[Pkg-sysvinit-devel] Bug#633845: initscripts: unupgradeable on vserver
Roger Leigh
rleigh at codelibre.net
Thu Jul 14 10:36:59 UTC 2011
On Thu, Jul 14, 2011 at 12:22:52PM +0200, Adam Borowski wrote:
> In containers like vserver, even root cannot mount things from the inside,
> for obvious security reasons.
>
> This makes the new postinst fail:
> dpkg: error processing initscripts (--configure):
> subprocess installed post-installation script returned error exit status 1
>
> I don't know about openvz or lxc, but I guess the situation is same there.
If the environment doesn't support mounting, we need a means
to detect that in the postinst. We started using ischroot(1)
from debianutils rather than hardcoding the logic. Perhaps
what's needed is for that script to have explict support for
vserver added, and perhaps openvz and lxc as well.
The distinction we make in the initscripts postinst is whether or
not the standard initscripts (mountkernfs, mountdevsubfs, mtab,
mountall etc.) are run when the system is started up. If they
aren't, we can't do a proper transition to /run. A chroot falls
into this category, and it may well be that vservers and other
lightweight virtualisation systems also fall into this catergory.
"Full" virtualisation, in comparison, does not due to booting a
kernel and running all the scripts.
IIRC we were explicitly supporting vserver in the postinst prior
to the switch to ischroot, though I didn't test it myself. If the
logic in older versions detects vservers correctly for you and
ischroot does not, we need to get that logic added to ischroot
(or back in the postinst if that's the best place).
Note that 2.88dsf-13.6 was the last version not using ischroot, so
I would suggest trying out the postinst logic from that version.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-sysvinit-devel/attachments/20110714/be292e39/attachment.pgp>
More information about the Pkg-sysvinit-devel
mailing list