[systemd-devel] systemd-devel Digest, Vol 157, Issue 4

Benjamin Godfrey mr.benjamingodfrey at gmail.com
Fri May 5 21:16:27 UTC 2023 

1. When attaching a service with an extension, the portablectl list
shows the base image as 'attached' but the extension as 'detached'. Is
the 'detached' state expected or an indication that something is
wrong?

You can expect a detached state because the extension is not actually
running in the same process as the base image.  The extension is has a
different PID, but they share the same memory region.

> 3. What are some approaches to debugging problems with the service's
> environment? Two examples of problems I encountered were 1) the base
> image was missing a library the extension depended upon

That's a weird problem.  Don't laugh, but I ran into a situation where the
libraries were installed, but the systemd source code was missing.  I'm not
sure what a good version of the source code should be.   I think I might be
referring to an earlier comment.  My only suggestion would be to use
portablectl
debug  but you are probably already doing that.

If you use systemd-run,  Here is a template for a systemd service file that
might help you.

[Unit] Description=My service

[Service] Type=oneshot ExecStart=/usr/bin/systemd-run --scope
--rootimage=/path/to/root/image --extensionimages=/path/to/extension/image
/usr/bin/my-command

[Install] WantedBy=multi-user.target

Benjamin Godfrey

On Fri, May 5, 2023 at 5:00 AM <systemd-devel-request at lists.freedesktop.org>
wrote:

> Send systemd-devel mailing list submissions to
>         systemd-devel at lists.freedesktop.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.freedesktop.org/mailman/listinfo/systemd-devel
> or, via email, send a message with subject or body 'help' to
>         systemd-devel-request at lists.freedesktop.org
>
> You can reach the person managing the list at
>         systemd-devel-owner at lists.freedesktop.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of systemd-devel digest..."
>
>
> Today's Topics:
>
>    1.  portable service questions (Chuck Tuffli)
>    2. Re:  portable service questions (Luca Boccassi)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 4 May 2023 12:52:16 -0700
> From: Chuck Tuffli <ctuffli at gmail.com>
> To: systemd-devel at lists.freedesktop.org
> Subject: [systemd-devel] portable service questions
> Message-ID:
>         <
> CAKAYmMK0g_EcgkaHe7k2bzdEf4ON1COo+z3K5x9TuKcoDKOEOQ at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> I basically have portable service extensions working, but in the
> process, there are a few questions that came up.
>
> 1. When attaching a service with an extension, the portablectl list
> shows the base image as 'attached' but the extension as 'detached'. Is
> the 'detached' state expected or an indication that something is
> wrong?
>
> 2. When using the default profile, systemd attaches a writable /tmp
> and /var/tmp. But the trusted profile doesn't attach either. From
> looking at the code, this appears to be expected. For read-only
> service images running with the trusted profile, is there a way to get
> a writable tmp directories or is the expectation that the base image
> is writable?
>
> 3. What are some approaches to debugging problems with the service's
> environment? Two examples of problems I encountered were 1) the base
> image was missing a library the extension depended upon and 2) the
> service couldn't create configuration files because of a missing
> directory. In both cases, I replaced the ExecStart with 'sleep 1d' and
> used 'nsenter --target $(pidof sleep)' to investigate the environment
> and figure out where I goofed. Is there a better way to do this?
>
> Thanks!
>
> --chuck
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 4 May 2023 22:27:26 +0100
> From: Luca Boccassi <luca.boccassi at gmail.com>
> To: Chuck Tuffli <ctuffli at gmail.com>
> Cc: systemd-devel at lists.freedesktop.org
> Subject: Re: [systemd-devel] portable service questions
> Message-ID:
>         <CAMw=
> ZnTjRYQ1rP3jh0utiwAfP9Jm_PmKvSLe4FF+ry8-ZuJDYQ at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> On Thu, 4 May 2023 at 22:00, Chuck Tuffli <ctuffli at gmail.com> wrote:
> >
> > I basically have portable service extensions working, but in the
> > process, there are a few questions that came up.
> >
> > 1. When attaching a service with an extension, the portablectl list
> > shows the base image as 'attached' but the extension as 'detached'. Is
> > the 'detached' state expected or an indication that something is
> > wrong?
>
> That's a known issue, it's just cosmetic
>
> > 2. When using the default profile, systemd attaches a writable /tmp
> > and /var/tmp. But the trusted profile doesn't attach either. From
> > looking at the code, this appears to be expected. For read-only
> > service images running with the trusted profile, is there a way to get
> > a writable tmp directories or is the expectation that the base image
> > is writable?
>
> This was changed recently and now every profile has a private /tmp
>
> > 3. What are some approaches to debugging problems with the service's
> > environment? Two examples of problems I encountered were 1) the base
> > image was missing a library the extension depended upon and 2) the
> > service couldn't create configuration files because of a missing
> > directory. In both cases, I replaced the ExecStart with 'sleep 1d' and
> > used 'nsenter --target $(pidof sleep)' to investigate the environment
> > and figure out where I goofed. Is there a better way to do this?
>
> Use systemd-run and pass it RootImage and ExtensionImages and you can
> do whatever you want, even getting a shell, in an identical
> environment
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
>
> ------------------------------
>
> End of systemd-devel Digest, Vol 157, Issue 4
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230505/941d0338/attachment.htm>

More information about the systemd-devel mailing list