Re: Various bugs in live-debconfig with regards to lxc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/05/2012 05:16 PM, Jon Severinsson wrote:
> I'm not sure where to report the bugs I've found, so I'm sending
> them directly to you.
that's fine; for the next time:
* you can also always send stuff to debian-live@lists.debian.org,
which is more reliable than to send mail exclusively to me :)
* report against the debian-live pseudo-package in the bts
> 1. First, there is a typo in
> scripts/debconfig/0030-sysvinit.templates, a missing white space
> causes live-debconfig to try to disable the (non-existing)
> umountfsumountroot service, instead of the umountfs *and*
> umountroot services by default.
fixed in git, thanks.
> 2. Secondly, even if you add the white space manually, disabling
> those services will have no effect. That is because all update-rc.d
> ... disable does is replacing any S??«service» links with
> K??«service» links in all runlevels. As the umount* services are in
> fact only stopped, never started, that makes disable useless. What
> you actually need to do is to *remove* those services.
>
> Unfortunately, update-rc.d don't remember that you have done so,
> and will re- add them on upgrades/reinstalls of the package
> providing them (initscripts). I have no idea how to work around
> that...
that's why we were using disable instead of remove, to workaround
excately that. seems that's not working with those that only have K*
links then. i'll have to check later on that how we can best
workaround that too.
> 3. Additionally, disabling the hwclockfirst.sh hwclock.sh does not
> have the effect you want. Those scripts will set the system clock
> on start, and set the hw clock on stop. Of course, neither works
> inside a container, but disabling the service will only exchange
> one error message for another in a container, and will cause
> massive misbehaviour if done outside of a container. The correct
> way of disabling hwclockfirst.sh hwclock.sh is to edit
> /etc/default/hwclock and set HWCLOCKACCESS to "no".
indeed, will do that later today, thanks (this will go into hwclock or
something script, not on top of the sysvinit one).
> 4. Next, if starting a container without "lxc.cap.drop =
> sys_admin", the debian initscripts will mount a tmpfs on
> ${root}/run, which will block host access to /run/initctl (as it is
> now on a file system inaccessible from outside the container),
> which makes lxc-halt fail with an error message, and makes
> lxc-start unable to detect a shutdown from within the container
> (thus mandating a manual lxc-stop call). The only way I've found to
> stop that is to disable the "mountkernfs.sh" and "mountall.sh"
> initscripts.
..or not mounting a tmpfs on /run within the container?
> 5. Finally, I've found that letting the container shut down the
> loopback network device will also cause the host to try to shut
> down it's loopback device, which will fail if it is in use and
> instead spam all consoles with error messages every second untill
> you restart the computer. Not actually a serious prolem, but damn
> irritating, so please make live-debconfig comment out the "auto lo"
> line in /etc/network/interfaces when in an lxc container (lxc-
> start will set it up anyway)...
right, but that should go to the ifupdown script, not the sysvinit one.
> Attaching a patch fixing all these issues to the best of my
> ability.
thanks. bonus points for making individual broken out patches (one
patch for one fix) with commit message so i can 'git am' them :)
- --
Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email: daniel.baumann@progress-technologies.net
Internet: http://people.progress-technologies.net/~daniel.baumann/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlAelEwACgkQ+C5cwEsrK56EHQCeJcBY1qgsY8KSXvqACs9EWDkN
iw4An3BdVaSILcziY7sALra4AmMPCVQr
=IpI2
-----END PGP SIGNATURE-----
Reply to: