summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog2
-rw-r--r--src/Propellor/Property/Systemd.hs16
2 files changed, 15 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog
index 599143d8..c262eadf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,7 +15,7 @@ propellor (2.5.0) UNRELEASED; urgency=medium
* Mount /proc inside a chroot before provisioning it, to work around #787227
* --spin now works when given a short hostname that only resolves to an
ipv6 address.
- * Added publish and publish' properties for systemd-spawn containers.
+ * Added publish property for systemd-spawn containers, for port publishing.
(Needs systemd version 220.)
* Added bind and bindRo properties for systemd-spawn containers.
* Firewall: Port was changed to a newtype, and the Port and PortRange
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index c2446b2e..ea8c994e 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -38,6 +38,7 @@ import qualified Propellor.Property.Chroot as Chroot
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.File as File
import Propellor.Property.Systemd.Core
+import Propellor.Property.Mount
import Utility.FileMode
import Data.List
@@ -165,8 +166,19 @@ nspawned c@(Container name (Chroot.Chroot loc system builderconf _) h) =
-- Chroot provisioning is run in systemd-only mode,
-- which sets up the chroot and ensures systemd and dbus are
-- installed, but does not handle the other provisions.
- chrootprovisioned = Chroot.provisioned'
- (Chroot.propigateChrootInfo chroot) chroot True
+ chrootprovisioned =
+ (toProp provisioner `onChange` umountProc)
+ <!>
+ (toProp (revert provisioner))
+ provisioner = Chroot.provisioned' (Chroot.propigateChrootInfo chroot) chroot True
+
+ -- The chroot's /proc is left mounted by the chroot provisioning,
+ -- but that will prevent systemd-nspawn from starting systemd in
+ -- it, so unmount.
+ umountProc = check (elem procloc <$> mountPointsBelow loc) $
+ property (procloc ++ " unmounted") $ do
+ makeChange $ umountLazy procloc
+ procloc = loc </> "proc"
-- Use nsenter to enter container and and run propellor to
-- finish provisioning.