[systemd-devel] portable service questions

Luca Boccassi luca.boccassi at gmail.com
Thu May 4 21:27:26 UTC 2023


On Thu, 4 May 2023 at 22:00, Chuck Tuffli <ctuffli at gmail.com> wrote:
>
> I basically have portable service extensions working, but in the
> process, there are a few questions that came up.
>
> 1. When attaching a service with an extension, the portablectl list
> shows the base image as 'attached' but the extension as 'detached'. Is
> the 'detached' state expected or an indication that something is
> wrong?

That's a known issue, it's just cosmetic

> 2. When using the default profile, systemd attaches a writable /tmp
> and /var/tmp. But the trusted profile doesn't attach either. From
> looking at the code, this appears to be expected. For read-only
> service images running with the trusted profile, is there a way to get
> a writable tmp directories or is the expectation that the base image
> is writable?

This was changed recently and now every profile has a private /tmp

> 3. What are some approaches to debugging problems with the service's
> environment? Two examples of problems I encountered were 1) the base
> image was missing a library the extension depended upon and 2) the
> service couldn't create configuration files because of a missing
> directory. In both cases, I replaced the ExecStart with 'sleep 1d' and
> used 'nsenter --target $(pidof sleep)' to investigate the environment
> and figure out where I goofed. Is there a better way to do this?

Use systemd-run and pass it RootImage and ExtensionImages and you can
do whatever you want, even getting a shell, in an identical
environment


More information about the systemd-devel mailing list