Package: plocate Version: 1.1.18-1 Severity: normal Tags: upstream Dear Maintainer,
I have an LXC container with plocate installed. Both host and container run Debian 12 Bookworm. The LXC container was created using basic LXC and the root filesystem using Debian "mmdebstrap". Plocate runs on a systemd timer. I saw that it had not run. Looking at the system logs using journalctl, I saw a plocate run error reported : Sep 26 10:22:34 eos (.plocate)[82]: plocate-updatedb.service: Failed to set up network namespacing: Permission denied Sep 26 10:22:34 eos systemd[1]: Starting plocate-updatedb.service - Update the plocate database... Sep 26 10:22:34 eos (.plocate)[82]: plocate-updatedb.service: Failed at step NETWORK spawning /usr/sbin/updatedb.ploc> Sep 26 10:22:34 eos systemd[1]: plocate-updatedb.service: Main process exited, code=exited, status=225/NETWORK Sep 26 10:22:34 eos systemd[1]: plocate-updatedb.service: Failed with result 'exit-code'. If I run plocate from the CLI (per systemd unit ExecStart) : /usr/sbin/updatedb.plocate It runs OK. So a problem with plocate running from systemd inside a container. To Fix : I edit the systemd unit file : /usr/lib/systemd/system/plocate-updatedb.service Change : PrivateNetwork=true to (comment out) : #PrivateNetwork=true Reload systemd and re-run : systemctl daemon-reload systemctl start plocate-updatedb This now works, and I see in the logs : Sep 26 10:23:58 eos systemd[1]: Reloading. Sep 26 10:24:01 eos systemd[1]: Starting plocate-updatedb.service - Update the plocate database... Sep 26 10:24:01 eos systemd[1]: plocate-updatedb.service: Deactivated successfully. Sep 26 10:24:01 eos systemd[1]: Finished plocate-updatedb.service - Update the plocate database. I put my own version of the "plocate-updatedb.service" (without the "PrivateNetwork" line) in the directory : /etc/systemd/system So there seems to be a problem with the systemd "PrivateNetwork" and plocate inside an LXC container - which might not surprise due to LXC using namespace magic as well. Rather than adjusting the security of the plocate systemd unit, it might be sufficient to document this problem in a README perhaps. Many Thanks, Alastair -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages plocate depends on: ii adduser 3.134 ii libc6 2.36-9+deb12u1 ii libgcc-s1 12.2.0-14 ii libstdc++6 12.2.0-14 ii liburing2 2.3-3 ii libzstd1 1.5.4+dfsg2-5 plocate recommends no packages. Versions of packages plocate suggests: ii systemd-sysv 252.12-1~deb12u1 -- no debconf information
