Arch Linux

Description:
I'd like to have makechrootpkg run under customized privilege settings.
For example to limit CPU usage on a workstation, or allow for more open files
as required by aur/code [1].


Proposed solution:
Set --machine=makechrootpkg in systemd-nspawn or allow specifying --machine in the command line.

The systemd-nspawn command line switches have corresponding settings available in {name}.nspawn files,
for example --rlimit=RLIMIT_NOFILE=8192 maps to LimitNOFILE=8192 in {name}.spawn [2].
systemd-nspawn looks for {name}.nspawn files in /etc/systemd/nspawn/{name}.nspawn (and various places)
to look for container settings, where name is derived from the --machine flag or directory name [3].

I propose that makechrootpkg always set --machine=makechrootpkg so /etc/systemd/nspawn/makechrootpkg.nspawn
can be used to configure the container, or add a flag `-M <machine>` on makechrootpkg to allow for
better flexibility.

This method also somewhat fixes  FS#41117  by Private=yes

Finally, if this is to be considered, maybe also need to think about whether to also add --settings=trusted.
So {name}.nspawn can also live at the parent of the chroot directory.


Alternatives:
1. $CHROOT/root/etc/security/limits.conf gets overrides by systemd-nspawn's default values
2. systemd-nspawn infers the name from the directory name if --machine is not set. This works
if the directory used by makechrootpkg is static. This method does not work well with
-T (Build in a temporary directory).
3. end-of-options marker (--) is already used for makepkg flags. I don't think there is space
for passing through systemd-nspawn flags.


[1] aur/code - https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=code#n72
[2] systemd.nspawn(5) - https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html
[3] systemd-nspawn(1) - https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--settings=MODE