From 533c6b93ec1f8af64483f31f6adb98306653ece9 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <lukeshu@lukeshu.com>
Date: Fri, 15 Sep 2017 12:05:37 -0400
Subject: [PATCH 00/31] notsystemd-234.1 release

________________________________________________________________________________
Preface

  This is the third release of "notsystemd", a project to turn the various
  components of systemd into independent pieces that can be used no matter
  which software is used for PID 1; in a similar spirit to eudev or elogind.

  notsystemd is developed as part of the Parabola project.  notsytemd
  development tracks not upstream systemd, but the version of systemd shipped
  by Parabola GNU/Linux-libre (which in turn tracks the version shipped by
  Arch Linux).

  This release is almost identical to 233.1, but has been updated for
  systemd 234.  This brings the exciting change that Meson is now a
  supported alternative to the GNU Autotools when building notsystemd.

________________________________________________________________________________
Notice

   The default behavior of `systemd-nspawn --register=no` has changed.
   Non-systemd users will probably wish to start using `systemd-nspawn
   --register=no --keep-unit` (and some systemd users will as well).

   notsystemd's nspawn likely has issues with resource-control when using
   cgroup v2.  This potential bug has not yet been fully investigated.  It has
   likely been present in all versions of notsystemd.  However, this is of
   slightly more concern now, as OpenRC gained support for cgroup v2
   yesterday.

________________________________________________________________________________
Functional Description

  At a minimum, the following utilities should be functional on non-systemd
  systems:

    systemd-nspawn
    systemd-machine-id-setup
    systemd-tmpfiles
    systemd-sysusers

  Notes about notsystemd's nspawn:

    systemd-nspawn is a tool for running containers.  By default, it
    attempts to speak with other parts of the systemd family, but this can
    be disabled:

     - By default it attempts to register its containers with machined over
       its D-Bus API.  If machined isn't running, or can't be started
       automatically by dbus-daemon, then this will fail.  If you can't or
       won't run machined, you will need to pass the `--register=no` flag to
       systemd-nspawn.  notsystemd has not yet made any effort to make
       systemd-machined usable on non-systemd systems.

     - If `--register=no`, then by default it attempts to ask systemd to
       create a cgroup ("scope unit" in systemd's terminology) for the
       container over its D-Bus API.  If you aren't running systemd, this
       will fail.  This can be disabled by passing the `--keep-unit` flag to
       systemd-nspawn.  notsystemd has not yet made any effort to implement
       systemd's D-Bus API for non-systemd systems.

    By default, it will attempt to re-create the cgroup setup of the host in
    the container.  It does not support cgroup v1/v2 mixed setups except for
    the one of the specific arrangements used by systemd.  If using a cgroup
    setup different than one that systemd can use, then the
    $UNIFIED_CGROUP_HIERARCHY variable may not be used.  More specifically,
    here is how it handles each of the following cgroup setups:

     - cgroup v1, systemd: (that is, with a name=systemd hierarchy at
                           /sys/fs/cgroup/systemd) Mimic the setup of the
                           host.  $UNIFIED_CGROUP_HIERARCHY may be used to
                           override this.

     - cgroup v1, other  : Mimic the setup of the host.
                           $UNIFIED_CGROUP_HIERARCHY may not be used.

     - cgroup v2         : Mimic the setup of the host; unless the container
                           looks like it has a version of systemd older than
                           230, in which case it will create a "cgroup v1,
                           systemd" setup in the container.
                           $UNIFIED_CGROUP_HIERARCHY may be used to override
                           this.

     - cgroup v1/v2 mixed, systemd-232 : Mimic the setup of the host; unless
                           the container looks like it has a version of
                           systemd older than 232, in which case it will
                           create a "cgroup v1, systemd" setup in the
                           container.  $UNIFIED_CGROUP_HIERARCHY may be used
                           to override this.

     - cgroup v1/v2 mixed, systemd-233+: Mimic the setup of the host; unless
                           the container looks like it has a version of
                           systemd older than 233, in which case it will
                           create a "cgroup v1, systemd" setup in the
                           container.  $UNIFIED_CGROUP_HIERARCHY may be used
                           to override this.

     - cgroup v1/v2 mixed, other       : Unsupported, will refuse to run.

________________________________________________________________________________
Compiling notsystemd-233.1


  Like previous versions of notsystemd, this release of notsystemd is
  published as a set of patches, rather than as a full source tarball.

  The patches should apply cleanly over Parabola's systemd
  234.11-8.parabola3; the most recent version of systemd last shipped
  by Parabola at this time.  The details of that release can be found
  at (pay particular attention to the prepare() function in the
  PKGBUILD)

    https://git.parabola.nu/abslibre.git/tree/libre/systemd?id=ef333f98a4aa0d06d109e2c3d1b14b291bc5304a

  notsystemd expects that any changes applied by the Parabola to already be
  applied (though I would be surprised if you had trouble applying the
  notsystemd patches without without them).  If you do have trouble applying
  them to a different base, see the note about mechanical changes below.

________________________________________________________________________________
Description of changes

  Mostly-mechanical changes (5):

      These changes should have no user-visible affects; they are all code
      cleanup, organization, and plumbing changes that are mechanical in
      nature (search/replace, copy/paste), and may be easier to re-create by
      hand rather than by applying the patch when being applied to a
      different base.

    (0001) nspawn: Simplify tmpfs_patch_options() usage, and trickle that up
    (0002) nspawn: Simplify mkdir_userns() usage, and trickle that up
    (0003) nspawn: Move cgroup mount stuff from nspawn-mount.c to nspawn-cgroup.c
    (0004) nspawn: nspawn-cgroup.{c,h}: s/unified_requested/inner_cgver/
    (0005) nspawn: sync_cgroup(): Rename arg_uid_shift -> uid_shift

  Better 232/233 distinction (5)

      The first 4 patches should have no user-visible affects; they are all
      code cleanup, organization, and plumbing changes for the 5th commit,
      which fixes systemd bug #6310, in which it fails to differentiate
      between systemd-232-style cgroup v1/v2 mixed setups and 233-style
      setups.

    (0006) cgroup-util: Fix a comment about cg_kernel_controllers() behavior
    (0007) cgroup-util: Merge the unified_cache and unified_systemd_v232 caches
    (0008) cgroup-util: Add cg_version() to get the raw CGroupUnified enum
    (0009) cgroup-util,nspawn: Use switch cases around CGroupUnified when possible
    (0010) nspawn: Allow the container to inherit a 232-style hybrid (#6310)

  Non-functional changes (15):

      These changes should have no user-visible affects; they are all code
      cleanup, organization, and plumbing changes that set the stage for
      user-visible changes below.

    (0011) cgroup-util: Split out cg_pid_get_path_internal()
    (0012) nspawn: mount_sysfs(): Reword the comment about /sys/fs/cgroup
    (0013) nspawn: if !cg_ns_supported() then force arg_use_cgns = false
    (0014) nspawn: Expand comments in detect_unified_cgroup_hierarchy()
    (0015) nspawn: Parse UNIFIED_CGROUP_HIERARCHY similarly to any other arg
    (0016) nspawn: Detect the outer_cgver once, and pass that around
    (0017) nspawn: Merge chown_cgroup(), sync_cgroup(), & create_subcgroup() into one cgroup_setup()
    (0018) nspawn: mount_legacy_cgns_supported(): Rename variables to not lie
    (0019) nspawn: get_v1_hierarchies(): Ditch a pointless check for "name=unified"
    (0020) nspawn: Change where we filter the name=systemd hierarchy
    (0021) nspawn: Track the inner child and outer child PIDs separately
    (0022) nspawn: Add functions for deciding cgroup mounts before performing them
    (0023) nspawn: Decide all cgroup mounts/symlinks before performing any of them
    (0024) nspawn: Split off cgroup_decide_mounts() from mount_cgroups()
    (0025) nspawn: Go ahead and always decide the cgroup mounts in the outer child, not inner

  Functional changes (6):

      These are the user-visible changes.

    (0026) nspawn: Improve --help text
    (0027) nspawn: Clarify sync_cgroup(); tmp dirname, error message
    (0028) nspawn: Improve error messages
    (0029) nspawn: Be more robust when deciding to create subcgroups or chown cgroups
    (0030) nspawn: (Re)mount the systemd hierarchy RO in the outer child, not inner
    (0031) cgroup-util,nspawn: Add a special "inherit" cgroup mode for nspawn

 Makefile.am                |   2 +
 configure.ac               |   2 +-
 meson.build                |   3 +-
 src/basic/cgroup-util.c    |  93 ++++--
 src/basic/cgroup-util.h    |   8 +-
 src/nspawn/nspawn-cgroup.c | 747 +++++++++++++++++++++++++++++++++++++++++----
 src/nspawn/nspawn-cgroup.h |  13 +-
 src/nspawn/nspawn-mount.c  | 454 ++-------------------------
 src/nspawn/nspawn-mount.h  |   7 +-
 src/nspawn/nspawn.c        | 357 +++++++++++++---------
 10 files changed, 1016 insertions(+), 670 deletions(-)

-- 
2.14.1

Happy hacking,
~ Luke Shumaker
