Newer versions of systemd ships services that utilized systemd credentials more[1].
Unfortunately, lxd's default apparmor restrictions are overly restrictive and prevent these from working. Assuming you are using unprivileged containers, the solution is to set security.nesting=true in the LXD config. This is NOT safe for privileged containers. [1] https://systemd.io/CREDENTIALS/ ** Package changed: ubuntu-release-upgrader (Ubuntu) => systemd (Ubuntu) ** Changed in: systemd (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2092718 Title: systemd-resolved not starting after do-release-upgrade to 24.04 Status in systemd package in Ubuntu: Invalid Bug description: I have a system originally installed with Ubuntu 16.04 that I today ugraded to 24.04. It's an lxc vm in case that matters. After the upgrade, systemd-resolved refused to start. When enabling systemd debug output this is the log: ``` Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Trying to enqueue job systemd-resolved.service/start/replace Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Installed new job systemd-resolved.service/start as 29754 Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Enqueued job systemd-resolved.service/start as 29754 Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Will spawn child (service_enter_start): /usr/lib/systemd/systemd-resolved Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Passing 0 fds to service Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: About to execute: /usr/lib/systemd/systemd-resolved Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Forked /usr/lib/systemd/systemd-resolved as 5038 Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Changed failed -> start Dec 30 10:44:54 dev systemd[1]: Starting systemd-resolved.service - Network Name Resolution... ░░ Subject: A start job for unit systemd-resolved.service has begun execution ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ A start job for unit systemd-resolved.service has begun execution. ░░ ░░ The job identifier is 29754. Dec 30 10:44:54 dev (resolved)[5038]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: User lookup succeeded: uid=102 gid=104 Dec 30 10:44:54 dev (resolved)[5038]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy Dec 30 10:44:54 dev (resolved)[5038]: Successfully forked off '(sd-mkdcreds)' as PID 5039. Dec 30 10:44:54 dev (resolved)[5038]: (sd-mkdcreds) failed with exit status 1. Dec 30 10:44:54 dev (resolved)[5038]: systemd-resolved.service: Failed to set up credentials: Protocol error Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Child 5038 belongs to systemd-resolved.service. Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=243/CREDENTIALS ░░ Subject: Unit process exited ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ An ExecStart= process belonging to unit systemd-resolved.service has exited. ░░ ░░ The process' exit code is 'exited' and its exit status is 243. Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: http://www.ubuntu.com/support ░░ ░░ The unit systemd-resolved.service has entered the 'failed' state with result 'exit-code'. ``` Since it mentioned `sd-mkdcreds` failing I figured it might be apparmor related, but couldn't figure out exactly where as I'm not to familiar with apparmor. I decided to disable it completely using lxc: ``` config: raw.lxc: | lxc.apparmor.profile = unconfined ``` With that change, the system starts normally. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: ubuntu-release-upgrader-core 1:24.04.23 ProcVersionSignature: Ubuntu 6.8.0-49.49~22.04.1-generic 6.8.12 Uname: Linux 6.8.0-49-generic x86_64 ApportVersion: 2.28.1-0ubuntu3.3 Architecture: amd64 CasperMD5CheckResult: unknown CrashDB: ubuntu Date: Mon Dec 30 10:52:15 2024 JournalErrors: Dec 30 10:49:28 hostname (cron)[254]: cron.service: Referenced but unset environment variable evaluates to an empty string: EXTRA_OPTS Dec 30 10:49:28 hostname systemd[1]: Cannot find unit for notify message of PID 301, ignoring. Dec 30 10:51:59 hostname systemd[1]: Configuration file /run/systemd/system/netplan-ovs-cleanup.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway. Dec 30 10:51:59 hostname systemd[1]: Configuration file /run/systemd/system/netplan-ovs-cleanup.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway. Dec 30 10:52:00 hostname systemd[1]: Configuration file /run/systemd/system/netplan-ovs-cleanup.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway. PackageArchitecture: all ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color SourcePackage: ubuntu-release-upgrader UpgradeStatus: Upgraded to noble on 2024-12-30 (0 days ago) VarLogDistupgradeXorgFixuplog: INFO:root:/usr/bin/do-release-upgrade running INFO:root:No xorg.conf, exiting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2092718/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
