cancelling with CTRL+C need to be followed by umount /run/bees/mnt/$UUID

[tlaurion]

btw. I just tried the current beesd script and starting like beesd ..: After cancelling with CTRL+C I always need to umount /run/bees/mnt/bab5... for the next run. Is that intended?

Originally posted by @Massimo-B in #54 (comment)

Confirmed on 1245072 from 9 months ago

[tlaurion]

@Zygo would be nice if bees was fixing itself on die

[Zygo]

Putting this at the beginning of beesd should work:

#!/bin/sh

if [ -z "$UNSHARE_DONE" ]; then
        UNSHARE_DONE=true
        export UNSHARE_DONE
        exec unshare -m --propagation private -- "$0" "$@"
fi

The drawback is that this duplicates the systemd namespacing, and requires the namespace privilege in the script to work. Maybe some additional checks to see if it's running under systemd and skip the extra unshare call?

[Massimo-B]

Hi, is this going to be fixed in the release?

[tlaurion]

@Zygo I still think this should be managed by code in testing version, prior of next release.

[kakra]

Detecting if a service is running under systemd is easy by looking at the environment variables. I can create a PR for that.

[tlaurion]

@kakra please do!

[Zygo]

Detecting if a service is running under systemd is easy by looking at the environment variables. I can create a PR for that.

Please do!

[kakra]

I've added an untested PR using @Zygo's idea, please check if it works properly.

[Zygo]

It looks good, but it needs testing on the weird distros. It'll fail outright if you don't have unshare, but that's more than 5 years old now.

I'm also looking at adding nodev to the mount flags to reduce attack surface. We don't need nosymfollow any more, assuming we can get openat2 support to build.

[Zygo]

I cherry-picked kakra's PR and accidentally closed this (but not the PR). Yay github surprise UI.

At this point the original issue should be solved. If there are new issues, please reopen.