summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_2_152c6b9d0ac402c374d9cfaf9ef14904._comment13
-rw-r--r--doc/forum/Unprivileged_containers_break_propellor.mdwn53
-rw-r--r--doc/forum/isCopyOf_does_not_work_on_nfs_filesystem.mdwn25
3 files changed, 91 insertions, 0 deletions
diff --git a/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_2_152c6b9d0ac402c374d9cfaf9ef14904._comment b/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_2_152c6b9d0ac402c374d9cfaf9ef14904._comment
new file mode 100644
index 00000000..ef6658a2
--- /dev/null
+++ b/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_2_152c6b9d0ac402c374d9cfaf9ef14904._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="serge1cohen"
+ avatar="http://cdn.libravatar.org/avatar/df873622c2eeb5b34222b7af0d47abd0"
+ subject="Works !"
+ date="2019-09-16T16:50:42Z"
+ content="""
+Hi again,
+
+I have just commuted all HasInfo and Debian (to have HasInfo first) and all works !
+Cool, thanks !
+
+Serge.
+"""]]
diff --git a/doc/forum/Unprivileged_containers_break_propellor.mdwn b/doc/forum/Unprivileged_containers_break_propellor.mdwn
new file mode 100644
index 00000000..0cb02c9b
--- /dev/null
+++ b/doc/forum/Unprivileged_containers_break_propellor.mdwn
@@ -0,0 +1,53 @@
+When trying to set up an unprivileged nspawn container, e.g., like shown below, propellor breaks, as it bind-mounts the `/usr/local/propellor` directory from the host, which leads to broken UIDs when seen from inside the container. I'm assuming `propellChroot` in `src/Propellor/Property/Chroot.hs` is the code that's responsible. Unfortunately, I'm not very firm in Haskell, so I'm not sure I can solve this in reasonable time, but I'll give it a shot.
+
+
+Example config:
+
+```
+rec0 :: Systemd.Container
+rec0 = Systemd.debContainer "rec0" $ props
+ & Systemd.containerCfg "--network-veth"
+ & Systemd.containerCfg "-U"
+ & osDebian (Stable "buster") X86_64
+ & Apt.stdSourcesList
+ & Apt.installed ["pdns-recursor"] `requires` Systemd.running Systemd.networkd
+```
+
+This is the relevant output from a spin that includes the above container definition:
+
+```
+rec0 has container configuration --network-veth ... ok
+rec0 has container configuration -U ... ok
+rec0 has Operating System (Debian Linux (Stable "buster")) X86_64 ... ok
+rec0 standard sources.list ... ok
+Failed to connect to bus: Operation not permitted
+rec0 apt removed cron ifupdown rsyslog iptables isc-dhcp-client ... ok
+rec0 apt installed pdns-recursor ... failed
+propy nspawned rec0 ... failed
+propy overall ... failed
+```
+
+I figured out the (likely) cause like this:
+
+```
+$ findmnt /var/lib/container/rec0/usr/local/propellor
+TARGET SOURCE FSTYPE OPTIONS
+/var/lib/container/rec0/usr/local/propellor /dev/mapper/sys-root[/usr/local/propellor] ext4 rw,relatime,errors=remount-ro
+$ ls -l /var/lib/container/rec0/usr/local/propellor/dist/build/propellor-config/
+total 12272
+drwxr-xr-x 2 vu-rec0-0 vg-rec0-0 4096 Sep 24 01:19 autogen
+-rwxr-xr-x 1 root root 6279024 Sep 24 03:16 propellor-config
+-rwxr-xr-x 1 root root 6279024 Sep 24 03:16 propellor-config.built
+drwxr-xr-x 2 vu-rec0-0 vg-rec0-0 4096 Sep 24 03:16 propellor-config-tmp
+```
+
+I have `libnss-mymachines` setup, so the high UID/GID allocated by systemd show up with symbolic names. From inside the container, the root-owned files will show up as `nobody`:
+
+```
+# ls -l /usr/local/propellor/dist/build/propellor-config/
+total 12272
+drwxr-xr-x 2 root root 4096 Sep 24 01:19 autogen
+-rwxr-xr-x 1 nobody nogroup 6279024 Sep 24 03:16 propellor-config
+drwxr-xr-x 2 root root 4096 Sep 24 03:16 propellor-config-tmp
+-rwxr-xr-x 1 nobody nogroup 6279024 Sep 24 03:16 propellor-config.built
+```
diff --git a/doc/forum/isCopyOf_does_not_work_on_nfs_filesystem.mdwn b/doc/forum/isCopyOf_does_not_work_on_nfs_filesystem.mdwn
new file mode 100644
index 00000000..dff1fdc4
--- /dev/null
+++ b/doc/forum/isCopyOf_does_not_work_on_nfs_filesystem.mdwn
@@ -0,0 +1,25 @@
+Hello, I try to copy a vm image to a directory like this
+
+ & "/nfs/share-temp/panbox-rel.img" `File.isCopyOf` panboxName
+
+
+but when I run this, I get this error message
+
+ sixs3.exp.synchrotron-soleil.fr /root/vm/panbox-rel.img owner picca:grp-instrumentation ... done
+ cp: failed to preserve ownership for '/nfs/share-temp/panbox-rel.img.propellor-new~': Operation not permitted
+ ** error: cp failed
+ ** warning: Cannot continue!
+ CallStack (from HasCallStack):
+ error, called at src/Propellor/Message.hs:143:9 in propellor-5.6.0-GGUJL7KihFnDmzjFSP3dov:Propellor.Message
+ sixs3.exp.synchrotron-soleil.fr /nfs/share-temp/panbox-rel.img is copy of /root/vm/panbox-rel.img ... failed
+
+I understand thaht it is not possible to use cp --preserve... on the nfs system.
+
+So is seems that Propellor miss a copyFile whcih is usable also on nfs system :).
+what is the best way to solve this problem.
+
+I can copy the file without the preserve flag.
+
+Cheers
+
+Fred