New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos-container: use systemd-run instead of nsenter #67332
Conversation
This is the first step for unprivileged nixos containers support. Fixes NixOS#30019. See also NixOS#18825, NixOS#57083, and NixOS#67130.
Looks good to me |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Verified that the behaviour is the same and now running all container tests. Will merge after they have passed. Thanks a lot! 👍
There is an issue reported to be caused by this: #72407 (comment) |
@fpletz @veprbl @arianvp @uvNikita this breaks the Please also note that this isn't in the As this is an actual regression, I'd love to see this resolved before releasing 20.03 (cc @worldofpeace @disassembler). I can currently think of two solutions:
Any further ideas? |
@Ma27 Awesome that your so on top of this stuff. I suggest a revert would be best, we're cutting it very close. |
This reverts commit 7cb100b. This appears to break at least the `container`-backend of `nixops`: when running `switch-to-configuration` within `nixos-container run`, the running `systemd`-instance gets reloaded which appears to kill the `systemd-run` command and causes `nixos-container run` to hang. The full issue is reported in the original PR[1]. [1] NixOS#67332 (comment)
Opened #83392 which reverts this on |
This reverts commit 7cb100b. See also #83432. This appears to break at least the `container`-backend of `nixops`: when running `switch-to-configuration` within `nixos-container run`, the running `systemd`-instance gets reloaded which appears to kill the `systemd-run` command and causes `nixos-container run` to hang. The full issue is reported in the original PR[1]. [1] #67332 (comment) (cherry picked from commit 7f1ba60)
Motivation for this change
This is the first step for unprivileged nixos containers support.
Fixes #30019. See also #18825, #57083, and #67130.
@Mic92 I see you commented about
--pty
and--pipe
options in #30019. I'm not sure if I should add it here or not.Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @danbst @mmahut @Mic92