-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FR-6365 - Prevent daemons from running when installing packages #183
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #183 +/- ##
==========================================
- Coverage 88.44% 87.35% -1.10%
==========================================
Files 14 15 +1
Lines 3714 3937 +223
==========================================
+ Hits 3285 3439 +154
- Misses 376 438 +62
- Partials 53 60 +7
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
190126f
to
d30713b
Compare
Even though the bug is not fully solved, I think this PR should not contain any more improvements, it is big enough. Another PR should be open if we want to make u-i even more robust to weird behaviors in package installation. Maybe at some point we will resort to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We still need to think if this is the way we want to go, but for now I think it's the right thing. LGTM.
e4735cf
to
76ab2de
Compare
…ing when installing packages
…ices from starting during package installation
76ab2de
to
b42e7c1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one looks good to go. As we discussed elsewhere, I think we need to think about our general approach to the rootfs building: should we continue on being strict and blocking daemons from starting etc., or should we be more destructive and allowing anything but then forcibly killing all processes involved? We'll have to discuss separately.
For now this is better than what we have and a step in a better direction.
This is another attempt at solving LP: #2049695 with 2 distinct improvements.
As explained in the bug,
/dev
cannot be unmouted because some processes are left running after the packages installation.ubuntu-image was not using a
policy-rc.d
to prevent daemon/services from running after installing some packages.See the invokerc.d documentation and this thread explaining systemd is respecting this policy.
This PR is using
policy-rc.d
,start-stop-daemon
andinitctl
to try preventing as many services as possible from starting.Even though services should not start anymore, we notice some directories/devices might be mounted during the package installation. Additional mountpoints should now be detected and unmounted.