From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Thu, 15 Jun 2023 14:58:07 +0000 (+0200)
Subject: bootstrap: mask more systemd units that fail in containers
X-Git-Url: https://git.proxmox.com/?p=dab.git;a=commitdiff_plain;h=HEAD

bootstrap: mask more systemd units that fail in containers

well in unprivileged ones, but if one has a privileged CT and really
wants those things, they can just unmask those units..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/PVE/DAB.pm b/PVE/DAB.pm
index 7baa2c4..4a97906 100644
--- a/PVE/DAB.pm
+++ b/PVE/DAB.pm
@@ -177,6 +177,11 @@ sub read_file {
     return $data;
 }
 
+sub symln {
+    my ($a, $b) = @_;
+    symlink($a, $b) or die "failed to symlink $a => $b: $!";
+}
+
 sub read_config {
     my ($filename) = @_;
 
@@ -1260,6 +1265,13 @@ sub install_init_script {
     return $target;
 }
 
+sub mask_systemd_unit {
+    my ($self, $unit) = @_;
+
+    my $root = $self->{rootfs};
+    symln('/dev/null', "$root/etc/systemd/system/$unit");
+}
+
 sub bootstrap {
     my ($self, $opts) = @_;
 
@@ -1583,8 +1595,11 @@ EOD
 	$self->run_command ("rm $filelist");
     }
 
-    if (-e "$rootdir/lib/systemd/system/sys-kernel-config.mount") {
-	$self->ve_command ("ln -s /dev/null /etc/systemd/system/sys-kernel-debug.mount");
+    if ($suiteinfo->{flags}->{systemd}) {
+	for my $unit (qw(sys-kernel-config.mount sys-kernel-debug.mount systemd-journald-audit.socket)) {
+	    $self->logmsg("Masking problematic systemd unit '$unit'\n");
+	    $self->mask_systemd_unit($unit);
+	}
     }
 }