From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id D50F11FF165 for ; Thu, 23 Oct 2025 15:19:12 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2E837AF3B; Thu, 23 Oct 2025 15:19:39 +0200 (CEST) Date: Thu, 23 Oct 2025 15:19:02 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox VE development discussion References: <20251023112353.93915-1-r.obkircher@proxmox.com> <20251023112353.93915-2-r.obkircher@proxmox.com> In-Reply-To: <20251023112353.93915-2-r.obkircher@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.17.0 (https://github.com/astroidmail/astroid) Message-Id: <1761223762.9arsa6sqww.astroid@yuna.none> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1761225537469 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.048 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH pve-container 1/1] fix 6897: warn that nesting may be required for systemd X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" a little bit of commit message would be nice - e.g. some background why systemd wants nesting, and how the version was picked, why we need a separate call and cannot just fold this into the pre-start hook of the base plugin. On October 23, 2025 1:22 pm, Robert Obkircher wrote: > Signed-off-by: Robert Obkircher > --- > src/PVE/LXC/Setup.pm | 7 +++++++ > src/PVE/LXC/Setup/Base.pm | 20 ++++++++++++++++++++ > src/lxc-pve-prestart-hook | 5 +++++ > 3 files changed, 32 insertions(+) > > diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm > index 87330c4..197b3ad 100644 > --- a/src/PVE/LXC/Setup.pm > +++ b/src/PVE/LXC/Setup.pm > @@ -320,6 +320,13 @@ sub unified_cgroupv2_support { > return $self->{plugin}->unified_cgroupv2_support($self->get_ct_init_path()); > } > > +sub get_may_require_nesting_warning { this could just be called check_systemd_nesting or something like that, see below in particular because at some point this might no longer just emit a warning, but become a hard requirement.. > + my ($self) = @_; > + > + my $init = $self->get_ct_init_path(); > + return $self->{plugin}->get_may_require_nesting_warning($self->{conf}, $init); > +} > + > # os-release(5): > # (...) a newline-separated list of environment-like shell-compatible > # variable assignments. (...) beyond mere variable assignments, no shell > diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm > index a2c88ed..bcb26ba 100644 > --- a/src/PVE/LXC/Setup/Base.pm > +++ b/src/PVE/LXC/Setup/Base.pm > @@ -647,6 +647,26 @@ sub get_ct_init_path { > return $init_path; > } > > +sub get_may_require_nesting_warning { > + my ($self, $conf, $init) = @_; > + > + my $features = PVE::LXC::Config->parse_features($conf->{features}); > + if ($features->{nesting}) { > + return; > + } this can be written more concisely: return if $features->{nesting}; in really simple cases like this this is usually easier to read because of the reduced boiler plate > + > + if (!defined($init) || $init !~ m@/systemd$@) { > + return; > + } same here > + > + my $sdver = $self->get_systemd_version($init); > + if (!defined($sdver) || $sdver < 232) { > + return; > + } and here. this one might benefit from a comment how that version was picked, so that one doesn't have to go history digging in the future ;) > + > + return "Systemd $sdver detected. You might need to enable nesting."; > +} > + > sub ssh_host_key_types_to_generate { > my ($self) = @_; > > diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook > index 73125e1..09e8e44 100755 > --- a/src/lxc-pve-prestart-hook > +++ b/src/lxc-pve-prestart-hook > @@ -172,6 +172,11 @@ PVE::LXC::Tools::lxc_hook( > } > } > > + my $nesting_warning = $lxc_setup->get_may_require_nesting_warning(); > + if ($nesting_warning) { > + log_warn($vmid, $nesting_warning); > + } > + this is not needed, you can call your new helper in PVE::LXC::Setup::pre_start_hook but first we probably need to extend the plugin/setup code to have a warning helper like the one used in the prestart-hook, because right now any warnings emitted by the setup code (either via `warn` or via the RestEnvironment's `log_warn`) will go to journal, instead of ending up in the task log.. this also affects two existing warnings emitted by Setup->new for Debian and Ubuntu containers with too recent versions.. > if (@$devices) { > my $devlist = ''; > foreach my $dev (@$devices) { > -- > 2.47.3 > > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel