Sorry, your messages were in spam folder (must be due to some kind of
evil plan by the systemd haters), so I didn't notice them until now.
On 07/31/17 13:50, Lennart Poettering wrote:
> On So, 30.07.17 13:58, Topi Miettinen (toiwo...@gmail.com) wrote:
>
>> Hey,
>>
>> I have this test.service unit:
>> [Unit]
>>
>> [Install]
>> WantedBy=multi-user.target
>>
>> [Service]
>> Type=oneshot
>> ExecStart=/bin/ls -lR
>> RootImage=/fs
>> MountAPIVFS=no
>
> Any reason you turn this off? This is likely to break sooner or later,
> so it would make a ton of sense to test things first with it left on,
> before checking anything else.
OK, but that did not help.
>> The file /fs has a MBR partition table:
>> Disk /dev/loop0: 1.1 MiB, 1192960 bytes, 2330 sectors
>> Units: sectors of 1 * 512 = 512 bytes
>> Sector size (logical/physical): 512 bytes / 512 bytes
>> I/O size (minimum/optimal): 512 bytes / 512 bytes
>> Disklabel type: dos
>> Disk identifier: 0x3990f3e6
>>
>> Device Boot Start End Sectors Size Id Type
>> /dev/loop0p1 * 34 2329 2296 1.1M 83 Linux
>
> That should work. See if "systemd-nspawn -i" can get a shell in it. If
> so, RootImage= should work too, it uses the same code.
>
> Also, consider invoking /usr/lib/systemd/systemd-dissect on the image
> file, it will tell you whether it can make sense of the image, and how
> it would mount it.
# /lib/systemd/systemd-dissect /root.sqsh
Found writable 'root' partition of type squashfs without verity
(/dev/block/7:0)
>> Perhaps I miss some RootImage requirements? What exactly they are?
>
> They are documented briefly in "systemd-nspawn's" --image= setting.
I tried systemd-nspawn with the image, but that also refuses. There's
this error:
# systemd-nspawn --image=/root.sqsh
Spawning container root.sqsh on /root.sqsh.
Press ^] three times within 1s to kill container.
Timezone Europe/Helsinki does not exist in container, not updating
container timezone.
Failed to create /var/log: Read-only file system
It looks like the image is mounted read-only:
2427 mkdir("/tmp/nspawn-root-jlYu4k/var/log", 0755) = -1 EROFS
(Read-only file system)
If I add "--tmpfs=/var" and move the mount_custom() call in nspawn.c
between setup_seccomp() and setup_timezone(), there's no error and
systemd-nspawn can mount the image and run the command. But it would be
nice to understand why the image is mounted read-only in the first place.
Adding a read-write /var to test.service does not help either:
BindPaths=/tmp/var.test:/var
The contents seem to be fine because there's no error when using nspawn
with --directory.
> That said, if systemd actually mounted something, then the image is
> fine. Most likely something is simply borked in the namespacing code,
> and that is kind hard to debug, because logging is already turned off
> at that point. It should be relatively easy to patch that in
> temporarily though, i.e. find apply_mount_namespace() in
> src/core/execute.c and place a log_open() before the setup_namespace()
> invocation, and check if this improves logging for you.
I'll try that next.
>
> Lennart
>
-Topi
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
