From b4503a782bfafd5b08c51f00e4c90539cae34009 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 1 Jun 2015 17:44:37 -0400 Subject: explicitly speciy params for systemd-nspawn ExecStart It was using whatever was in /lib/systemd/system/systemd-nspawn@.service, but systemd 220 added --network-veth to that, which can break existing setups. So don't do that. --- src/Propellor/Property/Systemd.hs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs index ea8c994e..87290fc0 100644 --- a/src/Propellor/Property/Systemd.hs +++ b/src/Propellor/Property/Systemd.hs @@ -202,8 +202,14 @@ nspawnService (Container name _ _) cfg = setup teardown return $ unlines $ "# deployed by propellor" : map addparams ls addparams l - | "ExecStart=" `isPrefixOf` l = - l ++ " " ++ unwords (nspawnServiceParams cfg) + | "ExecStart=" `isPrefixOf` l = unwords $ + [ "ExecStart = /usr/bin/systemd-nspawn" + , "--quiet" + , "--keep-unit" + , "--boot" + , "--link-journal=try-guest" + , "--directory=/var/lib/container/%i" + ] ++ nspawnServiceParams cfg | otherwise = l goodservicefile = (==) @@ -290,8 +296,6 @@ containerCfg p = RevertableProperty (mk True) (mk False) ('-':_) -> p _ -> "--" ++ p - - -- | Bind mounts from the host into the container. -- -- This property is enabled by default. Revert it to disable it. -- cgit v1.2.3