From ee183f27ff304b5d35c4f55fc53b6b83d1625ff9 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <lukeshu@lukeshu.com>
Date: Tue, 12 Sep 2017 12:46:14 -0400
Subject: [PATCH v2 00/28] notsystemd-232.2 release
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

________________________________________________________________________________
Preface

  This is the second release of "notsystemd", a project to turn the various
  components of systemd into independent pieces that can be used no matter
  which software is used for PID 1; in a similar spirit to eudev or elogind.

  notsystemd is developed as part of the Parabola project.  notsytemd
  development tracks not upstream systemd, but the version of systemd shipped
  by Parabola GNU/Linux-libre (which in turn tracks the version shipped by
  Arch Linux).

  Parabola is currently shipping systemd 234, but this release is still based
  on systemd-232 in order to fix issues in the existing 232 release.  This
  will be the last notsystemd version to be based on systemd-232.  This
  release focuses on the systemd-nspawn utility, and is primarily a clean-up
  from 232.1.

________________________________________________________________________________
Functional Description

  At a minimum, the following utilities should be functional on non-systemd
  systems:

    systemd-nspawn
    systemd-machine-id-setup
    systemd-tmpfiles
    systemd-sysusers

  Notes about notsystemd's nspawn:

    systemd-nspawn is a tool for running containers.  By default it attempts
    to register its containers with machined over its dubs API.  If machined
    isn't running, or can't be started automatically by dbus-daemon, then
    this will fail.  If you can't or won't run machined, you will need to
    pass the `--register=no` flag to systemd-nspawn.  At this time,
    notsystemd has made no effort to make systemd-machined usable on
    non-systemd systems.

    By default, it will attempt to re-create the cgroup setup of the host in
    the container.  It does not support cgroup v1/v2 mixed setups except for
    the specific arrangement used by systemd-232.  If using a cgroup setup
    different than one that systemd-232 can use, then the
    $UNIFIED_CGROUP_HIERARCHY variable may not be used.  More specifically,
    here is how it handles each of the following cgroup setups:

     - cgroup v1, systemd: (that is, with a name=systemd hierarchy at
                           /sys/fs/cgroup/systemd) Mimic the setup of the
                           host.  $UNIFIED_CGROUP_HIERARCHY may be used to
                           override this.

     - cgroup v1, other  : Mimic the setup of the host.
                           $UNIFIED_CGROUP_HIERARCHY may not be used.

     - cgroup v2         : Mimic the setup of the host; unless the container
                           looks like it has a version of systemd older than
                           230, in which case it will create a "cgroup v1,
                           systemd" setup in the container.
                           $UNIFIED_CGROUP_HIERARCHY may be used to override
                           this.

     - cgroup v1/v2 mixed, systemd-232: Mimic the setup of the host; unless
                           the container looks like it has a version of
                           systemd older than 232, in which case it will
                           create a "cgroup v1, systemd" setup in the
                           container.  $UNIFIED_CGROUP_HIERARCHY may be used
                           to override this.

     - cgroup v1/v2 mixed, systemd-233: Unsupported, will refuse to run.

     - cgroup v1/v2 mixed, other      : Unsupported, will refuse to run.

________________________________________________________________________________
Compiling notsystemd-232.2

  Like notsystemd-232.1, this release of notsystemd is published as a set of
  patches, rather than as a full source tarball.

  The patches should apply cleanly over the version of systemd 232 last
  shipped by Parabola.  The details of that release can be found at (pay
  particular attention to the prepare() function in the PKGBUILD)
  
    https://git.parabola.nu/abslibre.git/tree/libre/systemd?id=2129bef1dbedd7f63c2d065c738384e76ae81278

  notsystemd expects that any changes applied by the Parabola to already
  be applied (though I would be surprised if you had trouble applying the
  notsystemd patches without without them).  If more, or different,
  changes need to be applied, and there are conflicts with patch 0013 (>),
  then it is likely easier to re-create that patch by hand than trying to
  resolve conflicts traditionally (it moves code between 2 files).

  Additionally, if your operating system includes modern versions of the
  following dependencies, you will need to backport the following upstream
  commits (eg using `git cherry-pick`) in order to compile against them:

     lz4   1.7.3 : 3d4cf7de48a74726694abbaa09f9804b845ff3ba : build-sys: check for lz4 in the old and new numbering scheme (#4717)
     gperf 3.1   : c9f7b4d356a453a01aa77a6bb74ca7ef49732c08 : build-sys: add check for gperf lookup function signature (#5055)
     linux 4.10  : dc66f33a16596c2886a24da12e56ec096214e124 : sparse: avoid clash with __bitwise and __force from 4.10 linux/types.h (#5061)
     gcc   7     : ec251fe7d5bc24b5d38b0853bc5969f3a0ba06e2 : tree-wide: adjust fall through comments so that gcc is happy
     glibc 2.26  : 284d1cd0a12cad96a5ea61d1afb0dd677dbd147e : fix includes

________________________________________________________________________________
Description of changes

  Patches which have changed since notsystemd 232.1 are marked (*) in the
  left margin.  232.1's patch 0020 has been split in to two patches; 0020
  and 0021 (!).

  When rebasing this work onto another base, it may be easier to re-create
  patch 0013 (>) by hand, rather than trying to resolve conflicts
  traditionally; as it moves code from one file to another without
  modifying it.

  Backports (3):

      These fixes are backported from systemd v233.

    (0001) nspawn: fix cgroup mode detection
    (0002) nspawn: add missing -E to getopt_long (#4860)
    (0003) nspawn: fix clobbering of selinux context arg

  Non-functional changes (19):

      These changes should have no user-visible affects; they are all code
      cleanup, organization, and plumbing changes that set the stage for
      user-visible changes below.

    (0004) cgroup-util: Fix a comment about cg_kernel_controllers() behavior
    (0005) cgroup-util: Add cg_version() to get the raw CGroupUnified enum
    (0006) cgroup-util: Split out cg_pid_get_path_internal()
    (0007) nspawn: mount_sysfs(): Reword the comment about /sys/fs/cgroup
    (0008) nspawn: if !cg_ns_supported() then force arg_use_cgns = false
    (0009) nspawn: Simplify tmpfs_patch_options() usage, and trickle that up
    (0010) nspawn: sync_cgroup(): Rename arg_uid_shift -> uid_shift
    (0011) nspawn: Clarify detect_unified_cgroup_hierarchy()
    (0012) nspawn: Parse UNIFIED_CGROUP_HIERARCHY similarly to any other arg
  > (0013) nspawn: Move cgroup mount stuff from nspawn-mount.c to nspawn-cgroup.c
    (0014) nspawn: nspawn-cgroup.{c,h}: s/unified_requested/inner_cgver/
  * (0015) nspawn: Detect the outer_cgver once, and pass that around
  * (0016) nspawn: Merge chown_cgroup(), sync_cgroup(), & create_subcgroup() into one cgroup_setup()
    (0017) nspawn: mount_legacy_cgns_supported(): Rename variables to not lie
    (0018) nspawn: Change where we filter the name=systemd hierarchy
    (0019) nspawn: Track the inner child and outer child PIDs separately
  ! (0020) nspawn: Add functions for deciding cgroup mounts before performing them
  ! (0021) nspawn: Decide all cgroup mounts/symlinks before performing any of them
  * (0022) nspawn: Go ahead and always decide the cgroup mounts in the outer child, not inner

  Functional changes (6):

      These are the user-visible changes.

    (0023) nspawn: Improve --help text
  * (0024) nspawn: Clarify sync_cgroup(); tmp dirname, error message
  * (0025) nspawn: Improve error messages
  * (0026) nspawn: Be more robust when deciding to create subcgroups or chown cgroups
  * (0027) nspawn: (Re)mount the systemd hierarchy RO in the outer child, not inner
    (0028) cgroup-util,nspawn: Add a special "inherit" cgroup mode for nspawn

 Makefile.am                |   2 +
 src/basic/cgroup-util.c    |  54 +++-
 src/basic/cgroup-util.h    |   3 +
 src/nspawn/nspawn-cgroup.c | 732 +++++++++++++++++++++++++++++++++++++++++----
 src/nspawn/nspawn-cgroup.h |  13 +-
 src/nspawn/nspawn-mount.c  | 400 ++-----------------------
 src/nspawn/nspawn-mount.h  |   7 +-
 src/nspawn/nspawn.c        | 358 +++++++++++++---------
 8 files changed, 965 insertions(+), 604 deletions(-)

-- 
2.14.1

Happy hacking,
~ Luke Shumaker
