Skip to content
This repository was archived by the owner on Sep 24, 2020. It is now read-only.

cherry-pick: nspawn: R/W support for /sys, and /proc/sys (v231)#71

Merged
crawford merged 1 commit intocoreos:v231-coreosfrom
s-urbaniak:nspawn-rw-support-backport-v231
Nov 30, 2016
Merged

cherry-pick: nspawn: R/W support for /sys, and /proc/sys (v231)#71
crawford merged 1 commit intocoreos:v231-coreosfrom
s-urbaniak:nspawn-rw-support-backport-v231

Conversation

@s-urbaniak
Copy link

@s-urbaniak s-urbaniak commented Nov 25, 2016

This cherry-picks the upstream contribution systemd#4395.
It is needed in rkt to support privileged containers rkt/rkt#3245.

This is the backport for v231 of systemd.

@s-urbaniak
nspawn: R/W support for /sys, and /proc/sys
b40a0d9 
This commit adds the possibility to leave /sys, and /proc/sys read-write.
It introduces a new (undocumented) env var SYSTEMD_NSPAWN_API_VFS_WRITABLE
to enable this feature.

If set to "yes", /sys, and /proc/sys will be read-write.
If set to "no", /sys, and /proc/sys will be read-only.
If set to "network" /proc/sys/net will be read-write. This is useful in
use-cases, where systemd-nspawn is used in an external network
namespace.

This adds the possibility to start privileged containers which need more
control over settings in the /proc, and /sys filesystem.

This is also a follow-up on the discussion from
systemd#4018 (comment) where an
introduction of a simple env var to enable R/W support for those
directories was already discussed.
@jonboulle
Copy link

jonboulle commented Nov 25, 2016

👍

@s-urbaniak s-urbaniak changed the title cherry-pick: nspawn: R/W support for /sys, and /proc/sys cherry-pick: nspawn: R/W support for /sys, and /proc/sys (v231) Nov 25, 2016
@s-urbaniak
Copy link
Author

s-urbaniak commented Nov 30, 2016

ping @coreos/team-os do we have a chance to land this?

@s-urbaniak s-urbaniak mentioned this pull request Nov 30, 2016
Open
@crawford
Copy link

crawford commented Nov 30, 2016

We can get this into tomorrow's Alpha.

@crawford crawford merged commit 374499b into coreos:v231-coreos Nov 30, 2016
@crawford
Copy link

crawford commented Dec 1, 2016

Sorry, I forgot to bump the systemd release in our overlay. This change will be in the next Alpha in two weeks.

This was referenced Dec 8, 2016
Merged
Merged
@s-urbaniak s-urbaniak mentioned this pull request Jan 17, 2017
Merged
@s-urbaniak s-urbaniak mentioned this pull request Feb 2, 2017
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@crawford crawford crawford approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@s-urbaniak @jonboulle @crawford