On Wed, 2017-12-13 at 22:03 +0100, Martin Pitt wrote:
> Robie Basak [2017-12-13 17:57 +0000]:
> > 1) Fix systemd on Trusty so that testing for /run/systemd/system
> > works
> > again. This will probably need to remove /run/systemd/system
> > correctly
> > on postinst as part of the fix. This will unbreak MAAS and snapd
> > working
> > together.
>
> It may work to adjust the upstart job that starts the deputy init
> systemd to
> create its own mount namespace, do a shared bind-mount of the host's
> /run/systemd/ its own namespace, and then do a private tmpfs mount on
> /run/systemd/system/ . Then only pid 1 itself should see
> /run/systemd/system/.
> This of course might break systemd-y things that try to read this,
> but usually
> there's not much in this dir anyway.
>
> I haven't tried this, just as a thought for experimentation.
I suspect this might confuse snapd/snap-confine for manipulating snap
mount namespaces. CC'ing zyga to comment.
--
Jamie Strandboge | http://www.canonical.com
