*** This bug is a duplicate of bug 1780227 ***
https://bugs.launchpad.net/bugs/1780227
Marked as duplicate of 1780227 even though this bug report predates it,
simply because the newer bug report has more discussion about how to
actually get this resolved.
** This bug has been marked a duplica
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails under lxd unpriv container
To manage notifi
So, the good news is that this is all fixed upstream starting with 4.17 with
the socket mediation patchset that got merged a short while ago. The bad news
is that we need to get this patchset backported and it is quite large:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/comm
For completeness here's a minimal test case not requiring systemd:
/*
# apparmor_parser -r /etc/apparmor.d/bug-profile
# (tested without the flags here as well btw.)
profile bug-profile flags=(attach_disconnected,mediate_deleted) {
network,
file,
unix,
}
# gcc this.c
# ./a.out
lock = 2 (
Hey, so we're seeing an instance of this issue and the problem is that a
lock is taken on an fd instead of a path. This should be legal and we
urgently need a fix for this since this is starting to break all systemd
services running in a container that use PrivateUsers= and anything else
that hits
Comment on post #12 above (as one cannot edit):
Step 4 can be omitted as I don't think the service needs to be
restarted.
I think the hostnamectl command starts this service on demand when
changing the hostname.
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
Thanks for that PrivateNetwork=no hint - works like a charm!
For those that need this, follow the steps below:
1. systemctl edit systemd-hostnamed
Add the 2 lines below then exit the editor (don't forget to save when
prompted):
[Service]
PrivateNetwork=no
2. This will create an overri
I can confirm that if I set PrivateNetwork=no that hostnamed runs and boot
is magically 10 seconds faster.
On Thu, Nov 9, 2017 at 1:46 PM, Stéphane Graber
wrote:
> Someone with systemd knowledge should check what PrivateNetwork actually
> does. The name implies it's unsharing a new network names
Someone with systemd knowledge should check what PrivateNetwork actually
does. The name implies it's unsharing a new network namespace, which is
perfectly fine to do inside a container.
So the fact that it's failing hints that it's in fact trying to do
something more than that.
--
You received t
Likely related, but in Artful systemd-networkd is setting the hostname
and has a 10 second timeout:
# systemctl status --no-pager -l systemd-networkd
● systemd-networkd.service - Network Service
Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled;
vendor preset: enabled)
A
** Tags added: rls-bb-incoming
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails under lxd unpriv container
To manage notifications about this bug go to:
https://bugs.l
systemd-hostnamed.service in artful specifies PrivateNetwork=yes,
however this fails to setup under upriv container, and thus systemd-
hostnamed fails to even start now:
root@test20170919:~# systemctl status systemd-hostnamed
● systemd-hostnamed.service - Hostname Service
Loaded: loaded (/lib/s
A poor workaround.
don@node02:~$ time /usr/bin/hostnamectl
real0m25.031s
user0m0.000s
sys 0m0.004s
don@node02:~$ sudo mv /usr/bin/hostnamectl /usr/bin/hostnamectl_bak
don@node02:~$ sudo bash -c "cat << EOF1 > /usr/bin/hostnamectl
> cat << EOF2
>Static hostname: $(hostname)
>
I also see this trigger with juju-deployed jenkins and jenkins-slave
services against the lxd provider:
apparmor="DENIED" operation="file_lock" profile="lxd-juju-
449b90-9_" pid=18662 comm="(ostnamed)" family="unix"
sock_type="dgram" protocol=0 addr=none
--
You received this bug notification
** Merge proposal linked:
https://code.launchpad.net/~powersj/cloud-init/+git/cloud-init/+merge/323588
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails under lxd unp
** Merge proposal unlinked:
https://code.launchpad.net/~wesley-wiedenmeier/cloud-init/+git/cloud-init/+merge/321029
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails
** Merge proposal linked:
https://code.launchpad.net/~wesley-wiedenmeier/cloud-init/+git/cloud-init/+merge/321029
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails u
** Merge proposal linked:
https://code.launchpad.net/~wesley-wiedenmeier/cloud-init/+git/cloud-init/+merge/321029
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails u
** Merge proposal unlinked:
https://code.launchpad.net/~wesley-wiedenmeier/cloud-init/+git/cloud-init/+merge/321029
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails
Seeing this as well for Ansible against LXC containers.
ansible 2.2.0.0
fatal: [somehost.tld]: FAILED! => {
"changed": false,
"failed": true,
"invocation": {
"module_args": {
"name": "somehost.tld"
},
"module_name": "hostname"
},
"msg":
When running chef-client, it calls hostnamectl so gets hung as well when
running on LXD container.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575779
Title:
hostnamectl fails under lxd unpriv con
This is also showing up in other places, including a java app called
Maven
https://github.com/lxc/lxc/issues/1023
** Changed in: apparmor (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https
Thanks for the bug report. The problem is now understood. systemd is
calling lockf() on an anonymous socket file and the AppArmor profile
language does not support a way to grant file locking permissions on a
socket that does not have a path associated with it.
The AppArmor socket file rule type n
23 matches
Mail list logo
