diff options
| author | Wilhelm Schuster <ws@wilhelm.re> | 2016-09-24 00:40:41 +0200 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-09-24 00:40:41 +0200 |
| commit | c37e76b4d2ac59139df8956cc2b1ec6921bea11d (patch) | |
| tree | 40995c5a3a54a88042728d66f480878e100724fb /pkgs/tools/virtualization/nixos-container | |
| parent | 84f7009994b9ac8d591de30615059967f2ef2591 (diff) | |
| download | nixpkgs-c37e76b4d2ac59139df8956cc2b1ec6921bea11d.tar nixpkgs-c37e76b4d2ac59139df8956cc2b1ec6921bea11d.tar.gz nixpkgs-c37e76b4d2ac59139df8956cc2b1ec6921bea11d.tar.bz2 nixpkgs-c37e76b4d2ac59139df8956cc2b1ec6921bea11d.tar.lz nixpkgs-c37e76b4d2ac59139df8956cc2b1ec6921bea11d.tar.xz nixpkgs-c37e76b4d2ac59139df8956cc2b1ec6921bea11d.tar.zst nixpkgs-c37e76b4d2ac59139df8956cc2b1ec6921bea11d.zip | |
nixos-container: Use machinectl shell (#18825)
Using nsenter+su was suboptimal since the environment they provided was not quite the same as the real container environment. See [1] for more background. Note that we directly invoke /bin/sh for `nixos-container root-login` since setting the user's shell is quite complex. See [2] for a related systemd issue. [1]: https://github.com/systemd/systemd/issues/825#issuecomment-127917622 [2]: https://github.com/systemd/systemd/issues/1395
Diffstat (limited to 'pkgs/tools/virtualization/nixos-container')
| -rw-r--r-- | pkgs/tools/virtualization/nixos-container/default.nix | 2 | ||||
| -rwxr-xr-x | pkgs/tools/virtualization/nixos-container/nixos-container.pl | 23 |
2 files changed, 2 insertions, 23 deletions
diff --git a/pkgs/tools/virtualization/nixos-container/default.nix b/pkgs/tools/virtualization/nixos-container/default.nix index 0763536533f..19394ea45d3 100644 --- a/pkgs/tools/virtualization/nixos-container/default.nix +++ b/pkgs/tools/virtualization/nixos-container/default.nix @@ -6,8 +6,6 @@ substituteAll { isExecutable = true; src = ./nixos-container.pl; perl = "${perl}/bin/perl -I${perlPackages.FileSlurp}/lib/perl5/site_perl"; - su = "${shadow.su}/bin/su"; - inherit utillinux; postInstall = '' t=$out/etc/bash_completion.d diff --git a/pkgs/tools/virtualization/nixos-container/nixos-container.pl b/pkgs/tools/virtualization/nixos-container/nixos-container.pl index 1dfe4567d8d..5cb7e3b560b 100755 --- a/pkgs/tools/virtualization/nixos-container/nixos-container.pl +++ b/pkgs/tools/virtualization/nixos-container/nixos-container.pl @@ -8,9 +8,6 @@ use Fcntl ':flock'; use Getopt::Long qw(:config gnu_getopt); use Cwd 'abs_path'; -my $nsenter = "@utillinux@/bin/nsenter"; -my $su = "@su@"; - # Ensure a consistent umask. umask 0022; @@ -220,22 +217,6 @@ sub stopContainer { or die "$0: failed to stop container\n"; } -# Return the PID of the init process of the container. -sub getLeader { - my $s = `machinectl show "$containerName" -p Leader`; - chomp $s; - $s =~ /^Leader=(\d+)$/ or die "unable to get container's main PID\n"; - return int($1); -} - -# Run a command in the container. -sub runInContainer { - my @args = @_; - my $leader = getLeader; - exec($nsenter, "-t", $leader, "-m", "-u", "-i", "-n", "-p", "--", @args); - die "cannot run ‘nsenter’: $!\n"; -} - # Remove a directory while recursively unmounting all mounted filesystems within # that directory and unmounting/removing that directory afterwards as well. # @@ -309,14 +290,14 @@ elsif ($action eq "login") { } elsif ($action eq "root-login") { - runInContainer("@su@", "root", "-l"); + exec("machinectl", "shell", $containerName, "/bin/sh", "-l"); } elsif ($action eq "run") { shift @ARGV; shift @ARGV; # Escape command. my $s = join(' ', map { s/'/'\\''/g; "'$_'" } @ARGV); - runInContainer("@su@", "root", "-l", "-c", "exec " . $s); + exec("machinectl", "--quiet", "shell", $containerName, "/bin/sh", "-l", "-c", $s); } elsif ($action eq "show-ip") { |