cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

don't mount /proc when provisioning systemd-nspawn container 

While needed for chroot provisioning, it confuses system when
systemd-nspawn runs it inside the container.
This commit is contained in:
Joey Hess 2015-06-01 16:22:15 -04:00
parent 85c3d11088
commit c0b9c708c9
2 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/Propellor/Property/Chroot.hs
View File

@ -95,7 +95,7 @@ chrootInfo (Chroot loc _ _ h) =
mempty { _chrootinfo = mempty { _chroots = M.singleton loc h } } mempty { _chrootinfo = mempty { _chroots = M.singleton loc h } }
-- | Propellor is run inside the chroot to provision it. -- | Propellor is run inside the chroot to provision it.
propellChroot :: Chroot -> ([String] -> CreateProcess) -> Bool -> Property NoInfo propellChroot :: Chroot -> ([String] -> IO CreateProcess) -> Bool -> Property NoInfo
propellChroot c@(Chroot loc _ _ _) mkproc systemdonly = property (chrootDesc c "provisioned") $ do propellChroot c@(Chroot loc _ _ _) mkproc systemdonly = property (chrootDesc c "provisioned") $ do
let d = localdir </> shimdir c let d = localdir </> shimdir c
let me = localdir </> "propellor" let me = localdir </> "propellor"
@ -103,7 +103,6 @@ propellChroot c@(Chroot loc _ _ _) mkproc systemdonly = property (chrootDesc c "
( pure (Shim.file me d) ( pure (Shim.file me d)
, Shim.setup me Nothing d , Shim.setup me Nothing d
) )
liftIO mountproc
ifM (liftIO $ bindmount shim) ifM (liftIO $ bindmount shim)
( chainprovision shim ( chainprovision shim
, return FailedChange , return FailedChange
@ -119,18 +118,12 @@ propellChroot c@(Chroot loc _ _ _) mkproc systemdonly = property (chrootDesc c "
, File localdir, File mntpnt , File localdir, File mntpnt
] ]
) )
-- /proc needs to be mounted in the chroot for the linker to use
-- /proc/self/exe which is necessary for some commands to work
mountproc = unlessM (elem procloc <$> mountPointsBelow loc) $
void $ mount "proc" "proc" procloc
procloc = loc </> "proc"
chainprovision shim = do chainprovision shim = do
parenthost <- asks hostName parenthost <- asks hostName
cmd <- liftIO $ toChain parenthost c systemdonly cmd <- liftIO $ toChain parenthost c systemdonly
pe <- liftIO standardPathEnv pe <- liftIO standardPathEnv
let p = mkproc p <- liftIO $ mkproc
[ shim [ shim
, "--continue" , "--continue"
, show cmd , show cmd
@ -164,8 +157,16 @@ chain hostlist (ChrootChain hn loc systemdonly onconsole) =
putStrLn $ "\n" ++ show r putStrLn $ "\n" ++ show r
chain _ _ = errorMessage "bad chain command" chain _ _ = errorMessage "bad chain command"
inChrootProcess :: Chroot -> [String] -> CreateProcess inChrootProcess :: Chroot -> [String] -> IO CreateProcess
inChrootProcess (Chroot loc _ _ _) cmd = proc "chroot" (loc:cmd) inChrootProcess (Chroot loc _ _ _) cmd = do
mountproc
return $ proc "chroot" (loc:cmd)
where
-- /proc needs to be mounted in the chroot for the linker to use
-- /proc/self/exe which is necessary for some commands to work
mountproc = unlessM (elem procloc <$> mountPointsBelow loc) $
void $ mount "proc" "proc" procloc
procloc = loc </> "proc"
provisioningLock :: FilePath -> FilePath provisioningLock :: FilePath -> FilePath
provisioningLock containerloc = "chroot" </> mungeloc containerloc ++ ".lock" provisioningLock containerloc = "chroot" </> mungeloc containerloc ++ ".lock"

4
src/Propellor/Property/Systemd.hs
View File

@ -250,8 +250,8 @@ enterScript c@(Container name _ _) = setup <!> teardown
enterScriptFile :: Container -> FilePath enterScriptFile :: Container -> FilePath
enterScriptFile (Container name _ _ ) = "/usr/local/bin/enter-" ++ mungename name enterScriptFile (Container name _ _ ) = "/usr/local/bin/enter-" ++ mungename name
enterContainerProcess :: Container -> [String] -> CreateProcess enterContainerProcess :: Container -> [String] -> IO CreateProcess
enterContainerProcess = proc . enterScriptFile enterContainerProcess c ps = pure $ proc (enterScriptFile c) ps
nspawnServiceName :: MachineName -> ServiceName nspawnServiceName :: MachineName -> ServiceName
nspawnServiceName name = "systemd-nspawn@" ++ name ++ ".service" nspawnServiceName name = "systemd-nspawn@" ++ name ++ ".service"