[systemd-commits] 3 commits - Makefile.am man/systemd-nspawn.xml src/nspawn src/timedate units/systemd-timedated-ntp.target

Lennart Poettering lennart at kemper.freedesktop.org
Wed Apr 25 07:54:19 PDT 2012


 Makefile.am                        |    3 +-
 man/systemd-nspawn.xml             |    8 +++++
 src/nspawn/nspawn.c                |   53 ++++++++++++++++++++++++++++++++++---
 src/timedate/timedated.c           |    6 ++--
 units/systemd-timedated-ntp.target |   17 +++++++++++
 5 files changed, 79 insertions(+), 8 deletions(-)

New commits:
commit e2875c46936a16efc0f58f9e6e2570cdda8d6d98
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Apr 25 16:49:02 2012 +0200

    timedated: introduce systemd-timedated-ntp.target which is controlled by timedated's NTP setting
    
    We shouldn't hardcode the name of the NTP implementation in the
    timedated mechanism, especially since Fedora currently switched from NTP
    to chrony.
    
    This patch introduces a new target that is enabled/disabled instead of
    the actual NTP implementation. The various NTP implementations should
    then add .wants/ symlinks to their services and BindTo back to the
    target, so that their implementations are started/stopped jointly with
    the target.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=815748

diff --git a/Makefile.am b/Makefile.am
index b503b01..bf09517 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -297,7 +297,8 @@ dist_systemunit_DATA = \
 	units/systemd-ask-password-console.path \
 	units/syslog.target \
 	units/systemd-udev-control.socket \
-	units/systemd-udev-kernel.socket
+	units/systemd-udev-kernel.socket \
+	units/systemd-timedated-ntp.target
 
 nodist_systemunit_DATA = \
 	units/getty at .service \
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index 4fbee7c..7a51101 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -304,7 +304,7 @@ static int write_data_local_rtc(void) {
 
 static int read_ntp(DBusConnection *bus) {
         DBusMessage *m = NULL, *reply = NULL;
-        const char *name = "ntpd.service", *s;
+        const char *name = "systemd-timedated-ntp.target", *s;
         DBusError error;
         int r;
 
@@ -374,7 +374,7 @@ finish:
 
 static int start_ntp(DBusConnection *bus, DBusError *error) {
         DBusMessage *m = NULL, *reply = NULL;
-        const char *name = "ntpd.service", *mode = "replace";
+        const char *name = "systemd-timedated-ntp.target", *mode = "replace";
         int r;
 
         assert(bus);
@@ -421,7 +421,7 @@ finish:
 
 static int enable_ntp(DBusConnection *bus, DBusError *error) {
         DBusMessage *m = NULL, *reply = NULL;
-        const char * const names[] = { "ntpd.service", NULL };
+        const char * const names[] = { "systemd-timedated-ntp.target", NULL };
         int r;
         DBusMessageIter iter;
         dbus_bool_t f = FALSE, t = TRUE;
diff --git a/units/systemd-timedated-ntp.target b/units/systemd-timedated-ntp.target
new file mode 100644
index 0000000..1284248
--- /dev/null
+++ b/units/systemd-timedated-ntp.target
@@ -0,0 +1,17 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# This target is enabled/disabled via the timedated mechanism when the
+# user asks for it via the UI. NTP implementations should hook
+# themselves into this target via .wants/ symlinks, and then add
+# BindTo= on this target so that they are stopped when it goes away.
+
+[Unit]
+Description=Network Time Protocol
+
+[Install]
+WantedBy=multi-user.target

commit bc2f673ec24b59948fcfc35b3077fda0314e69d8
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Apr 25 15:11:20 2012 +0200

    nspawn: add --read-only switch

diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index cf67569..a926a7e 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -198,6 +198,14 @@
                                 loopback device.</para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><option>--read-only</option></term>
+
+                                <listitem><para>Mount the root file
+                                system read only for the
+                                container.</para></listitem>
+                        </varlistentry>
+
                 </variablelist>
 
         </refsect1>
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 83bec96..2a1f37b 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -57,6 +57,7 @@ static char *arg_user = NULL;
 static char **arg_controllers = NULL;
 static char *arg_uuid = NULL;
 static bool arg_private_network = false;
+static bool arg_read_only = false;
 static bool arg_boot = false;
 
 static int help(void) {
@@ -69,7 +70,8 @@ static int help(void) {
                "  -u --user=USER        Run the command under specified user or uid\n"
                "  -C --controllers=LIST Put the container in specified comma-separated cgroup hierarchies\n"
                "     --uuid=UUID        Set a specific machine UUID for the container\n"
-               "     --private-network  Disable network in container\n",
+               "     --private-network  Disable network in container\n"
+               "     --read-only        Mount the root directory read-only\n",
                program_invocation_short_name);
 
         return 0;
@@ -79,7 +81,8 @@ static int parse_argv(int argc, char *argv[]) {
 
         enum {
                 ARG_PRIVATE_NETWORK = 0x100,
-                ARG_UUID
+                ARG_UUID,
+                ARG_READ_ONLY
         };
 
         static const struct option options[] = {
@@ -90,6 +93,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "private-network", no_argument,       NULL, ARG_PRIVATE_NETWORK },
                 { "boot",            no_argument,       NULL, 'b'                 },
                 { "uuid",            required_argument, NULL, ARG_UUID            },
+                { "read-only",       no_argument,       NULL, ARG_READ_ONLY       },
                 { NULL,              0,                 NULL, 0                   }
         };
 
@@ -148,6 +152,10 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_uuid = optarg;
                         break;
 
+                case ARG_READ_ONLY:
+                        arg_read_only = true;
+                        break;
+
                 case '?':
                         return -EINVAL;
 
@@ -971,6 +979,18 @@ int main(int argc, char *argv[]) {
                 if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) < 0)
                         goto child_fail;
 
+                /* Turn directory into bind mount */
+                if (mount(arg_directory, arg_directory, "bind", MS_BIND, NULL) < 0) {
+                        log_error("Failed to make bind mount.");
+                        goto child_fail;
+                }
+
+                if (arg_read_only)
+                        if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
+                                log_error("Failed to make read-only.");
+                                goto child_fail;
+                        }
+
                 if (mount_all(arg_directory) < 0)
                         goto child_fail;
 
@@ -1001,8 +1021,8 @@ int main(int argc, char *argv[]) {
                     dup2(STDIN_FILENO, STDERR_FILENO) != STDERR_FILENO)
                         goto child_fail;
 
-                if (mount(arg_directory, "/", "bind", MS_BIND, NULL) < 0) {
-                        log_error("mount(MS_MOVE) failed: %m");
+                if (mount(arg_directory, "/", "bind", MS_MOVE, NULL) < 0) {
+                        log_error("mount(MS_BIND) failed: %m");
                         goto child_fail;
                 }
 

commit 2547bb414c69b7a5b3eb8d7a10768e0cf4114447
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Apr 25 15:08:00 2012 +0200

    nspawn: bind mount /etc/resolv.conf from the host by default

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index bf3a844..83bec96 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -263,6 +263,28 @@ static int setup_timezone(const char *dest) {
         return 0;
 }
 
+static int setup_resolv_conf(const char *dest) {
+        char *where;
+
+        assert(dest);
+
+        if (arg_private_network)
+                return 0;
+
+        /* Fix resolv.conf, if possible */
+        if (asprintf(&where, "%s/etc/resolv.conf", dest) < 0) {
+                log_error("Out of memory");
+                return -ENOMEM;
+        }
+
+        if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) >= 0)
+                mount("/etc/resolv.conf", where, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL);
+
+        free(where);
+
+        return 0;
+}
+
 static int copy_devnodes(const char *dest) {
 
         static const char devnodes[] =
@@ -966,6 +988,9 @@ int main(int argc, char *argv[]) {
                 if (setup_timezone(arg_directory) < 0)
                         goto child_fail;
 
+                if (setup_resolv_conf(arg_directory) < 0)
+                        goto child_fail;
+
                 if (chdir(arg_directory) < 0) {
                         log_error("chdir(%s) failed: %m", arg_directory);
                         goto child_fail;



More information about the systemd-commits mailing list