Actually more is needed: $ lxc config set test-v240 raw.apparmor 'mount options=(ro,nodev,remount,bind), mount options=(ro,nosuid,nodev,remount,bind), mount options=(ro,nosuid,noexec,remount,strictatime), mount options=(ro,nosuid,noexec,remount,bind,strictatime), mount options=(ro,nosuid,nodev,noexec,remount,bind),'
** Bug watch added: LXD bug tracker #5439 https://github.com/lxc/lxd/issues/5439 ** Also affects: lxd via https://github.com/lxc/lxd/issues/5439 Importance: Unknown Status: Unknown ** Changed in: lxd (Ubuntu) Importance: Undecided => High ** Description changed: This is a regression from 239-7ubuntu15 to 240-5ubuntu1. Steps to reproduce: lxc launch ubuntu-daily:disco rbasak-resolv lxc exec rbasak-resolv bash systemctl status systemd-resolved # observe running echo "deb http://archive.ubuntu.com/ubuntu/ disco-proposed main universe multiverse restricted" >> /etc/apt/sources.list apt update # Update to 240-5ubuntu1 from proposed apt install systemd libsystemd0 systemd-sysv libnss-systemd libpam-systemd reboot lxc exec rbasak-resolv bash systemctl status systemd-resolved # observe failed ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2019-01-28 16:50:37 UTC; 2min 28s ago Docs: man:systemd-resolved.service(8) https://www.freedesktop.org/wiki/Software/systemd/resolved https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients Process: 290 ExecStart=/lib/systemd/systemd-resolved (code=exited, status=226/NAMESPACE) Main PID: 290 (code=exited, status=226/NAMESPACE) Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Service has no hold-off time (RestartSec=0), scheduling restart. Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5. Jan 28 16:50:37 rbasak-resolv systemd[1]: Stopped Network Name Resolution. Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Start request repeated too quickly. Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Failed with result 'exit-code'. Jan 28 16:50:37 rbasak-resolv systemd[1]: Failed to start Network Name Resolution. This causes /etc/resolv.conf to point to a file that isn't created, so all name resolution fails. As far as I can determine, landing this in the release pocket would cause all default LXD containers to stop working. In my case it breaks "autopkgtest -U --apt-pocket=proposed ... -- lxd ubuntu-daily:disco" Tagging block-proposed as migration would regress the release pocket, and marking Critical as it breaks the system (presumably only in a container though, and it is only in proposed currently). - === Workaround === - $ lxc config set improved-kodiak raw.apparmor 'mount options=(ro,nodev,remount,bind), + $ lxc config set test-v240 raw.apparmor 'mount options=(ro,nodev,remount,bind), mount options=(ro,nosuid,nodev,remount,bind), mount options=(ro,nosuid,noexec,remount,strictatime), + mount options=(ro,nosuid,noexec,remount,bind,strictatime), mount options=(ro,nosuid,nodev,noexec,remount,bind),' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813622 Title: systemd-resolved, systemd-networkd and others fail to start in lxc container with v240 systemd To manage notifications about this bug go to: https://bugs.launchpad.net/lxd/+bug/1813622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
