FS#59878 - [devtools] makechrootpkg: expose systemd.nspawn
Attached to Project:
Arch Linux
Opened by Yu, Li Yu (afg) - Thursday, 30 August 2018, 14:53 GMT
Last edited by Kristian (klausenbusk) - Saturday, 03 June 2023, 18:07 GMT
Opened by Yu, Li Yu (afg) - Thursday, 30 August 2018, 14:53 GMT
Last edited by Kristian (klausenbusk) - Saturday, 03 June 2023, 18:07 GMT
|
Details
Description:
I'd like to have makechrootpkg run under customized privilege settings. For example to limit CPU usage on a workstation, or allow for more open files as required by aur/code [1]. Proposed solution: Set --machine=makechrootpkg in systemd-nspawn or allow specifying --machine in the command line. The systemd-nspawn command line switches have corresponding settings available in {name}.nspawn files, for example --rlimit=RLIMIT_NOFILE=8192 maps to LimitNOFILE=8192 in {name}.spawn [2]. systemd-nspawn looks for {name}.nspawn files in /etc/systemd/nspawn/{name}.nspawn (and various places) to look for container settings, where name is derived from the --machine flag or directory name [3]. I propose that makechrootpkg always set --machine=makechrootpkg so /etc/systemd/nspawn/makechrootpkg.nspawn can be used to configure the container, or add a flag `-M <machine>` on makechrootpkg to allow for better flexibility. This method also somewhat fixes Finally, if this is to be considered, maybe also need to think about whether to also add --settings=trusted. So {name}.nspawn can also live at the parent of the chroot directory. Alternatives: 1. $CHROOT/root/etc/security/limits.conf gets overrides by systemd-nspawn's default values 2. systemd-nspawn infers the name from the directory name if --machine is not set. This works if the directory used by makechrootpkg is static. This method does not work well with -T (Build in a temporary directory). 3. end-of-options marker (--) is already used for makepkg flags. I don't think there is space for passing through systemd-nspawn flags. [1] aur/code - https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=code#n72 [2] systemd.nspawn(5) - https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html [3] systemd-nspawn(1) - https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--settings=MODE |
This task depends upon
Closed by Kristian (klausenbusk)
Saturday, 03 June 2023, 18:07 GMT
Reason for closing: Upstream
Additional comments about closing: Please report upstream if this is still relevant: https://gitlab.archlinux.org/archlinux/d evtools.
Saturday, 03 June 2023, 18:07 GMT
Reason for closing: Upstream
Additional comments about closing: Please report upstream if this is still relevant: https://gitlab.archlinux.org/archlinux/d evtools.
-l <copy> The directory to use as the working copy of the chroot
When -l $mach is used together with -T, it seemed that the name becomes $mach-$pid_of_makechrootpkg so $mach.nspawn still isn't picked up