On Sat, 16.05.15 16:01, Simon Peeters (peeters.si...@gmail.com) wrote: > hej all. > > I have a kind off weird setup using socket-activated containers: > > nginx on the host listens on port 80 and has a 'proxy_pass > http://unix:/run/http/$host;' directive. > > then I have webserver@.socket listening on 'ListenStream=/run/http/%I' > which in turn activates a container. > > this works fine with the following 'nginx-container@.service' > [Service] > ExecStart=/usr/bin/systemd-nspawn --private-network > --bind=/srv/%i:/srv/http -D /var/lib/machines/nginx_base -x -M > "nginx_%i" /usr/bin/nginx -g 'daemon off;' > > [Install] > Also=webserver@%i.socket > Alias=webserver@%i.service > > witch runs a (patched) nginx as only binary in that container. > > now I want to run systemd in such a container to run both nginx and nodejs. > the problem is, what should be in my 'nginx.socket' in order to pass > on that first socket systemd gets, which is a UDS outside of the > container?
The way how daemons usually recognize the AF_UNIX fds passed to them during socket activation is that they stat() the paths of the sockets that could match and then compare that with fstat() of the fd they have. If inode and device match they assume its the same socket. This of course makes things difficult in an nspawn container, if the AF_UNIX socket is bound on the host, since you cannot stat() it by path then. A possible fix is to use --bind= on the AF_UNIX socket node, and thus make it available in the container. Then if the container runs stat() on the node, and comapres it with the fstat() of the fd it got, all should be good. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
