23 May 2023 |
@janne.hess:helsinki-systems.de | In reply to @arianvp:matrix.org but works with fakeroot woohoo. (What does fakeroot do? It pretends you're root | 14:15:06 |
Arian | that I understand. but how does it do that? | 14:15:25 |
@janne.hess:helsinki-systems.de | In reply to @arianvp:matrix.org that I understand. but how does it do that?
This is done by setting LD_PRELOAD to libfakeroot.so, which provides wrappers around getuid, chown, chmod, mknod, stat, and so on, thereby creating a fake root environment.
| 14:15:56 |
@mberndt:matrix.org | ElvishJerricco, thanks for your review. I've responded to your comments… https://github.com/NixOS/nixpkgs/pull/229767 | 14:19:15 |
ElvishJerricco | user namespaces are better though. Are there still holdout distros that disable that? | 14:21:27 |
@aloisw:kde.org | In reply to @elvishjerricco:matrix.org user namespaces are better though. Are there still holdout distros that disable that? Our own "hardened" kernel does that, at least. | 14:36:43 |
@aloisw:kde.org | There's also proot -0 . | 14:37:49 |
ElvishJerricco |
No, Stratis is unrelated to LVM and a simpler design
mberndt Huh. For some reason I thought stratis was a management tool for a variety of underlying tech like lvm
| 16:16:08 |
@gdamjan:spodeli.org | stratis is an opinionated subset of LVM + XFS (I think) | 18:11:14 |
@gdamjan:spodeli.org | doesn't even do raid :/ | 18:11:24 |
@mberndt:matrix.org | In reply to @gdamjan:spodeli.org stratis is an opinionated subset of LVM + XFS (I think) It's not based on LVM. | 18:56:12 |
@mberndt:matrix.org | It uses DM though. | 18:56:23 |
Arian | hmm. I think doing NixOS activation in the initrd was a mistake. You can't boot images with systemd-nspawn anymore that use systemd initrd | 21:43:35 |
Arian | We should move it to early stage-2 | 21:44:09 |
Arian | Using a DefaultDependencies=no systemd unit | 21:44:31 |
ElvishJerricco | Couple things | 21:44:41 |
ElvishJerricco |
- we literally can't move it early enough in stage 2 unless it's pre-systemd, because it sets up etc and therefore the systemd units
| 21:45:08 |
Arian | for systemd units we can use the SYSTEMD_UNITS env var | 21:45:34 |
ElvishJerricco |
- It gets us a lot to have it in stage 1. Like if anything in activation fails we get a proper recovery environment
| 21:45:40 |
Arian | (This is documented and stable) | 21:45:44 |
ElvishJerricco | There's also a lot of stuff that's down in activation that expects to come before stage 2 systemd | 21:46:46 |
ElvishJerricco | And where is SYSTEMD_UNITS documented? (On my phone at the moment; hard to check) | 21:47:08 |
Arian | You can get a recovery system from stage 2. just systemctl isolate rescue.target | 21:49:11 |
Arian | hmm wait that wont always work if activation fails | 21:49:11 |
Arian | Perhaps we can make it configurable and/or idempotent | 21:49:11 |
Arian | run activation both in stage-1 and stage-2. if it already ran in stage-1 it's a no-op | 21:49:11 |
Arian | Like. nixos-container probably doesn't work anymore once you enabled systemd initrd. which is bad | 21:49:12 |
Arian | We shouldn't break that | 21:49:12 |
ElvishJerricco | Containers already get lots of special treatment | 21:49:46 |
ElvishJerricco | We can just continue that tradition and have a regular init thingy for them | 21:50:04 |