Announcement

Collapse
No announcement yet.

Systemd 241 Released With Security Fixes & Other Changes

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Systemd 241 Released With Security Fixes & Other Changes

    Phoronix: Systemd 241 Released With Security Fixes & Other Changes

    Lennart Poettering has just tagged the systemd 241 update that includes the "system down" security fixes and other improvements to this widely-used Linux init system...

    http://www.phoronix.com/scan.php?pag...d-241-Released

  • #2
    Unironically great release. I'm hoping systemd could do something about VT ttys, would be nice to have hw accelerated terminal with OpenGL running off EGL, something like https://github.com/dvdhrm/kmscon. I'm still not entirely sure what drawbacks would there be to userpace terminal compared to current in-kernel VT. Embedded devices that don't have 2D nor 3D engines but only CRTC framebuffer would still have their trusty fbdev and in-kernel VT.

    Comment


    • #3
      Originally posted by hax0r View Post
      Unironically great release. I'm hoping systemd could do something about VT ttys, would be nice to have hw accelerated terminal with OpenGL running off EGL, something like https://github.com/dvdhrm/kmscon. I'm still not entirely sure what drawbacks would there be to userpace terminal compared to current in-kernel VT. Embedded devices that don't have 2D nor 3D engines but only CRTC framebuffer would still have their trusty fbdev and in-kernel VT.
      the problem is, the console is entirely in kernel AFAIK. and the kernel does not know how to GL

      Comment


      • #4
        Originally posted by boxie View Post

        the problem is, the console is entirely in kernel AFAIK. and the kernel does not know how to GL
        There's a concept to move the console to userland afaik.

        Comment


        • #5
          Originally posted by Britoid View Post

          There's a concept to move the console to userland afaik.
          I have not heard much about that in a long time, is that effort still going (or am I thinking about older attempts)?

          Comment


          • #6
            Code:
            sudo poweroff
            from QTerminal in LXQt

            Then it takes like 90 seconds to shutdown for no reason!

            (I later did set the stop timeout to 10 but why would the user session timeout default be 90? It's too much...)

            Comment


            • #7
              Originally posted by hax0r View Post
              Unironically great release. I'm hoping systemd could do something about VT ttys, would be nice to have hw accelerated terminal with OpenGL running off EGL, something like https://github.com/dvdhrm/kmscon. I'm still not entirely sure what drawbacks would there be to userpace terminal compared to current in-kernel VT. Embedded devices that don't have 2D nor 3D engines but only CRTC framebuffer would still have their trusty fbdev and in-kernel VT.
              Or just get someone to pick up kmscon again. Pretty sad that none of the big distroes did so :/

              Comment


              • #8
                @tildearrow

                Sorry cannot quote on android for some reason. I think the problem is that 90s is for any service and while a user seasion might not need that long, other services might need that. I had the same problem with lxqt in the past but it was gone around lxqt 0.13 or so. Check that is actually blocking your session because that is the cause of the problem.

                Comment


                • #9
                  Originally posted by hax0r View Post
                  Unironically great release. I'm hoping systemd could do something about VT ttys, would be nice to have hw accelerated terminal with OpenGL running off EGL, something like https://github.com/dvdhrm/kmscon. I'm still not entirely sure what drawbacks would there be to userpace terminal compared to current in-kernel VT. Embedded devices that don't have 2D nor 3D engines but only CRTC framebuffer would still have their trusty fbdev and in-kernel VT.
                  This would be worth a revisit by someone. There are some draw backs with the kmscon path. But a different path has opened up in the last 12 months that has not been explored.

                  Originally posted by boxie View Post
                  the problem is, the console is entirely in kernel AFAIK. and the kernel does not know how to GL
                  Correct but nothing says long term console has to remain pure kernel mode.

                  Originally posted by Mr.Elendig View Post
                  Or just get someone to pick up kmscon again. Pretty sad that none of the big distroes did so :/
                  There were reasons. There is a solution to kmscon historic blocker problems but it would be rewrite it.

                  Linux law you do not break userspace. The problem with kmscon is it does. Do not break userspace means you should not need to be customising the initramfs either.

                  Good part today is Alexei Starovoitov of bpfilter has worked around this limitation.
                  https://lwn.net/Articles/755919/

                  Usermode blobs for bpfilter is because bpfilter run into the same road block as kmscon did. This would allow embedded a usermode console inside the standard kernel image so meaning no break of userspace or needing to modify initramfs generation for a newer kernel with this feature. Part userspace part kernel space drivers in the main kernel image as a normal linked in module were not possible before the bpfilter work. Of course being a usermode helper there is nothing to say the usermode console in kernel module could not be replaced latter in the boot process by a usermode console on disc.

                  This code would be very different to the kmscon as this would have to be coded as a conversion of the existing kernel mode console code so not to be breaking userspace.

                  Of course this still leave the context switch overheads to consider bpf may be able to help with this.

                  It would serous be worth a revisit usermode console with bpf and embed-able usermode helpers.

                  Comment


                  • #10
                    Originally posted by oiaohm View Post

                    Linux law you do not break userspace. The problem with kmscon is it does. Do not break userspace means you should not need to be customising the initramfs either.
                    But from what I understand that only means the default configuration of a kernel shouldn't break userspace. If distro's or people want to ship a user-land console and apply the necessary kernel configuration to allow it for their builds, then surely that should be fine.

                    Comment

                    Working...
                    X