[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var

On Tue, 13 Jun 2023, Bill Allombert wrote:

>I agree, chroots are important to consider, and the system should not
>make assumptions how and why there are used.

Thanks!

>Conversely, sometimes I need to use chroots to test init scripts.
>start-stop-daemon should not refuse to run in a chroot if policy-rc.d
>allows it.

TTBOMK this works-ish. It certainly starts and stops things, but if
you have the same thing running outside of the chroot, interference
may happen. You’ll probably want a separate pid namespace (I think)
at least, and make sure that, when leaving the chroot, everything
started in it is in fact terminated; sometimes, things like to keep
hanging around. This is easier to manage with VMs or (probably; I
don’t like to use them myself) container-ish thingies.

In my schroot setup I used to start a vncserver in a persistent
chroot back when my main system was x32 and vncserver didn’t like
that nor was coïnstallable (hence the i386 chroot).

My “enter a Debian chroot” script, to use e.g. with a Grml live ISO
to fix the bootloader (or to work under qemu-user with an RPi µSD
image before moving it into the embedded machine), certainly tries
hard to create a policy-rc.d to disable dæmon starting should the
user need to install packages, so it generally will work.
https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=shellsnippets/shellsnippets.git;a=blob;f=posix/sysadmin/debchroot.sh;hb=HEAD
in case someone’s interested, it’s more complete than grml-chroot.

bye,
//mirabilos
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

                        ****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against      Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also,     https://www.tarent.de/newsletter
╱ ╲ header encryption!
                        ****************************************************
Reply to: