Re: soft-reboot and service templates

[Luca Boccassi <luca.boccassi@xxxxxxxxx>]

On Fri, 7 Jun 2024 at 08:17, Thorsten Kukuk <kukuk@xxxxxxxx> wrote:
>
> On Thu, Jun 6, 2024 at 10:45 PM Luca Boccassi <luca.boccassi@xxxxxxxxx> wrote:
> >
> > On Thu, 6 Jun 2024 at 09:15, Thorsten Kukuk <kukuk@xxxxxxxx> wrote:
>
> > > The default mounts of portable images goes lost during soft-reboot, too.
> > > If you explicitly add them to the service file (e.g.
> > > BindReadOnlyPaths=/run) they survive. Bug report is still on my TODO
> > > list.
> >
> > What do you mean by default mounts here? Everything is defined in
> > either the unit or the profile, apart from proc+sys+dev
>
> proc+sys+dev+run are available after attaching the image and starting
> the service, but they are gone after a soft-reboot.
> If I add them with e.g. "BindReadOnlyPaths=/run" to the service file, they stay.

I cannot reproduce that, proc/sys/dev are available before and after a
soft reboot. Tested with:

systemd-run -p SurviveFinalKillSignal=yes -p IgnoreOnIsolate=yes -p
DefaultDependencies=no -p RootImage=/usr/share/minimal_0.raw --unit
test.service sh -c 'while true; do ls /proc /sys /dev; sleep 1; done'

/run is expected though - if you want that, you need to bind mount it
explicitly. You normally don't want all of it, and the default
portable profile only picks the journal and dbus sockets and a couple
of other things, which is better:

BindReadOnlyPaths=/dev/log /run/systemd/journal/socket
/run/systemd/journal/stdout
BindReadOnlyPaths=/etc/machine-id
BindReadOnlyPaths=-/etc/resolv.conf
BindReadOnlyPaths=/run/dbus/system_bus_socket

> My demo: https://github.com/thkukuk/sec-counter
> Remove the BindReadOnlyPaths entry from
> portable-image/sec-counter.service and the service will stop writing
> to journald with sd_journal_print().

Note that you really don't want PrivateTmp=yes as that will bind it to
the previous /tmp from the host, which is recreated on softreboot, so
it will be leaked. You want TemporaryFileSystem=/tmp instead.