[systemd-commits] 3 commits - TODO src/nspawn

Lennart Poettering lennart at kemper.freedesktop.org
Fri Feb 14 16:41:12 CET 2014 

 TODO                |   16 +++++++++-------
 src/nspawn/nspawn.c |   19 ++++++++++++++++---
 2 files changed, 25 insertions(+), 10 deletions(-)

New commits:
commit 262d10e6bd8e4a0a6a0967fbb5f89a5b989779ac
Author: Lennart Poettering <lennart at poettering.net>
Date:   Fri Feb 14 16:41:03 2014 +0100

    nspawn: if we don't find bash, try sh

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 2a0edf6..51a1a66 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1968,6 +1968,7 @@ int main(int argc, char *argv[]) {
                         else {
                                 chdir(home ? home : "/root");
                                 execle("/bin/bash", "-bash", NULL, env_use);
+                                execle("/bin/sh", "-sh", NULL, env_use);
                         }
 
                         log_error("execv() failed: %m");

commit af1082b04a3d45a9b1d796b4271f44e87e307026
Author: Lennart Poettering <lennart at poettering.net>
Date:   Fri Feb 14 16:40:52 2014 +0100

    update TODO

diff --git a/TODO b/TODO
index aa8aca1..db2c623 100644
--- a/TODO
+++ b/TODO
@@ -33,11 +33,13 @@ Preparation for 209:
 
 * libsystemd-journal returns the object created as first param in sd_journal_new(), sd_bus_new() and suchlike as last...
 
-* Merge Distribute= patches for .socket units
-
 Features:
 
-* maybe: hookup nspawn and PrivateNetwork=yes with "ip netns"
+* implement Distribute= in socket units to allow running multiple
+  service instances processing the listening socket, and open this up
+  for ReusePort=
+
+* add a timelimit to generator invocation
 
 * socket units: support creating sockets in different namespace,
   opening it up for JoinsNamespaceOf=. This would require to fork off
@@ -89,7 +91,7 @@ Features:
 
 * Automatically configure swap partition to use for hibernation by looking for largest swap partition on the root disk?
 
-* socket-proxyd:Use a nonblocking alternative to getaddrinfo
+* socket-proxyd: Use sd-resolve to resolve the server address
 
 * rfkill,backlight: we probably should run the load tools inside of the udev rules so that the state is properly initialized by the time other software sees it
 
@@ -426,12 +428,12 @@ Features:
   - nspawn: --read-only is not applied recursively to submounts
   - nspawn: make use of device cgroup controller by default
   - bind mount read-only the cgroup tree higher than nspawn
-  - nspawn: investigate whether we can support the same as LXC's
-    lxc.network.type=phys mode, and pass through entire network
-    interfaces to the container
   - nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters, selinux exec context
   - refuses to boot containers without /etc/machine-id (OK?), and with empty /etc/machine-id (not OK).
   - support taking a btrfs snapshot at startup and dropping it afterwards
+  - maybe: hookup nspawn and PrivateNetwork=yes with "ip netns"
+  - introduce --network-bridge= which works like --network-veth but also adds the host side to an existing bridge
+  - allow booting disk images with a GPT signature using the bootloaderspec partition uuids
 
 * cryptsetup:
   - cryptsetup-generator: allow specification of passwords in crypttab itself

commit 6b9132a9c40355356b4d4f5b20b6338c0eb74dfa
Author: Lennart Poettering <lennart at poettering.net>
Date:   Fri Feb 14 16:35:18 2014 +0100

    nspawn: don't accept just any tree to execute
    
    When invoked without -D in an arbitrary directory we should not try to
    execute anything, make some validity checks first.

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 3a6d428..2a0edf6 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1555,9 +1555,21 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
-        if (arg_boot && path_is_os_tree(arg_directory) <= 0) {
-                log_error("Directory %s doesn't look like an OS root directory (/etc/os-release is missing). Refusing.", arg_directory);
-                goto finish;
+        if (arg_boot) {
+                if (path_is_os_tree(arg_directory) <= 0) {
+                        log_error("Directory %s doesn't look like an OS root directory (/etc/os-release is missing). Refusing.", arg_directory);
+                        goto finish;
+                }
+        } else {
+                const char *p;
+
+                p = strappenda(arg_directory,
+                               argc > optind && path_is_absolute(argv[optind]) ? argv[optind] : "/usr/bin/");
+                if (access(p, F_OK) < 0) {
+                        log_error("Directory %s lacks the binary to execute or doesn't look like a binary tree. Refusing.", arg_directory);
+                        goto finish;
+
+                }
         }
 
         log_close();

More information about the systemd-commits mailing list