've never been able to reproduce when I want to	16:14
longsleep	yes	16:14
longsleep	armhf yes	16:14
jdstrand	but it is just a feeling	16:15
jdstrand	perhaps if you reboot you'll see it	16:15
longsleep	i rebooted and no change	16:15
longsleep	but i see this: audit_printk_skb: 12 callbacks suppressed	16:15
jdstrand	hmm, yeah, I don't know then	16:15
longsleep	should that happen when i have the ratelimit disabled?	16:15
jdstrand	right so the sysctl value will of course be dropped on reboot	16:15
longsleep	i applied it again	16:16
longsleep	Chipaca: your service failed to start but no audit except http://paste.ubuntu.com/12109082/	16:16
longsleep	Chipaca: and no audit when running min.q	16:17
Chipaca	longsleep: :(	16:17
longsleep	so either its my system, my kernel or a general issue on armhf	16:18
jdstrand	maybe you should apply kernel.printk_ratelimit=0 to something in /etc/sysctl.d	16:18
longsleep	let me try	16:18
jdstrand	eg, /etc/sysctl.d/99-debug-ratelimit.conf or something	16:18
jdstrand	then reboot	16:18
* longsleep reboots		16:19
longsleep	jdstrand: well i might have an idea	16:21
longsleep	systemd-journald[360]: Failed to join audit multicast group. The kernel is probably too old or multicast reading is not supported. Ignoring: Operation not permitted	16:21
jdstrand	interesting	16:21
longsleep	i am on kernel 3.10	16:21
longsleep	otherwise no difference after reboot	16:22
jdstrand	is anything in dmesg?	16:22
longsleep	well	16:22
longsleep	sysctl -a\|grep printk	16:22
longsleep	kernel.printk = 4417	16:22
longsleep	kernel.printk_delay = 0	16:22
longsleep	kernel.printk_ratelimit = 5	16:22
longsleep	kernel.printk_ratelimit_burst = 10	16:22
longsleep	it did not apply what i set	16:22
longsleep	but i added the file	16:23
longsleep	mhm	16:23
longsleep	well the procps service does not seem to apply settings from /etc/sysctl.d	16:26
jdstrand	according to http://www.freedesktop.org/software/systemd/man/sysctl.d.html, systemd is supposed to do that	16:26
jdstrand	systemd-sysctl.service	16:27
jdstrand	I don't know if snappy let alone Ubuntu uses that	16:27
longsleep	yes if i do systemctl restart systemd-sysctl.service it gets applied	16:27
longsleep	not on boot though	16:27
jdstrand	interesting	16:28
jdstrand	/etc/init/procps.conf is the upstart job	16:28
jdstrand	so that won't be run	16:28
longsleep	right, still my old habits	16:28
longsleep	let me boot again	16:29
jdstrand	maybe pitti or ogra_ has insight as to how /etc/sysctl.d should be applied on boot and why systemd-sysctl.service is seemingly not being run	16:29
jdstrand	"systemd-sysctl.service is an early-boot service that configures sysctl(8) kernel parameters"	16:29
jdstrand	not sure why if you created /etc/sysctl.d/99-your-thing.conf why it wouldn't by applied	16:30
longsleep	(ODROIDC)root@odroid:~# sysctl -a\|grep "kernel.printk_ratelimit "	16:30
longsleep	kernel.printk_ratelimit = 5	16:30
jdstrand	unless there is a bug	16:30
longsleep	that is after boot	16:30
jdstrand	and what is the name of the file you created?	16:30
longsleep	systemctl restart systemd-sysctl.service	16:30
longsleep	(ODROIDC)root@odroid:~# sysctl -a\|grep "kernel.printk_ratelimit "	16:30
longsleep	kernel.printk_ratelimit = 0	16:30
longsleep	how you suggested	16:31
longsleep	cat /etc/sysctl.d/99-debug-ratelimit.conf	16:31
longsleep	kernel.printk_ratelimit = 0	16:31
jdstrand	seems there is a bug that those aren't being applied	16:31
longsleep	let me try to add it to an existing file then	16:32
jdstrand	I would be surprised if that work-- I imagine the service itself isn't being started	16:32
longsleep	ah i think that is a mount order issue	16:32
longsleep	i cannot change the other files - those are readonly	16:32
longsleep	ah not all of them	16:33
longsleep	now added it to 10-zeropage.conf	16:33
jdstrand	that would make sense	16:33
longsleep	did not work either	16:34
longsleep	so there is a bug for sure	16:34
jdstrand	can you file it against https://bugs.launchpad.net/snappy/+filebug?	16:35
longsleep	my most likely guess is that /dev/mmcblk0p4 on /etc/sysctl.d type ext4 (rw,relatime,data=ordered) is not mounted when the systemd service is run	16:35
longsleep	jdstrand: sure	16:35
jdstrand	yeah, when you suspected mount ordering, I was thinking you were probably onto something	16:36
ogra_	jdstrand, uh, i didnt even know it isnt run	16:37
ogra_	thats clearly a bu	16:37
ogra_	g	16:37
longsleep	jdstrand: bug #1485683	16:40
nothal	Bug #1485683: /etc/sysctl.d is not applied on boot <Snappy:New> <http://launchpad.net/bugs/1485683>	16:40
ubottu	bug 1485683 in Snappy "/etc/sysctl.d is not applied on boot" [Undecided,New] https://launchpad.net/bugs/1485683	16:40
jdstrand	cool, thanks	16:42
longsleep	Chipaca: so i can now run Nginx confined but as a single process, whatever happens when the child is started, it fails with sigsys and i have no log :(	16:45
ogra_	Chipaca, mvo, seems the last snappy build now fails in manpage generation	16:48
Chipaca	huzzah!	16:48
mvo	we are moving forward	16:48
ogra_	no idea why we run it :)	16:48
Chipaca	that one is probably my fault :)	16:48
ogra_	(is there actually a manpage ?)	16:48
Chipaca	ogra_: sergiusens asked for it	16:48
mvo	yes!	16:48
mvo	we don't have man but …	16:48
* Chipaca symlinks man to less and makes everybody have a fit		16:49
ogra_	dont make cjwatson cry !	16:49
seshu	Hello, I'd like to install mir and my application. How do I make snappy autologin?	22:04

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!