Zygo
cancelling with CTRL+C need to be followed by umount /run/bees/mnt/$UUID
btw. I just tried the current beesd script and starting like beesd
..: After cancelling with CTRL+C I always need to umount /run/bees/mnt/bab5... for the next run. Is that intended?
Originally posted by @Massimo-B in https://github.com/Zygo/bees/issues/54#issuecomment-2014991225
Confirmed on https://github.com/Zygo/bees/commit/124507232fe5682c8b6ebe80632c33eccefa8e29 from 9 months ago
Putting this at the beginning of beesd should work:
#!/bin/sh
if [ -z "$UNSHARE_DONE" ]; then
UNSHARE_DONE=true
export UNSHARE_DONE
exec unshare -m --propagation private -- "$0" "$@"
fi
The drawback is that this duplicates the systemd namespacing, and requires the namespace privilege in the script to work. Maybe some additional checks to see if it's running under systemd and skip the extra unshare call?
@Zygo I still think this should be managed by code in testing version, prior of next release.
Detecting if a service is running under systemd is easy by looking at the environment variables. I can create a PR for that.
Detecting if a service is running under systemd is easy by looking at the environment variables. I can create a PR for that.
Please do!
I've added an untested PR using @Zygo's idea, please check if it works properly.
It looks good, but it needs testing on the weird distros. It'll fail outright if you don't have unshare, but that's more than 5 years old now.
I'm also looking at adding nodev to the mount flags to reduce attack surface. We don't need nosymfollow any more, assuming we can get openat2 support to build.
I cherry-picked kakra's PR and accidentally closed this (but not the PR). Yay github surprise UI.
At this point the original issue should be solved. If there are new issues, please reopen.