Sorry, your messages were in spam folder (must be due to some kind of evil plan by the systemd haters), so I didn't notice them until now.
On 07/31/17 13:50, Lennart Poettering wrote: > On So, 30.07.17 13:58, Topi Miettinen (toiwo...@gmail.com) wrote: > >> Hey, >> >> I have this test.service unit: >> [Unit] >> >> [Install] >> WantedBy=multi-user.target >> >> [Service] >> Type=oneshot >> ExecStart=/bin/ls -lR >> RootImage=/fs >> MountAPIVFS=no > > Any reason you turn this off? This is likely to break sooner or later, > so it would make a ton of sense to test things first with it left on, > before checking anything else. OK, but that did not help. >> The file /fs has a MBR partition table: >> Disk /dev/loop0: 1.1 MiB, 1192960 bytes, 2330 sectors >> Units: sectors of 1 * 512 = 512 bytes >> Sector size (logical/physical): 512 bytes / 512 bytes >> I/O size (minimum/optimal): 512 bytes / 512 bytes >> Disklabel type: dos >> Disk identifier: 0x3990f3e6 >> >> Device Boot Start End Sectors Size Id Type >> /dev/loop0p1 * 34 2329 2296 1.1M 83 Linux > > That should work. See if "systemd-nspawn -i" can get a shell in it. If > so, RootImage= should work too, it uses the same code. > > Also, consider invoking /usr/lib/systemd/systemd-dissect on the image > file, it will tell you whether it can make sense of the image, and how > it would mount it. # /lib/systemd/systemd-dissect /root.sqsh Found writable 'root' partition of type squashfs without verity (/dev/block/7:0) >> Perhaps I miss some RootImage requirements? What exactly they are? > > They are documented briefly in "systemd-nspawn's" --image= setting. I tried systemd-nspawn with the image, but that also refuses. There's this error: # systemd-nspawn --image=/root.sqsh Spawning container root.sqsh on /root.sqsh. Press ^] three times within 1s to kill container. Timezone Europe/Helsinki does not exist in container, not updating container timezone. Failed to create /var/log: Read-only file system It looks like the image is mounted read-only: 2427 mkdir("/tmp/nspawn-root-jlYu4k/var/log", 0755) = -1 EROFS (Read-only file system) If I add "--tmpfs=/var" and move the mount_custom() call in nspawn.c between setup_seccomp() and setup_timezone(), there's no error and systemd-nspawn can mount the image and run the command. But it would be nice to understand why the image is mounted read-only in the first place. Adding a read-write /var to test.service does not help either: BindPaths=/tmp/var.test:/var The contents seem to be fine because there's no error when using nspawn with --directory. > That said, if systemd actually mounted something, then the image is > fine. Most likely something is simply borked in the namespacing code, > and that is kind hard to debug, because logging is already turned off > at that point. It should be relatively easy to patch that in > temporarily though, i.e. find apply_mount_namespace() in > src/core/execute.c and place a log_open() before the setup_namespace() > invocation, and check if this improves logging for you. I'll try that next. > > Lennart > -Topi _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel