From c948af2e1865c9cfb1d0423186270e8c16a8f3ec Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 21 Jan 2023 13:14:27 +0100 Subject: [PATCH 1/2] dev/dev-features: add `enter_service` helper --- dev/dev-features.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/dev/dev-features.sh b/dev/dev-features.sh index 8eba0e8..b06ce4f 100644 --- a/dev/dev-features.sh +++ b/dev/dev-features.sh @@ -53,6 +53,15 @@ ls -al /var/lib/nixos-containers/nb-test # The container root filesystem on NixOS systems with stateVersion < 22.05 ls -al /var/lib/containers/nb-test +# Start a shell in the context of a service process. +# Must be run inside the container (enter with cmd `c`). +enter_service() { + local name=$1 + nsenter --all -t "$(systemctl show -p MainPID --value "$name")" \ + --setuid "$(id -u "$name")" --setgid "$(id -g "$name")" bash +} +enter_service clightning + #――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― # bitcoind run-tests.sh -s bitcoind container From 86dc7e2669004d4abeeff4fae0817d7a06d40e00 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 21 Jan 2023 13:14:28 +0100 Subject: [PATCH 2/2] fulcrum: allow access to `/proc/meminfo` This still hides the proc subdirectories for other processes. Without this setting, fulcrum fails when the config value of `fast-sync` is greater than 2^31 bytes. --- modules/fulcrum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/fulcrum.nix b/modules/fulcrum.nix index 0cbb87d..592757a 100644 --- a/modules/fulcrum.nix +++ b/modules/fulcrum.nix @@ -126,6 +126,7 @@ in { Restart = "on-failure"; RestartSec = "10s"; ReadWritePaths = cfg.dataDir; + ProcSubset = "all"; # Fulcrum requires read access to /proc/meminfo } // nbLib.allowedIPAddresses cfg.tor.enforce; };