sys-apps/systemd runs "systemctl daemon-reexec" in pkg_postinst to re-execute the running system manager. With FEATURES="pid-sandbox" enabled, this command fails: * Reexecuting system manager ... Failed to connect to bus: No data available
For FEATURES=cgroup we have a list of phases that we could also apply to FEATURES=pid-sandbox: _phases_without_cgroup = ('preinst', 'postinst', 'prerm', 'postrm', 'config') It's arguable that pid-sandbox is more useful for src_* phases where rogue processes are more common, though it's certainly possible for pkg_* phases to create such processes.
For debugging systemd, running the following command has the same result: unshare -f -p --mount-proc systemctl daemon-reexec
It #gentoo-portage it was said that systemctl fails to detect systemd as PID 1 (since over the socket PID 1 on host appears to it as PID 0 so its PID > 0 check fails).
There's a more in-depth discussion on the upstream issue (see also).
For the record, I think the solution from #c1 is good -- at least as an interim solution. I suppose tasks done in postinst may intentionally leave processes running, e.g. as a result of restarting something and we don't want to kill those blindly.
Patch posted for review: https://archives.gentoo.org/gentoo-portage-dev/message/5298d2df92a26c2454dd56cd4a13a9ef https://github.com/gentoo/portage/pull/396
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=bbfc36befdeed60f29c17d80d7766fd0da402d61 commit bbfc36befdeed60f29c17d80d7766fd0da402d61 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-01-08 04:45:52 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-01-08 09:12:11 +0000 pid-sandbox: whitelist selected pkg_* phases (bug 673794) Whitelist the same phases that are whitelisted for FEATURES=cgroup, since pid-sandbox is less valuable and is likely to have unintended consenquences during these phases. Bug: https://bugs.gentoo.org/673794 Reviewed-by: Michał Górny <mgorny@gentoo.org> Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/_emerge/AbstractEbuildProcess.py | 9 ++++++--- lib/portage/package/ebuild/doebuild.py | 8 ++++++-- 2 files changed, 12 insertions(+), 5 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74047b184430a9d5a9e1862c75da8ae1ff60f7bf commit 74047b184430a9d5a9e1862c75da8ae1ff60f7bf Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2019-01-10 20:51:45 -0800 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2019-01-10 20:56:31 -0800 sys-apps/portage: version bump to 2.3.55 #673794 pid-sandbox: whitelist selected pkg_* phases Package-Manager: Portage-2.3.55, Repoman-2.3.12 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-2.3.55.ebuild | 271 +++++++++++++++++++++++++++++++++ 2 files changed, 272 insertions(+)