On Sa, 28.03.20 14:02, Ryan (rymg19@xxxxxxxxx) wrote: > I don't yet have a small test for this yet, so here's all the information > I've found while I get that ready: > > I have a side project <https://nsbox.dev/> that revolves around using > systemd-nspawn to run pet containers. One feature I'm trying to use it for > is booted containers, where the following happens: > > - During container boot, a service is run that creates an account inside > the container corresponding to the outside user. This service depends on > multi-user.target, as well as console-getty (which is overridden to enable > autologin). > - The service inside signals the outside world when it's done that the > container is ready for login. > - Once the signal is received outside, the host uses nsenter to enter the > container namespace, then runs > > runuser -s /bin/bash -- - "$THE_USER_NAME" some-command Use systemd-run for this. nsenter inserts an outside process into the container, outside of all supervision, outside of any sensible cgroup and so on. This shouldn't be done for long-running stuff that is supposed to actually properly join the container. > Here's the bizarre part: runuser just hangs forever. I went into debugging > it further, and found it was hanging waiting for a response from > systemd-logind while executing the PAM config. With verbose logging for > logind enabled, I observed the following: Your client lives outside of the supervision of systemd inside the container, it's a foreign process, even if it suddenly appears in the same PID ns... i.e. its PPID is 0, and not 1, because it is foreign. Just don't do this. systemd-run exists for a reason: it inserts only a tiny very short-living process into the container that then talks to systemd inside of the container and tells it to do something, and then just hands over to that. This means the long running process is actually running from the context of the user inside it and all is good. Lennart -- Lennart Poettering, Berlin _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Bizarre issue with logins and cgroups?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Bizarre issue with logins and cgroups?
- From: Lennart Poettering <mzxreary@xxxxxxxxxxx>
- Date: Tue, 31 Mar 2020 17:31:12 +0200
- Cc: systemd Mailing List <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <CAO41-mMz+H5KchoJD1m7WRuo6SKjNxVssUjTcpA5XG--rvnfdw@mail.gmail.com>
- References: <CAO41-mMz+H5KchoJD1m7WRuo6SKjNxVssUjTcpA5XG--rvnfdw@mail.gmail.com>
- Follow-Ups:
- Re: Bizarre issue with logins and cgroups?
- From: Ryan
- Re: Bizarre issue with logins and cgroups?
- References:
- Bizarre issue with logins and cgroups?
- From: Ryan
- Bizarre issue with logins and cgroups?
- Prev by Date: Re: sd-bus signal callback return value
- Next by Date: Re: Cannot find a way to get time read from RTC during boot
- Previous by thread: Bizarre issue with logins and cgroups?
- Next by thread: Re: Bizarre issue with logins and cgroups?
- Index(es):
 |