nosh version 1.31

From: Jonathan de Boyne Pollard <>
Date: Sat, 14 Jan 2017 11:26:10 +0000

The nosh package is now up to version 1.31 .




This release fixes a problem with emergency mode that was introduced by
accident in 1.29 . The emergency-login_at_console service was not properly
enabled by package installation. Now it once again is.

There are a number of bug fixes in this release, such as rare corner
cases in how convert-systemd-units generates arguments to pass to sh,
what port the nginx server part of Appcafe binds to when not the
default, the use of setuidgid-fromenv to set more than 1 supplementary
group ID, and making the Makefile in tinydns_at_* services work with both
BSD and GNU make. Various service bundles that perform
clean-up-directories actions at bootstrap have been made more difficult
to accidentally re-trigger after bootstrap.

There is also a fair amount of new features:

* The automatically-generated data for tinydns_at_* services now
encompasses all of the reverse lookup domain names for private/local IP
addresses, so none of the DNS traffic involving such lookups will leak
out of your machine/organization to the rest of Internet.

* The userenv command has gained the ability to (optionally) set a whole
lot more environment variables from the capabilities in /etc/login.conf
and ~/.login_conf . It now can be used as the
setup-the-user-environment part of a command chain that is designed to
perform the setup of an interactive login session. This is particularly
useful for fixing PCDM, the display manager in TrueOS.

* The pipe command can now arrange to clean up the child process in one
of two ways. This is made use of in the dnscache service bundles, and
dnscache services no longer contain the perpetual zombie process that
they had in version 1.30 .

* Presets now support wildmat-style character set wildcards. e.g. one
can now write "ttylogin_at_vc[0-9]-tty" as a service name pattern.

* If you have been using the --verbose option to the start/stop/reset
subcommands of system-control, you'll notice that it now colourizes its
output. Its output has also been adjusted to more clearly indicate
blocked services and what they are blocked by.

The big item is that there is now a complete set of simple control
groups manipulation commands, the pre-supplied service bundles all make
use of it, and all service bundles created by convert-systemd-units make
use of it. (All of this is a no-op on FreeBSD/TrueOS and OpenBSD, of

If you've read the Linux doco, you'll know that control groups do not
require any sort of centralized gatekeeper process, and are a
decentralized system that can be driven with just the echo command. In
practice, using echo is non-trivial. The move-to-control-group,
delegate-control-group-to, and set-control-group-knob commands take the
hassle out of working out exactly what to echo where. They do all of
the hard work of determining what the directory name of the current
control group under /sys/fs/cgroup is, and present a simple system
allowing one to create and navigate to another control group, delegate
control over the current control group (and its subgroups) to an
unprivileged user, and set control group knobs.

The set-control-group-knob utility further illustrates the convenience
functionality over and above a simple echo command. It can calculate a
knob setting as a percentage of another number, handle SI and IEEE/IEC
multiplier suffixes, and translate the device file names that are
(comparatively) convenient for humans into the literal major and minor
device numbers that the Linux control groups API actually operates in
terms of.

There are new chapters in the Guide covering the automatic import of
FreeBSD 9 and PC-BSD Warden jails, how jailing services on
FreeBSD/TrueOS works, and limiting services. The limiting services
chapter covers both the original Unix resource limits system and Linux
control groups.
Received on Sat Jan 14 2017 - 11:26:10 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC