From 4937e157abcdbc55ad9f2c5a58bb827356d4ec8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Wed, 11 Dec 2024 13:20:32 -0500
Subject: [PATCH] lxc.generator: Workaround issue with nsresourced
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
---
 distrobuilder/lxc.generator | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/distrobuilder/lxc.generator b/distrobuilder/lxc.generator
index dc5b506f..f6f2cb9a 100644
--- a/distrobuilder/lxc.generator
+++ b/distrobuilder/lxc.generator
@@ -42,6 +42,16 @@ fix_ro_paths() {
 		EOF
 }
 
+# fix_ro_run is a workaround for units failing to write in /run due to ProtectSystem=strict
+fix_ro_run() {
+	mkdir -p "/run/systemd/system/$1.d"
+	cat <<-EOF > "/run/systemd/system/$1.d/zzz-lxc-rorun.conf"
+		# This file was created by distrobuilder
+		[Service]
+		ReadWritePaths=/run
+		EOF
+}
+
 # fix_nm_link_state forces the network interface to a DOWN state ahead of NetworkManager starting up
 fix_nm_link_state() {
 	[ -e "/sys/class/net/$1" ] || return 0
@@ -198,6 +208,9 @@ fi
 fix_systemd_udev_trigger
 fix_systemd_sysctl
 
+# Fix issues with /run not being writable.
+fix_ro_run systemd-nsresourced.service
+
 # Mask some units.
 fix_systemd_mask dev-hugepages.mount
 fix_systemd_mask run-ribchester-general.mount