'Twas brillig, and Bruno Cornec at 16/01/13 23:41 did gyre and gimble: > Colin Guthrie said on Wed, Jan 16, 2013 at 09:17:46PM +0000: > >>> C) of course, udev is not inside systemd, so it appears the new way is now >>> to >>> somehow spawn a systemd process inside the chroot (maybe systemd-nspawn?) >> >> Personally I think that's overkill. > > +1 and systemd works badly with chrooted prcesses itself as I > experienced recently with squid :-( I'd like to have more time to > experiment with LXC, maybe a easier solution for systemd usage (but not > for what you tried to achieve).
Perhaps squid is not configured right, but systemd works very well with chrooted processes - it's one of the core features to make chrooting easier and prevent the need for boiler plate setup in numerous packages. That said some changes may be required to make best use of this. See part 6 in the (currently) 20 part series of blog posts regarding systemd for administrators: http://0pointer.de/blog/projects/changing-roots.html (for full list see here: http://www.freedesktop.org/wiki/Software/systemd and look for "The systemd for Administrators Blog Series") Depending on the need for access to socket paths (e.g. for unix sockets) then the /run on tmpfs can cause some problems (e.g. with cyrus-sasl auth and chrooted postfix - previously hardlinks were used to allow the chroot and host to see the "same" socket, but this was hacky at best as there was no guarantee the chroot and host were on the same filesystem - now they are guaranteed not to be on the same fs). If you would like to detail the problems with squid and point at a detailed bug report I can take a look or at least advise on the best steps to take to get a really solid system. Col -- Colin Guthrie colin(at)mageia.org http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/
