[Bug 1709536] Re: snapd 2.26.14 on ubuntu-core won't start in containers anymore
Stéphane Graber
stgraber at stgraber.org
Wed Aug 30 20:09:40 UTC 2017
So I'm confused, wasn't the SRU supposed to have been fixed for this?
We're still getting reports of users that have a broken snapd because of
this issue, some of whom then decided to switch to privileged containers
just to avoid this problem, therefore loosing a lot of LXD's security
features and potentially exposing their hosts to attacks...
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1709536
Title:
snapd 2.26.14 on ubuntu-core won't start in containers anymore
Status in Snap Layer:
New
Status in snapd:
New
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Xenial:
Confirmed
Status in systemd source package in Artful:
Fix Released
Bug description:
It looks like snapd in ubuntu-core (2.26.14 here) has been modified to
use a negative Nice value in systemd. Systemd seems to treat a failure
to apply the requested Nice value as critical to unit startup.
Unprivileged LXD containers do not allow the use of negative nice
values as those are restricted to the real root user. I believe the
optimal fix would be for systemd to ignore permission errors when
attempting to setup such custom nice values in containers but if that
can't be resolved quickly, then it means that snapd will now fail to
start inside containers.
Aug 09 05:54:37 core systemd[1]: snapd.service: Main process exited, code=exited, status=201/NICE
Aug 09 05:54:37 core systemd[1]: snapd.service: Unit entered failed state.
Aug 09 05:54:37 core systemd[1]: snapd.service: Failed with result 'exit-code'.
I have confirmed that setting up a unit override by hand which sets Nice=0 does resolve the problem, confirming that the negative Nice value is the problem (snapd.service has Nice=-5 here).
To manage notifications about this bug go to:
https://bugs.launchpad.net/layer-snap/+bug/1709536/+subscriptions
More information about the foundations-bugs
mailing list