Hi Martin, did a little testing following instructions that you provided:
note that doing something like incus launch images:devuan/daedalus devuantest --environment-file="./env" with env as cat ./env PATH=PATH=/usr/sbin:/sbin:/usr/bin:/bin seems to do the trick (only tested dhcpcd with "/etc/network/interfaces" though). Anyway we are already carrying a patch for SIGPWR to save an extra command line switch in containers, so I'm going to fix this by exporting PATH in stage 1, 2 and 3. (also the same issue could pop up for other corner/rare case so let's fix it once for all). Thanks for reporting and for providing all the info! Best Regards, Lorenzo On Sat, 12 Oct 2024 10:39:32 +0200 Martin Steigerwald <mar...@lichtvoll.de> wrote: > Hi Lorenzo. > > Thanks for coming back to me on this. I now just took the time to > describe a basic Incus container setup to you by looking at my > internal documentation. I appreciate that you follow up on issues > like this! > > Lorenzo - 11.10.24, 23:45:56 MESZ: > > For the /usr/local issue, please open another bug, or start a > > > > > discussion in init-diversity or DNG list. > > > > I did some digging and I don't think I'm going to remove local from > > PATH; I think having executables there to mask system's equivalent > > is the intended usage, and if an attacker has write access on root > > the system is already compromised.. > > there was a bug about this few years ago, see > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23913876 > > > > Also, for comparison, I tested 'echo $PATH' in a getty under > > systemd and sysvinit and it looks like both have local in PATH. > > Fair enough. I consider that one settled and won't open an extra issue > about it. > > Regarding incus, I still did not give you any hints. It is quite > simple for a basic setup, but can become more complicated when you > tweak things. > > In Debian/Devuan Unstable/Testing install package "incus". For Stable > you need to use backports. You could use "lxd" on stable. It may just > work when you place each call to "incus" command with "lxd", but I do > not know for sure. > > Do "incus admin init". > > It does a default network setup including "incusbr0" bridge that > should be sufficient for testing. You can show it with "incus network > list" and edit it with "incus network edit". > > It comes with a default storage. I did my own with > > incus storage create container btrfs source=/srv/container > > and removed the default one with "incus storage delete default". But > I think you can just use the default storage for testing. > > For Incus on Devuan you need a way to start it. I use runit: > > % cat /usr/share/runit/sv/incus/run > #!/usr/bin/env /lib/runit/invoke-run > #Copyright: 2024 Martin Steigerwald <mar...@lichtvoll.de> > #License: BSD-3-Clause > > exec 2>&1 > if [ -e /etc/runit/verbose ]; then > echo "Invoke-run: starting ${PWD##*/}" > fi > /usr/libexec/incus/incus-apparmor-load > exec /usr/libexec/incus/incusd --group incus-admin > > % cat /usr/share/runit/sv/incus-user/run
