On Tue, May 17, 2016 at 2:34 AM, Michael Biebl <bi...@debian.org> wrote: > Am 17.05.2016 um 02:26 schrieb Dmitry Smirnov: >> On Sunday, 15 May 2016 2:01:20 PM AEST Michael Biebl wrote: >>> Can you clarify a bit more, why exactly rkt needs systemd-sysusers? >> >> rkt uses systemd-sysusers inside containers therefore rkt build-depend on >> systemd-sysusers... > > I was looking for more details what exactly it is needing > systemd-sysusers for. Can you explain how the binary is called by rkt > and when and what kind of users are created (and why)?
rkt with the "host" flavor does not build-depend on systemd-sysusers, it is only a run-time dependency. It also only runs it in the container to create users & groups in the container (not on the host). It works like the following: When rkt starts a pod / a container, it copies systemd-sysusers from $PATH at run-time into rkt's stage1 rootfs: https://github.com/coreos/rkt/blob/master/stage1/init/init.go#L168 systemd inside the pod uses the following service file to run the copy of systemd-sysusers and create users & groups in the pod (not on the host): https://github.com/coreos/rkt/blob/master/stage1/units/units/sysusers.service The code to generate the $ROOTFS/usr/lib/sysusers.d/ files is there: https://github.com/coreos/rkt/blob/master/stage1/init/common/pod.go#L246