subject:"Bug#858149\: systemd\-nspawn\: ephemeral flag ignored with raw images"

Bug#858149: systemd-nspawn: ephemeral flag ignored with raw images

2017-05-02 Thread Michael Biebl

Am 02.05.2017 um 14:29 schrieb Antoine Musso:
> On 28/04/17 22:18, Michael Biebl wrote:
>> Well, not release critical, but something we might fix indeed.
>>
>> Antoine, have to tested the commit
>> 0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6 applied on top of v232 to fix
>> the issue you have?
> 
> Hello,
> 
> No I haven't tested it and I have not tried to cherry pick patches on
> v232.  Looks like there are more commits related, the pull request on
> github having all of:
> 
> $ git log --oneline 1a1b13c95..c5c755e1b
> c5c755e1b Merge pull request #4693 from poettering/nspawn-ephemeral
> acbbf69b7 nspawn: don't require chown() if userns is not on
> 17cbb288f nspawn: add fallback top normal copy/reflink when we cannot
> btrfs snapshot
> c67b00827 nspawn: remove temporary root directory on exit
> 6a0f896b9 nspawn: try to wait for the container PID 1 to exit, before we
> exit
> b6e953f24 nspawn: add ability to run nspawn without container locks applied
> 546dbec53 shared: make sure image_path_lock() return parameters are
> always initialized on success
> 0f3be6ca4 nspawn: support ephemeral boots from images

I've just cherry-picked 0f3be6ca4 for now. We are in deep freeze for
stretch, so I want to avoid more invasive changes (this needs to be
acked by the release team, still)

There will most likely be a backport of newer versions at some point for
stretch, though. So you can get it from there if you need any of the
changes listed above besides 0f3be6ca4.

Regards,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#858149: systemd-nspawn: ephemeral flag ignored with raw images

2017-05-02 Thread Antoine Musso


On 28/04/17 22:18, Michael Biebl wrote:

Well, not release critical, but something we might fix indeed.

Antoine, have to tested the commit
0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6 applied on top of v232 to fix
the issue you have?


Hello,

No I haven't tested it and I have not tried to cherry pick patches on 
v232.  Looks like there are more commits related, the pull request on 
github having all of:


$ git log --oneline 1a1b13c95..c5c755e1b
c5c755e1b Merge pull request #4693 from poettering/nspawn-ephemeral
acbbf69b7 nspawn: don't require chown() if userns is not on
17cbb288f nspawn: add fallback top normal copy/reflink when we cannot 
btrfs snapshot

c67b00827 nspawn: remove temporary root directory on exit
6a0f896b9 nspawn: try to wait for the container PID 1 to exit, before we 
exit

b6e953f24 nspawn: add ability to run nspawn without container locks applied
546dbec53 shared: make sure image_path_lock() return parameters are 
always initialized on success

0f3be6ca4 nspawn: support ephemeral boots from images



--
Antoine Musso

Bug#858149: systemd-nspawn: ephemeral flag ignored with raw images

2017-04-28 Thread Michael Biebl

On Sat, 18 Mar 2017 23:16:35 +0100 Antoine Musso  wrote:
> Package: systemd-container
> Version: 230-7~bpo8+2
> Severity: important
> 
> Dear Maintainer,
> 
> Short version
> =
> 
> Assuming one has an image /var/lib/machines/jessie.raw and spawn it
> with: systemd-nspawn --ephemeral -m jessie
> The jessie.raw ends up being modified.
> 
> Fix released with systemd 233 that should be backported:
> https://github.com/poettering/systemd/commit/0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6
> 
> Longer version
> ==
> 
> systemd-nspawn has a [-x|--ephemeral] option which is supposed to
> snapshot the image and boot a container out of it. Once the container is
> terminated, the snapshot is dismissed entirely.
> 
> The ephemeral option is ignored entirely when using a raw image, for
> example via --machine which can load either a fs tree if the name match
> a directory or a raw image if the base name match.
> 
> The upstream issue has a detailled reproducible case:
> https://github.com/systemd/systemd/issues/4664
> 
> Original thread:
> https://lists.freedesktop.org/archives/systemd-devel/2016-November/037699.html
> 
> The fix is commit 0f3be6ca4
> https://github.com/poettering/systemd/commit/0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6
> 
> It seems straightforward to backport to jessie-backports and for
> stretch.   Non ephemeral ephemeral containers sounds like a release
> critical bug to me.

Well, not release critical, but something we might fix indeed.

Antoine, have to tested the commit
0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6 applied on top of v232 to fix
the issue you have?

Regards,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#858149: systemd-nspawn: ephemeral flag ignored with raw images

2017-03-18 Thread Antoine Musso

Package: systemd-container
Version: 230-7~bpo8+2
Severity: important

Dear Maintainer,

Short version
=

Assuming one has an image /var/lib/machines/jessie.raw and spawn it
with: systemd-nspawn --ephemeral -m jessie
The jessie.raw ends up being modified.

Fix released with systemd 233 that should be backported:
https://github.com/poettering/systemd/commit/0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6

Longer version
==

systemd-nspawn has a [-x|--ephemeral] option which is supposed to
snapshot the image and boot a container out of it. Once the container is
terminated, the snapshot is dismissed entirely.

The ephemeral option is ignored entirely when using a raw image, for
example via --machine which can load either a fs tree if the name match
a directory or a raw image if the base name match.

The upstream issue has a detailled reproducible case:
https://github.com/systemd/systemd/issues/4664

Original thread:
https://lists.freedesktop.org/archives/systemd-devel/2016-November/037699.html

The fix is commit 0f3be6ca4
https://github.com/poettering/systemd/commit/0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6

It seems straightforward to backport to jessie-backports and for
stretch.   Non ephemeral ephemeral containers sounds like a release
critical bug to me.


Note: upstream issue also state that junk files are left behind in host
/tmp there are a couple more commits to address that:
https://github.com/poettering/systemd/commit/64e604111a8466764f36ae8ac83d5d0c0addc024
https://github.com/poettering/systemd/commit/0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6

-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (500, 'stable'), (99, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd-container depends on:
ii  libacl1  2.2.52-2
ii  libblkid12.25.2-6
ii  libbz2-1.0   1.0.6-7+b3
ii  libc62.19-18+deb8u7
ii  libcurl3-gnutls  7.38.0-4+deb8u5
ii  libgcrypt20  1.6.3-2+deb8u2
ii  liblzma5 5.1.1alpha+20120614-2+b3
ii  libseccomp2  2.1.1-1
ii  libselinux1  2.3-2
ii  systemd  230-7~bpo8+2
ii  zlib1g   1:1.2.8.dfsg-2+b1

Versions of packages systemd-container recommends:
ii  btrfs-tools3.17-1.1
ii  libnss-mymachines  230-7~bpo8+2

systemd-container suggests no packages.

-- no debconf information

Bug#858149: systemd-nspawn: ephemeral flag ignored with raw images

Bug#858149: systemd-nspawn: ephemeral flag ignored with raw images

Bug#858149: systemd-nspawn: ephemeral flag ignored with raw images

Bug#858149: systemd-nspawn: ephemeral flag ignored with raw images

4 matches

Site Navigation

Mail list logo

Footer information