nspawn: when running in a service unit, use systemd for restarts

THis way we can remove cgroup priviliges after setup, but get them back
for the next restart, as we need it.

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 656c1bf..0d538c2 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3342,6 +3342,21 @@ int main(int argc, char *argv[]) {
                         break;
 
                 /* CONTAINER_REBOOTED, loop again */
+
+                if (arg_keep_unit) {
+                        /* Special handling if we are running as a
+                         * service: instead of simply restarting the
+                         * machine we want to restart the entire
+                         * service, so let's inform systemd about this
+                         * with the special exit code 133. The service
+                         * file uses RestartForceExitStatus=133 so
+                         * that this results in a full nspawn
+                         * restart. This is necessary since we might
+                         * have cgroup parameters set we want to have
+                         * flushed out. */
+                        r = 133;
+                        break;
+                }
         }
 
 finish:

diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
index e373628..574d0de 100644 (file)
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@@ -13,6 +13,8 @@ Documentation=man:systemd-nspawn(1)
 ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --directory=/var/lib/container/%i
 KillMode=mixed
 Type=notify
+RestartForceExitStatus=133
+SuccessExitStatus=133
 
 [Install]
 WantedBy=multi-user.target