diff --git a/dev/dev-features.sh b/dev/dev-features.sh index 8eba0e8..b06ce4f 100644 --- a/dev/dev-features.sh +++ b/dev/dev-features.sh @@ -53,6 +53,15 @@ ls -al /var/lib/nixos-containers/nb-test # The container root filesystem on NixOS systems with stateVersion < 22.05 ls -al /var/lib/containers/nb-test +# Start a shell in the context of a service process. +# Must be run inside the container (enter with cmd `c`). +enter_service() { + local name=$1 + nsenter --all -t "$(systemctl show -p MainPID --value "$name")" \ + --setuid "$(id -u "$name")" --setgid "$(id -g "$name")" bash +} +enter_service clightning + #――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― # bitcoind run-tests.sh -s bitcoind container diff --git a/modules/fulcrum.nix b/modules/fulcrum.nix index 0cbb87d..592757a 100644 --- a/modules/fulcrum.nix +++ b/modules/fulcrum.nix @@ -126,6 +126,7 @@ in { Restart = "on-failure"; RestartSec = "10s"; ReadWritePaths = cfg.dataDir; + ProcSubset = "all"; # Fulcrum requires read access to /proc/meminfo } // nbLib.allowedIPAddresses cfg.tor.enforce; };