mirror of
https://github.com/systemd/systemd.git
synced 2025-01-06 17:18:12 +03:00
nspawn: document and test nested nspawn
Running systemd-nspawn within systemd-nspawn is currently possible. Let's make sure we don't regress.
This commit is contained in:
parent
562f7bde88
commit
f53dcbf562
@ -1917,6 +1917,22 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
|
||||
--pivot-root=/ostree/deploy/$OS/deploy/$CHECKSUM:/sysroot \
|
||||
--bind=+/sysroot/ostree/deploy/$OS/var:/var</programlisting>
|
||||
</example>
|
||||
|
||||
<example>
|
||||
<title>Run a container within a container</title>
|
||||
|
||||
<para>We're assuming that the outer container is in <filename index="false">./outer</filename> and
|
||||
the inner container in <filename index="false">./outer/inner</filename>. The inner
|
||||
<command>systemd-nspawn</command> will not be able to reach D-Bus, so we are passing flags to disable
|
||||
some of its functionality.</para>
|
||||
|
||||
<programlisting># systemd-nspawn \
|
||||
--directory outer --ephemeral --console interactive -- \
|
||||
systemd-nspawn \
|
||||
--directory inner --ephemeral --console interactive \
|
||||
--register false --keep-unit --link-journal no -- \
|
||||
echo OK</programlisting>
|
||||
</example>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
@ -6,6 +6,7 @@ Dependencies=
|
||||
exitrd
|
||||
initrd
|
||||
minimal-base
|
||||
minimal-systemd
|
||||
minimal-0
|
||||
minimal-1
|
||||
|
||||
@ -49,6 +50,7 @@ ExtraTrees=
|
||||
%O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
|
||||
%O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
|
||||
%O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
|
||||
%O/minimal-systemd:/usr/share/TEST-13-NSPAWN-container-systemd-template
|
||||
%O/exitrd:/exitrd
|
||||
|
||||
Initrds=%O/initrd
|
||||
|
27
mkosi.images/minimal-systemd/mkosi.conf
Normal file
27
mkosi.images/minimal-systemd/mkosi.conf
Normal file
@ -0,0 +1,27 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
[Config]
|
||||
Dependencies=minimal-base
|
||||
|
||||
[Output]
|
||||
Format=directory
|
||||
|
||||
[Content]
|
||||
BaseTrees=%O/minimal-base
|
||||
Bootable=no
|
||||
|
||||
VolatilePackages=
|
||||
systemd
|
||||
systemd-boot
|
||||
systemd-container
|
||||
systemd-devel
|
||||
systemd-journal-remote
|
||||
systemd-libs
|
||||
systemd-networkd
|
||||
systemd-networkd-defaults
|
||||
systemd-oomd-defaults
|
||||
systemd-pam
|
||||
systemd-resolved
|
||||
systemd-tests
|
||||
systemd-udev
|
||||
systemd-ukify
|
@ -11,9 +11,8 @@ TEST_FORCE_NEWIMAGE=1
|
||||
# shellcheck source=test/test-functions
|
||||
. "${TEST_BASE_DIR:?}/test-functions"
|
||||
|
||||
test_append_files() {
|
||||
local workspace="${1:?}"
|
||||
local container="$workspace/usr/share/TEST-13-NSPAWN-container-template"
|
||||
_install_base_container() {
|
||||
local container="${1:?}"
|
||||
|
||||
# For virtual wlan interface.
|
||||
instmods mac80211_hwsim
|
||||
@ -55,4 +54,14 @@ EOF
|
||||
chmod +x "$container/sbin/init"
|
||||
}
|
||||
|
||||
test_append_files() {
|
||||
local workspace="${1:?}"
|
||||
local container="$workspace/usr/share/TEST-13-NSPAWN-container-template"
|
||||
local container_systemd="$workspace/usr/share/TEST-13-NSPAWN-container-systemd-template"
|
||||
|
||||
_install_base_container "$container"
|
||||
_install_base_container "$container_systemd"
|
||||
initdir="$container_systemd" install_systemd
|
||||
}
|
||||
|
||||
do_test "$@"
|
||||
|
@ -1214,4 +1214,21 @@ testcase_unpriv_fuse() {
|
||||
bash -c 'cat <>/dev/fuse' 2>&1)" == *'cat: -: Operation not permitted' ]]
|
||||
}
|
||||
|
||||
testcase_nested_nspawn() {
|
||||
local root
|
||||
root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.nested_nspawn.XXX)"
|
||||
create_dummy_container "$root" /usr/share/TEST-13-NSPAWN-container-systemd-template
|
||||
mkdir "$root/inner"
|
||||
create_dummy_container "$root/inner"
|
||||
|
||||
systemd-nspawn \
|
||||
--directory="$root" --ephemeral --pipe -- \
|
||||
systemd-nspawn \
|
||||
--directory=/inner --ephemeral --pipe \
|
||||
--register=false --keep-unit --link-journal=no -- \
|
||||
echo OK
|
||||
|
||||
rm -fr "$root"
|
||||
}
|
||||
|
||||
run_testcases
|
||||
|
@ -155,14 +155,15 @@ coverage_create_nspawn_dropin() {
|
||||
|
||||
create_dummy_container() {
|
||||
local root="${1:?}"
|
||||
local source="${2:-/usr/share/TEST-13-NSPAWN-container-template}"
|
||||
|
||||
if [[ ! -d /usr/share/TEST-13-NSPAWN-container-template ]]; then
|
||||
if [[ ! -d "$source" ]]; then
|
||||
echo >&2 "Missing container template, probably not running in TEST-13-NSPAWN?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir -p "$root"
|
||||
cp -a /usr/share/TEST-13-NSPAWN-container-template/* "$root"
|
||||
cp -a "$source"/* "$root"
|
||||
coverage_create_nspawn_dropin "$root"
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user