[systemd-bugs] [Bug 89844] New: sdnotify-proxy in systemd-nspawn

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Mar 31 09:06:33 PDT 2015 

https://bugs.freedesktop.org/show_bug.cgi?id=89844

            Bug ID: 89844
           Summary: sdnotify-proxy in systemd-nspawn
           Product: systemd
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: systemd-bugs at lists.freedesktop.org
          Reporter: alban.crequy at gmail.com
        QA Contact: systemd-bugs at lists.freedesktop.org

When an application is started in a container with systemd-nspawn, the
application cannot just call sd_notify() [1] from the container to notify
systemd on the host because:

1. the processes in the container will be in a different cgroup than the
process executing systemd-nspawn. I think even NotifyAccess=all will not work. 

2. if the container uses a new network namespace, the notify socket will not
work if it uses an abstract unix socket. An file socket will also not work
because the container does not have access to the file socket on the host.
Systemd uses either an abstract unix socket or a unix socket file, depending on
its version [4].

Flannel would need that. To workaround this problem, flanneld.service [2] bind
mount a proxy socket file and uses sdnotify-proxy [3] to proxy it. It is using
Docker today but it is the same problem with systemd-nspawn. It would be nice
if systemd-nspawn made sd_notify easier to use.

[1] sd_notify
http://www.freedesktop.org/software/systemd/man/sd_notify.html
[2] flanneld.service
https://github.com/coreos/coreos-overlay/blob/master/app-admin/flannel/files/flanneld.service
[3] sdnotify-proxy
https://github.com/coreos/sdnotify-proxy
[4] socket types
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026129.html
http://lists.freedesktop.org/archives/systemd-devel/2015-March/029096.html

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20150331/0364c9ee/attachment-0001.html>

More information about the systemd-bugs mailing list