From 9fb9738884c0bbd21716a587ef2fc51b6ef9d5d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Thu, 19 Apr 2018 14:42:07 +0200
Subject: Better SystemD fix for Arch Linux

Also fixes other services independent of networking.
---
 archlinux.sh   | 2 +-
 ci.d/archlinux | 7 +++++++
 fix-lxc.sh     | 7 +++++++
 3 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100755 fix-lxc.sh

diff --git a/archlinux.sh b/archlinux.sh
index 2a39155..4db1a8b 100755
--- a/archlinux.sh
+++ b/archlinux.sh
@@ -14,7 +14,7 @@ for f in ci.d/*; do source "$f"; done
 buildkite_stop $DIST
 lxc_destroy
 lxc_create $DIST $RELEASE $ARCH
-archlinux_fix_network
+#archlinux_fix_network
 lxc_wait_for_ip
 pacman_upgrade
 pacman_install $PACKAGES
diff --git a/ci.d/archlinux b/ci.d/archlinux
index 100bc60..c899c43 100644
--- a/ci.d/archlinux
+++ b/ci.d/archlinux
@@ -6,6 +6,13 @@ archlinux_enable_cron() {
 }
 
 # archlinux_fix_network
+#
+# Only necessary with default LXC. A better fix would be to
+# append the following lines to /usr/share/lxc/config/common.seccomp:
+#
+#   keyctl_chown errno 38
+#   keyctl errno 38
+#
 archlinux_fix_network() {
 	# We ForceConnect because the interface is up at container startup.
 	lxc_do bash -c \
diff --git a/fix-lxc.sh b/fix-lxc.sh
new file mode 100755
index 0000000..f040ece
--- /dev/null
+++ b/fix-lxc.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+
+set -e
+#set -x
+
+echo "keyctl_chown errno 38" >> /usr/share/lxc/config/common.seccomp
+echo "keyctl errno 38" >> /usr/share/lxc/config/common.seccomp
-- 
cgit v1.2.3