static int load_settings(void) {
_cleanup_(settings_freep) Settings *settings = NULL;
_cleanup_fclose_ FILE *f = NULL;
- _cleanup_free_ char *p = NULL;
- const char *fn;
+ _cleanup_free_ char *p = NULL, *fn = NULL;
int r;
if (arg_oci_bundle)
if (FLAGS_SET(arg_settings_mask, _SETTINGS_MASK_ALL))
return 0;
- fn = strjoina(arg_machine, ".nspawn");
+ /* In ephemeral mode we append '-' and a random 16 characters string to the image name, so fixed
+ * config files are no longer matched. Ignore the random suffix for the purpose of finding files. */
+ if (arg_ephemeral) {
+ fn = strdup(arg_machine);
+ if (!fn)
+ return log_oom();
+ assert(strlen(fn) > 17); /* Should end with -XXXXXXXXXXXXXXXX */
+ strcpy(fn + strlen(fn) - 17, ".nspawn");
+ } else {
+ fn = strjoin(arg_machine, ".nspawn");
+ if (!fn)
+ return log_oom();
+ }
/* We first look in the admin's directories in /etc and /run */
FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
systemd-nspawn "${SUSE_OPTS[@]}" --register=no -b -D /testsuite-13.nc-container --selinux-apifs-context=system_u:object_r:container_file_t:s0:c0,c1 --selinux-context=system_u:system_r:container_t:s0:c0,c1
}
+function check_ephemeral_config {
+ # https://github.com/systemd/systemd/issues/13297
+ local _cmd='test -f /tmp/ephemeral-config'
+
+ mkdir -p /run/systemd/nspawn/
+ cat >/run/systemd/nspawn/testsuite-13.nc-container.nspawn <<EOF
+[Files]
+BindReadOnly=/tmp/ephemeral-config
+EOF
+ touch /tmp/ephemeral-config
+
+ # /testsuite-13.nc-container is prepared by test.sh
+ systemd-nspawn --register=no -D /testsuite-13.nc-container --ephemeral /bin/sh -x -c "$_cmd"
+
+ rm -f /run/systemd/nspawn/testsuite-13.nc-container.nspawn
+}
+
function run {
if [[ "$1" = "yes" && "$is_v2_supported" = "no" ]]; then
printf "Unified cgroup hierarchy is not supported. Skipping.\n" >&2
check_selinux
+check_ephemeral_config
+
touch /testok
projects / thirdparty / systemd.git / commitdiff
