[Bug 1813622] Re: systemd-resolved, systemd-networkd and others fail to start in lxc container with v240 systemd
Bug Watch Updater
1813622 at bugs.launchpad.net
Wed Jan 30 13:50:58 UTC 2019
** Changed in: lxd
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1813622
Title:
systemd-resolved, systemd-networkd and others fail to start in lxc
container with v240 systemd
Status in lxd:
Fix Released
Status in systemd:
Fix Released
Status in apparmor package in Ubuntu:
Invalid
Status in lxd package in Ubuntu:
Confirmed
Status in systemd package in Ubuntu:
Fix Committed
Bug description:
This is a regression from 239-7ubuntu15 to 240-5ubuntu1.
Steps to reproduce:
lxc launch ubuntu-daily:disco rbasak-resolv
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe running
echo "deb http://archive.ubuntu.com/ubuntu/ disco-proposed main universe multiverse restricted" >> /etc/apt/sources.list
apt update
# Update to 240-5ubuntu1 from proposed
apt install systemd libsystemd0 systemd-sysv libnss-systemd libpam-systemd
reboot
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe failed
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-01-28 16:50:37 UTC; 2min 28s ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Process: 290 ExecStart=/lib/systemd/systemd-resolved (code=exited, status=226/NAMESPACE)
Main PID: 290 (code=exited, status=226/NAMESPACE)
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Stopped Network Name Resolution.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Failed to start Network Name Resolution.
This causes /etc/resolv.conf to point to a file that isn't created, so
all name resolution fails. As far as I can determine, landing this in
the release pocket would cause all default LXD containers to stop
working.
In my case it breaks "autopkgtest -U --apt-pocket=proposed ... -- lxd
ubuntu-daily:disco"
Tagging block-proposed as migration would regress the release pocket,
and marking Critical as it breaks the system (presumably only in a
container though, and it is only in proposed currently).
=== Workaround ===
$ lxc config set test-v240 raw.apparmor 'mount options=(ro,nodev,remount,bind),
mount options=(ro,nosuid,nodev,remount,bind),
mount options=(ro,nosuid,noexec,remount,strictatime),
mount options=(ro,nosuid,noexec,remount,bind,strictatime),
mount options=(ro,nosuid,nodev,noexec,remount,bind),'
To manage notifications about this bug go to:
https://bugs.launchpad.net/lxd/+bug/1813622/+subscriptions
More information about the foundations-bugs
mailing list