New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gitea: Added option sandbox
to be able to disable systemd sanboxing
#94756
Conversation
… features This is useful to run gitea inside an lxd container.
Since I already separate my services via lxd containers I don't see the point in additionally sandbox it via systemd. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should have a sandbox
flag for every systemd service. We introduce "sandboxing" in many services now. It's not a boolean flag, some features might not work in docker, some features might work in lxd. If systemd features don't work in LXD containers we should disable them in general for LXD instead of introducing a flag in every service.
cc @NixOS/systemd |
@Mic92 You mean it should be checked for |
I propose approaching systemd upstream here. This smells like some problem with not all cgroups being available inside lxd, and systemd failing ungracefully. |
@asbachb can try this variant:
|
@Izorkin Basically this kind of configuration prevents the Started another discussion on lxd forums: https://discuss.linuxcontainers.org/t/sandboxed-systemd-service-fails-due-to-cgroups-issue/8650/5 |
So maybe your solution is to use cgroup v2? |
Motivation for this change
Add ability to disable systemd sandbox functionality in order to run gitea inside an lxd container.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)