söndagen den 5 augusti 2012 17:42:04 skrev du: > On 08/05/2012 05:16 PM, Jon Severinsson wrote: > > I'm not sure where to report the bugs I've found, so I'm sending > > them directly to you. > > that's fine; for the next time: > > * you can also always send stuff to debian-live@lists.debian.org, > which is more reliable than to send mail exclusively to me :) > > * report against the debian-live pseudo-package in the bts
OK, thanks for the info.
> > 1. First, there is a typo in
> > scripts/debconfig/0030-sysvinit.templates, a missing white space
> > causes live-debconfig to try to disable the (non-existing)
> > umountfsumountroot service, instead of the umountfs *and*
> > umountroot services by default.
>
> fixed in git, thanks.
OK, thanks
> > 2. Secondly, even if you add the white space manually, disabling
> > those services will have no effect. That is because all update-rc.d
> > ... disable does is replacing any S??«service» links with
> > K??«service» links in all runlevels. As the umount* services are in
> > fact only stopped, never started, that makes disable useless. What
> > you actually need to do is to *remove* those services.
> >
> > Unfortunately, update-rc.d don't remember that you have done so,
> > and will re- add them on upgrades/reinstalls of the package
> > providing them (initscripts). I have no idea how to work around
> > that...
>
> that's why we were using disable instead of remove, to workaround
> excately that. seems that's not working with those that only have K*
> links then. i'll have to check later on that how we can best
> workaround that too.
Well, working until upgrade is better than not working at all ;), but yes, in
the long run a better workaround is needed.
> > 3. Additionally, disabling the hwclockfirst.sh hwclock.sh does not
> > have the effect you want. Those scripts will set the system clock
> > on start, and set the hw clock on stop. Of course, neither works
> > inside a container, but disabling the service will only exchange
> > one error message for another in a container, and will cause
> > massive misbehaviour if done outside of a container. The correct
> > way of disabling hwclockfirst.sh hwclock.sh is to edit
> > /etc/default/hwclock and set HWCLOCKACCESS to "no".
>
> indeed, will do that later today, thanks (this will go into hwclock or
> something script, not on top of the sysvinit one).
OK, sounds good to me.
> > 4. Next, if starting a container without "lxc.cap.drop =
> > sys_admin", the debian initscripts will mount a tmpfs on
> > ${root}/run, which will block host access to /run/initctl (as it is
> > now on a file system inaccessible from outside the container),
> > which makes lxc-halt fail with an error message, and makes
> > lxc-start unable to detect a shutdown from within the container
> > (thus mandating a manual lxc-stop call). The only way I've found to
> > stop that is to disable the "mountkernfs.sh" and "mountall.sh"
> > initscripts.
>
> ..or not mounting a tmpfs on /run within the container?
At least in sysvinit 2.88dsf-29 (in sid, targeted for wheezy), both these
initscripts will unconditionally mount a tmpfs on /run, so the only way to
*not* mounting a tmpfs on /run is to not run either initscript (or edit them
to not mount /run when in lxc, which I have no idea of how to do).
The only reason it works in the default configuration is that the default lxc
configureation file includes "lxc.cap.drop = sys_admin" which makes both these
initscripts a no-op, except for spewing error messages on the console (so it's
not like disabling them actually breaks anything that works in the default
configuration anyway).
> > 5. Finally, I've found that letting the container shut down the
> > loopback network device will also cause the host to try to shut
> > down it's loopback device, which will fail if it is in use and
> > instead spam all consoles with error messages every second untill
> > you restart the computer. Not actually a serious prolem, but damn
> > irritating, so please make live-debconfig comment out the "auto lo"
> > line in /etc/network/interfaces when in an lxc container (lxc-
> > start will set it up anyway)...
>
> right, but that should go to the ifupdown script, not the sysvinit one.
That was my first thought as well, unfortunately my debconf-fu is not good
enough to figgure out how to use a debconf answare in more than one script
without asking the same question twice :-(, and I thought it bad taste to
unconditionaly disable the loopback interface...
> > Attaching a patch fixing all these issues to the best of my
> > ability.
>
> thanks. bonus points for making individual broken out patches (one
> patch for one fix) with commit message so i can 'git am' them :)
OK, done for nr 2 and 4, you've already fixed 1, and I don't know how to do 3
and 5 propperly.
Best Regards
Jon Severinsson
From b98045fdf91511f1ea833e1e72a977834550efad Mon Sep 17 00:00:00 2001
From: Jon Severinsson <j...@severinsson.net>
Date: Sun, 5 Aug 2012 19:16:17 +0200
Subject: [PATCH 1/2] Remove, rather than disable, the umount* initscripts in lxc containers.
Required as disable is a no-op for initscripts that are only installed as K??* actions.
NB: This is not as bullet-proof as it should be, uppgrading or reinstalling the initscripts package will restore them, and thus require the user to run live-debconfig again.
---
scripts/debconfig/0030-sysvinit | 10 +++++++++-
1 fil ändrad, 9 tillägg(+), 1 borttagning(-)
diff --git a/scripts/debconfig/0030-sysvinit b/scripts/debconfig/0030-sysvinit
index def1039..d63e483 100755
--- a/scripts/debconfig/0030-sysvinit
+++ b/scripts/debconfig/0030-sysvinit
@@ -140,9 +140,17 @@ case "${_LXC_ENABLE}" in
# Remove pointless services in a container
for _SERVICE in ${_LXC_DISABLE_SERVICES}
do
+ case ${_SERVICE} in
+ umount*)
+ _ACTION=remove
+ ;;
+ *)
+ _ACTION=disable
+ ;;
+ esac
if [ -e "/etc/init.d/${_SERVICE}" ]
then
- update-rc.d -f ${_SERVICE} disable 2>&1 | \
+ update-rc.d -f ${_SERVICE} ${_ACTION} 2>&1 | \
grep -v "update-rc.d: using dependency based boot sequencing" | \
grep -v "update-rc.d: error: cannot find a LSB script for mountroot" || true
fi
--
1.7.10.4
From 34da130881931a4142521bfcb5c0f085e2bf039e Mon Sep 17 00:00:00 2001
From: Jon Severinsson <j...@severinsson.net>
Date: Sun, 5 Aug 2012 19:24:44 +0200
Subject: [PATCH 2/2] Add mountkernfs.sh and mountall.sh to the list of services disabled in lxc containers.
These initscriopts unconditionaly mounts a tmpfs on /run which stops lxc-halt and lxc-start from communicating with the container init.
Mounting filesystems at boot is better done in the lxc configuration file anyway.
---
scripts/debconfig/0030-sysvinit | 2 +-
scripts/debconfig/0030-sysvinit.templates | 4 ++--
2 filer ändrade, 3 tillägg(+), 3 borttagningar(-)
diff --git a/scripts/debconfig/0030-sysvinit b/scripts/debconfig/0030-sysvinit
index d63e483..b0bd015 100755
--- a/scripts/debconfig/0030-sysvinit
+++ b/scripts/debconfig/0030-sysvinit
@@ -16,7 +16,7 @@ Defaults ()
{
_LXC_ENABLE="${_LXC_ENABLE:-false}"
_LXC_CONSOLES="${_LXC_CONSOLES:-6}"
- _LXC_DISABLE_SERVICES="${_LXC_DISABLE_SERVICES:-checkroot.sh hwclockfirst.sh hwclock.sh kmod module-init-tools umountfs umountroot}"
+ _LXC_DISABLE_SERVICES="${_LXC_DISABLE_SERVICES:-checkroot.sh hwclockfirst.sh hwclock.sh kmod module-init-tools mountkernfs.sh mountall.sh umountfs umountroot}"
}
db_get live-debconfig/sysvinit/lxc-enable
diff --git a/scripts/debconfig/0030-sysvinit.templates b/scripts/debconfig/0030-sysvinit.templates
index 0754ff6..812d77c 100644
--- a/scripts/debconfig/0030-sysvinit.templates
+++ b/scripts/debconfig/0030-sysvinit.templates
@@ -20,9 +20,9 @@ Description: live-debconfig: How many consoles for LXC?
Template: live-debconfig/sysvinit/lxc-disable-services
Type: string
-Default: checkroot.sh hwclockfirst.sh hwclock.sh kmod module-init-tools umountfs umountroot
+Default: checkroot.sh hwclockfirst.sh hwclock.sh kmod module-init-tools mountkernfs.sh mountall.sh umountfs umountroot
Description: live-debconfig: Which services to disable for LXC?
Some services are not useful in containers and should be disabled.
.
- This defaults to checkroot.sh hwclockfirst.sh hwclock.sh kmod module-init-tools
+ This defaults to checkroot.sh hwclockfirst.sh hwclock.sh kmod module-init-tools mountkernfs.sh mountall.sh
umountfs umountroot.
--
1.7.10.4
signature.asc
Description: This is a digitally signed message part.
