[systemd-devel] nspawn dependencies

Lennart Poettering lennart at poettering.net
Thu Jun 11 08:54:00 PDT 2015


On Thu, 11.06.15 12:48, Richard Weinberger (richard at nod.at) wrote:

> >> Maybe you can help me so sort this out, can I run any systemd enabled
> >> distribution
> >> using the most current systemd-nspawn?
> >> Say, my host is FC22 using systemd-nspawn from git, can it spawn an
> >> openSUSE 13.2 container which has only systemd v210?
> >>
> >> Or has the systemd version on the container side to match the systemd
> >> version on the host side?
> > 
> > It generally does not have to match. We try to maintain compatibility
> > there (though we make no guarantees -- the stuff is too new). That
> > said, newer systemd versions work much better in nspawn than older
> > ones, and v210 is pretty old already.
> 
> Okay. Thanks for the clarification.
> 
> >From reading the source it seems like you mount the whole cgroup hierarchy into the
> container's mount namespace, rebind /sys/fs/cgroup/systemd/yadda/.../yadda/ to /sys/fs/cgroup/systemd
> and remount some parts read only.
> Does this play well with the cgroup release_agent/notify_on_release
> mechanism?

No, cgroup notification is fucked in containers, and even on the host
it is broken, but not as badly.

The new unified hierarchy handles all this *much* much better, as it
has a inotify based notification scheme that covers hierchies really
nicely.

Note that more recent systemd versions can handle non-working cgroup
notifications in containers much better than older ones.

> One more question, how does systemd-nspawn depend on the host systemd?
> On this machine runs openSUSE with systemd v210. I build current systemd-nswpan
> and gave it a try wit no luck.

v210 is really old.

We don't support "half" upgrades. If you do "half" upgrades, where the
utilites do not match the daemons then your are on your own.

That said, rkt actually uses nspawn and supports that on their own
downstream on all distros, even old ones that do not have systemd at
all. But that's on them, we don't want to be bothered with that
upstream.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list