Is "lxc" systemd generator needed for VM image?

Distrobuilder
1

Hello !

Just wondering if is there any use case of using the systemd generator provided through distrobuilder for virtual machine image ? From my understanding, these fixes are not that useful inside a virtual machine, at least I never saw such use cases with other KVM-based hypervisors nor VMware or Xen.

For example, I recently installed a Salt master on a virtual machine and it seems to use the global override provided by the generator :

[root@salt ~]# systemctl status salt-master.service
● salt-master.service - The Salt Master Server
     Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled)
    Drop-In: /etc/systemd/system/salt-master.service.d
             └─override.conf
             /run/systemd/system/service.d <======
             └─zzz-lxc-service.conf
     Active: active (running) since Wed 2021-08-18 18:04:34 CEST; 6s ago
       Docs: man:salt-master(1)
             file:///usr/share/doc/salt/html/contents.html
             https://docs.saltproject.io/en/latest/contents.html
   Main PID: 482 (salt-master)
      Tasks: 32 (limit: 2326)
     Memory: 233.8M
        CPU: 5.014s
     CGroup: /system.slice/salt-master.service
             ├─482 /usr/bin/python3 /usr/bin/salt-master
             ├─484 /usr/bin/python3 /usr/bin/salt-master
             ├─489 /usr/bin/python3 /usr/bin/salt-master
             ├─492 /usr/bin/python3 /usr/bin/salt-master
             ├─493 /usr/bin/python3 /usr/bin/salt-master
             ├─494 /usr/bin/python3 /usr/bin/salt-master
             ├─495 /usr/bin/python3 /usr/bin/salt-master
             ├─502 /usr/bin/python3 /usr/bin/salt-master
             ├─503 /usr/bin/python3 /usr/bin/salt-master
             ├─505 /usr/bin/python3 /usr/bin/salt-master
             ├─506 /usr/bin/python3 /usr/bin/salt-master
             ├─507 /usr/bin/python3 /usr/bin/salt-master
             └─508 /usr/bin/python3 /usr/bin/salt-master

Aug 18 18:04:34 salt systemd[1]: Starting The Salt Master Server...
Aug 18 18:04:34 salt systemd[1]: Started The Salt Master Server.

It’s not a big deal, but it override user-defined sandboxing options that are also present in the generator (since they can be used without much problems in VMs) :

[root@salt ~]# cat /etc/systemd/system/salt-master.service.d/override.conf
[Unit]
After=network-online.target

[Service]
ProtectHome=yes

[root@salt ~]# systemctl show salt-master.service | grep ProtectHome
ProtectHome=no

FYI, I use Fedora 34 VM with systemd 248.

Thanks

Florian

2

That’s a bug, it should currently be a no-op in VMs.

3

I will open an issue on GH then :wink: