[Bug 2078597] Re: Failed to flush binfmt_misc rules, ignoring: Permission denied

Nick Rosbrook 2078597 at bugs.launchpad.net
Tue Sep 10 18:04:27 UTC 2024 

Are you able to run unprivileged containers instead? That would be the
suggested configuration from upstream LXD.

There are many things that do not work with systemd in privileged LXD
containers due to AppArmor etc. Upstream systemd does not like adding
workarounds for issues caused by AppArmor rules, and upstream LXD (from
what I understand) does not want to spend a lot of effort supporting
privileged containers, when unprivileged containers are the more secure
alternative.

For those reasons, I am going to mark this "won't fix." If running
unprivileged containers does not work for you, I would suggest either
masking the systemd-binfmt.service unit in your containers, or follow up
with upstream(s) about the issue.

** Changed in: systemd (Ubuntu)
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2078597

Title:
  Failed to flush binfmt_misc rules, ignoring: Permission denied

Status in systemd package in Ubuntu:
  Won't Fix

Bug description:
  After upgrading an LXD guest machine from 22.04 to 24.04.1, system
  isn't healthy, systemctl complains that systemd-binfmt.service fails:

  Aug 31 19:23:51 install systemd-binfmt[1147]: Failed to flush binfmt_misc rules, ignoring: Permission denied
  Aug 31 19:23:51 install systemd-binfmt[1147]: /usr/lib/binfmt.d/python3.12.conf:1: Failed to delete rule 'python3.12', ignoring: Permission denied
  Aug 31 19:23:51 install systemd-binfmt[1147]: /usr/lib/binfmt.d/python3.12.conf:1: Failed to add binary format 'python3.12': Permission denied
  Aug 31 19:23:51 install systemd[1]: systemd-binfmt.service: Main process exited, code=exited, status=1/FAILURE
  Aug 31 19:23:51 install systemd[1]: systemd-binfmt.service: Failed with result 'exit-code'.
  Aug 31 19:23:51 install systemd[1]: Failed to start systemd-binfmt.service - Set Up Additional Binary Formats.



  Reason:

  # strace -s 80 /usr/lib/systemd/systemd-binfmt |& fgrep EACCES 
  openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/status", O_WRONLY|O_NOCTTY|O_CLOEXEC) = -1 EACCES (Permission denied)
  openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/python3.12", O_WRONLY|O_NOCTTY|O_CLOEXEC) = -1 EACCES (Permission denied)
  openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_NOCTTY|O_CLOEXEC) = -1 EACCES (Permission denied)

  
  There is (like with other programs) a problem with latest LXD/24.04/apparmor settings. podman/docker also don't run without workarounds in apparmor.

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: systemd 255.4-1ubuntu8.4
  ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12
  Uname: Linux 6.8.0-41-generic x86_64
  ApportVersion: 2.28.1-0ubuntu3.1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CloudBuildName: server
  CloudSerial: 20221101.1
  Date: Sun Sep  1 02:10:13 2024
  Lsusb:
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 001 Device 002: ID 1c4f:0063 SiGma Micro Touchpad (integrated in detachable keyboard of Chuwi SurBook)
   Bus 001 Device 003: ID 13d3:3458 IMC Networks Bluetooth Radio 
   Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
  MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.8.0-41-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro
  SourcePackage: systemd
  SystemdFailedUnits:
   Error: command ['systemctl', 'status', '--full', '●'] failed with exit code 4: Invalid unit name "●" escaped as "\xe2\x97\x8f" (maybe you should use systemd-escape?).
   Unit \xe2\x97\x8f.service could not be found.
   ------
   Error: command ['systemctl', 'status', '--full', '●'] failed with exit code 4: Invalid unit name "●" escaped as "\xe2\x97\x8f" (maybe you should use systemd-escape?).
   Unit \xe2\x97\x8f.service could not be found.
  UpgradeStatus: Upgraded to noble on 2024-08-31 (0 days ago)
  dmi.bios.date: 04/10/2017
  dmi.bios.release: 5.6
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: P1.70
  dmi.board.name: J3160-NUC
  dmi.board.vendor: ASRock
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: To Be Filled By O.E.M.
  dmi.chassis.version: To Be Filled By O.E.M.
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrP1.70:bd04/10/2017:br5.6:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnJ3160-NUC:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:skuToBeFilledByO.E.M.:
  dmi.product.family: To Be Filled By O.E.M.
  dmi.product.name: To Be Filled By O.E.M.
  dmi.product.sku: To Be Filled By O.E.M.
  dmi.product.version: To Be Filled By O.E.M.
  dmi.sys.vendor: To Be Filled By O.E.M.
  modified.conffile..etc.init.d.apport: [modified]
  mtime.conffile..etc.init.d.apport: 2024-07-22T17:59:07

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2078597/+subscriptions

More information about the foundations-bugs mailing list