Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memfd-bind: fixup systemd unit file and README #4428

Merged
merged 2 commits into from
Oct 15, 2024
Merged

memfd-bind: fixup systemd unit file and README #4428

merged 2 commits into from
Oct 15, 2024

Conversation

kolyshkin
Copy link
Contributor

The example of starting memfd-bind via systemd in README did not work
for me (Fedora 40, systemd 255):

# systemctl status memfd-bind@/usr/bin/runc
Invalid unit name "memfd-bind@/usr/bin/runc" escaped as "memfd-bind@-usr-bin-runc" (maybe you should use systemd-escape?).
   ○ memfd-bind@-usr-bin-runc.service
        Loaded: bad-setting (Reason: Unit memfd-bind@-usr-bin-runc.service has a bad unit file setting.)
        Active: inactive (dead)
          Docs: https://github.com/opencontainers/runc

So, let's use systemd-escape -p ("path") in the README example,
and use %f in the systemd unit file to prepend the slash to the
filename.

@kolyshkin
memfd-bind: fixup systemd unit file and README
9e55458 
The example of starting memfd-bind via systemd in README did not work
for me (Fedora 40, systemd 255):

	# systemctl status memfd-bind@/usr/bin/runc
	Invalid unit name "memfd-bind@/usr/bin/runc" escaped as "memfd-bind@-usr-bin-runc" (maybe you should use systemd-escape?).
	○ memfd-bind@-usr-bin-runc.service
	     Loaded: bad-setting (Reason: Unit memfd-bind@-usr-bin-runc.service has a bad unit file setting.)
	     Active: inactive (dead)
	       Docs: https://github.com/opencontainers/runc

So, let's use systemd-escape -p ("path") in the README example,
and use %f in the systemd unit file to prepend the slash to the
filename.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
memfd-bind: more specific doc URL
4fdd561 
Let's point to the relevant README directly in the systemd unit file,
as it is hard to find in the whole nine yards of the runc repo.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin marked this pull request as ready for review October 8, 2024 20:37
@kolyshkin kolyshkin requested a review from cyphar October 8, 2024 20:37
rata
rata approved these changes Oct 9, 2024
View reviewed changes
Copy link
Member

@rata rata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kolyshkin
Copy link
Contributor Author

@cyphar PTAL

@cyphar
Copy link
Member

cyphar commented Oct 14, 2024

I can't seem to start this unit on my local machine:

% sudo systemctl start memfd-bind@-usr-bin-runc
Failed to start memfd-bind@-usr-bin-runc.service: Unit memfd-bind@-usr-bin-runc.service has a bad unit file setting.
See system logs and 'systemctl status memfd-bind@-usr-bin-runc.service' for details.
% journalctl -u memfd-bind@-usr-bin-runc
10月 14 21:01:27 thesius systemd[1]: /usr/local/lib/systemd/system/memfd-bind@.service:2: Failed to resolve unit specifiers in 'Manage memfd-bind of %f', ignoring: Invalid argument
10月 14 21:01:27 thesius systemd[1]: /usr/local/lib/systemd/system/memfd-bind@.service:7: Failed to resolve unit specifiers in '%f': Invalid argument
10月 14 21:01:27 thesius systemd[1]: memfd-bind@-usr-bin-runc.service: Unit configuration has fatal error, unit will not be started.

My systemd version should be new enough:

systemd 256 (256.6+suse.8.g8a0ae4d90a)
+PAM +AUDIT +SELINUX +APPARMOR +IMA -SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK -XKBCOMMON -UTMP +SYSVINIT +LIBARCHIVE

Any idea what might be going wrong?

@kolyshkin
Copy link
Contributor Author

% sudo systemctl start memfd-bind@-usr-bin-runc

The unit name should be memfd-bind@usr-bin-runc. This is how systemd-escape -p (and %f) work. Not sure why is this done this way, and the error message is not particularly helpful either.

@cyphar
Copy link
Member

cyphar commented Oct 15, 2024

D'oh 🤦, yeah now it works. It would be nice for the "wrong" way of referencing it (memfd-bind@/usr/bin/runc) to continue to work but at least memfd-bind@usr/bin/runc still works.

@cyphar cyphar merged commit 798ba5c into opencontainers:main Oct 15, 2024
42 checks passed
@github-actions github-actions bot mentioned this pull request Oct 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cyphar cyphar cyphar approved these changes

@rata rata rata approved these changes

Assignees
No one assigned
Labels
easy-to-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kolyshkin @cyphar @rata