Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var

Thorsten Glaser t.glaser at tarent.de
Tue Jun 13 17:10:34 BST 2023

On Tue, 13 Jun 2023, Bill Allombert wrote:

>I agree, chroots are important to consider, and the system should not
>make assumptions how and why there are used.


>Conversely, sometimes I need to use chroots to test init scripts.
>start-stop-daemon should not refuse to run in a chroot if policy-rc.d
>allows it.

TTBOMK this works-ish. It certainly starts and stops things, but if
you have the same thing running outside of the chroot, interference
may happen. You’ll probably want a separate pid namespace (I think)
at least, and make sure that, when leaving the chroot, everything
started in it is in fact terminated; sometimes, things like to keep
hanging around. This is easier to manage with VMs or (probably; I
don’t like to use them myself) container-ish thingies.

In my schroot setup I used to start a vncserver in a persistent
chroot back when my main system was x32 and vncserver didn’t like
that nor was coïnstallable (hence the i386 chroot).

My “enter a Debian chroot” script, to use e.g. with a Grml live ISO
to fix the bootloader (or to work under qemu-user with an RPi µSD
image before moving it into the embedded machine), certainly tries
hard to create a policy-rc.d to disable dæmon starting should the
user need to install packages, so it generally will work.
in case someone’s interested, it’s more complete than grml-chroot.

Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against      Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also,     https://www.tarent.de/newsletter
╱ ╲ header encryption!

More information about the Debian-init-diversity mailing list