1. When attaching a service with an extension, the portablectl list shows the base image as 'attached' but the extension as 'detached'. Is the 'detached' state expected or an indication that something is wrong?
You can expect a detached state because the extension is not actually running in the same process as the base image. The extension is has a different PID, but they share the same memory region. > 3. What are some approaches to debugging problems with the service's > environment? Two examples of problems I encountered were 1) the base > image was missing a library the extension depended upon That's a weird problem. Don't laugh, but I ran into a situation where the libraries were installed, but the systemd source code was missing. I'm not sure what a good version of the source code should be. I think I might be referring to an earlier comment. My only suggestion would be to use portablectl debug but you are probably already doing that. If you use systemd-run, Here is a template for a systemd service file that might help you. [Unit] Description=My service [Service] Type=oneshot ExecStart=/usr/bin/systemd-run --scope --rootimage=/path/to/root/image --extensionimages=/path/to/extension/image /usr/bin/my-command [Install] WantedBy=multi-user.target Benjamin Godfrey On Fri, May 5, 2023 at 5:00 AM <systemd-devel-requ...@lists.freedesktop.org> wrote: > Send systemd-devel mailing list submissions to > systemd-devel@lists.freedesktop.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > or, via email, send a message with subject or body 'help' to > systemd-devel-requ...@lists.freedesktop.org > > You can reach the person managing the list at > systemd-devel-ow...@lists.freedesktop.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of systemd-devel digest..." > > > Today's Topics: > > 1. portable service questions (Chuck Tuffli) > 2. Re: portable service questions (Luca Boccassi) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 4 May 2023 12:52:16 -0700 > From: Chuck Tuffli <ctuf...@gmail.com> > To: systemd-devel@lists.freedesktop.org > Subject: [systemd-devel] portable service questions > Message-ID: > < > cakaymmk0g_ecgkahe7k2bzdef4on1coo+z3k5x9tukcodko...@mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > I basically have portable service extensions working, but in the > process, there are a few questions that came up. > > 1. When attaching a service with an extension, the portablectl list > shows the base image as 'attached' but the extension as 'detached'. Is > the 'detached' state expected or an indication that something is > wrong? > > 2. When using the default profile, systemd attaches a writable /tmp > and /var/tmp. But the trusted profile doesn't attach either. From > looking at the code, this appears to be expected. For read-only > service images running with the trusted profile, is there a way to get > a writable tmp directories or is the expectation that the base image > is writable? > > 3. What are some approaches to debugging problems with the service's > environment? Two examples of problems I encountered were 1) the base > image was missing a library the extension depended upon and 2) the > service couldn't create configuration files because of a missing > directory. In both cases, I replaced the ExecStart with 'sleep 1d' and > used 'nsenter --target $(pidof sleep)' to investigate the environment > and figure out where I goofed. Is there a better way to do this? > > Thanks! > > --chuck > > > ------------------------------ > > Message: 2 > Date: Thu, 4 May 2023 22:27:26 +0100 > From: Luca Boccassi <luca.bocca...@gmail.com> > To: Chuck Tuffli <ctuf...@gmail.com> > Cc: systemd-devel@lists.freedesktop.org > Subject: Re: [systemd-devel] portable service questions > Message-ID: > <CAMw= > zntjryq1rp3jh0utiwafp9jm_pmkvsle4ff+ry8-zuj...@mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > On Thu, 4 May 2023 at 22:00, Chuck Tuffli <ctuf...@gmail.com> wrote: > > > > I basically have portable service extensions working, but in the > > process, there are a few questions that came up. > > > > 1. When attaching a service with an extension, the portablectl list > > shows the base image as 'attached' but the extension as 'detached'. Is > > the 'detached' state expected or an indication that something is > > wrong? > > That's a known issue, it's just cosmetic > > > 2. When using the default profile, systemd attaches a writable /tmp > > and /var/tmp. But the trusted profile doesn't attach either. From > > looking at the code, this appears to be expected. For read-only > > service images running with the trusted profile, is there a way to get > > a writable tmp directories or is the expectation that the base image > > is writable? > > This was changed recently and now every profile has a private /tmp > > > 3. What are some approaches to debugging problems with the service's > > environment? Two examples of problems I encountered were 1) the base > > image was missing a library the extension depended upon and 2) the > > service couldn't create configuration files because of a missing > > directory. In both cases, I replaced the ExecStart with 'sleep 1d' and > > used 'nsenter --target $(pidof sleep)' to investigate the environment > > and figure out where I goofed. Is there a better way to do this? > > Use systemd-run and pass it RootImage and ExtensionImages and you can > do whatever you want, even getting a shell, in an identical > environment > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > > > ------------------------------ > > End of systemd-devel Digest, Vol 157, Issue 4 > ********************************************* >
