Confirmed problem on Ubuntu 16.04 host running 16.04 container with a packaged version of Proxysql2. Changing PrivateDevices to "no" allows the service to start.
``` [Unit] Description=High Performance Advanced Proxy for MySQL After=network.target [Service] Type=forking RuntimeDirectory=proxysql ExecStart=/usr/bin/proxysql -c /etc/proxysql.cnf PIDFile=/var/lib/proxysql/proxysql.pid SyslogIdentifier=proxysql Restart=no User=proxysql Group=proxysql PermissionsStartOnly=true UMask=0007 LimitNOFILE=102400 LimitCORE=1073741824 ProtectHome=yes NoNewPrivileges=true CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_ALG ProtectSystem=full PrivateDevices=yes [Install] Alias=proxysql WantedBy=multi-user.target ``` -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1770481 Title: core: fall back to bind-mounts for PrivateDevices= execution environments Status in systemd package in Ubuntu: Confirmed Bug description: Hey, Currently any service that has PrivateDevices=true set will fail to start in unprivileged containers since mknod is not possible and in privileged containers that drop CAP_MKNOD. I pushed a patch to systemd upstream that solves this problem and makes PrivateDevices useable in both scenarios. It would be great if this could be backported to Ubuntu 16.04 and 18.04. We already have a lot of users that would like this feature enabled/don't want to edit each service file: 16498617443da94533ef9ae28be0ffaace40c526 : https://github.com/systemd/systemd/commit/af984e137e7f53ca3e2fd885b03a25e17fdd0fad af984e137e7f53ca3e2fd885b03a25e17fdd0fad : https://github.com/systemd/systemd/commit/16498617443da94533ef9ae28be0ffaace40c526 Thanks! Christian To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1770481/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
