Package: systemd Version: 232-25+deb9u7 Severity: important Hi folks,
this morning, some lxc containers on my machine did an unattended upgrade from systemd 232-25+deb9u1 to version 232-25+deb9u7. As part of that upgrade, systemd was reexecuted, which resulted in systemd freezing: systemd[1]: Reloading. systemd[1]: Reexecuting. systemd[1]: systemd 232 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT + systemd[1]: Detected virtualization lxc. systemd[1]: Detected architecture x86-64. systemd[1]: Failed to create /../../init.scope control group: Operation not permitted systemd[1]: Failed to allocate manager object: Operation not permitted systemd[1]: Freezing execution. Looking in my logs, the last time systemd was reexeuted like this was in 2017, and neither of the error messages show above were present then. This problem occurred inside all lxc containers running on the machine that upgraded systemd. I suspect that the problem is related to running inside a container, but the host has not upgraded systemd yet, so I cannot compare. My containers run in unprivileged mode (e.g. without CAP_SYS_ADMIN and others, see config below), which has caused some problems with systemd in the past, so I suspect this is relevant in this case as well. After the above happened, systemd froze (and is no longer reachable through systemctl), but the systems are still running normally otherwise. I haven't investigated more closely yet (e.g. restarting containers, downgrading systemd, etc.), since I'm on a mobile connection now and don't want risk breaking it further just yet. I looked through the changelog from deb9u1 to deb9u7, and nothing springs out as an obvious cause. Only the last update was a security update (relating to the journal only), so this might be caused by one of the previous non-security updates as well (which I did not have installed yet). I'll investigate further soon. If you have suggestions on what changes might be causing this, I'm happy to hear them. Gr. Matthijs lxc config for one container: lxc.utsname = login.local lxc.rootfs = /containers/login lxc.console.logfile = /var/log/lxc/login.console lxc.logfile = /var/log/lxc/login.log lxc.network.type = veth lxc.network.flags = up lxc.network.veth.pair = lxc-login lxc.network.name = eth0 lxc.network.link = br-lxc lxc.network.ipv4 = 10.42.0.16/24 lxc.network.ipv4.gateway = auto lxc.network.script.up = /etc/lxc/enable-hairpin lxc.tty = 4 lxc.pts = 256 lxc.kmsg = 0 lxc.autodev = 1 lxc.cgroup.devices.deny = a lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm lxc.cgroup.devices.allow = c 5:1 rwm lxc.cgroup.devices.allow = c 5:0 rwm lxc.cgroup.devices.allow = c 4:0 rwm lxc.cgroup.devices.allow = c 4:1 rwm lxc.cgroup.devices.allow = c 1:9 rwm lxc.cgroup.devices.allow = c 1:8 rwm lxc.cgroup.devices.allow = c 136:* rwm lxc.cgroup.devices.allow = c 5:2 rwm lxc.cgroup.devices.allow = c 254:0 rwm lxc.mount.auto = proc:rw lxc.mount.auto = sys:rw lxc.mount.auto = cgroup:mixed lxc.mount.entry = tmpfs dev/shm tmpfs rw,nosuid,nodev,create=dir 0 0 lxc.mount.entry = tmpfs run tmpfs rw,nosuid,nodev,mode=755,create=dir 0 0 lxc.mount.entry = tmpfs run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k,create=dir 0 0 lxc.mount.entry = debugfs sys/kernel/debug debugfs rw,relatime 0 0 lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir 0 0 lxc.mount.entry = hugetlbfs dev/hugepages hugetlbfs rw,relatime,create=dir 0 0 lxc.cap.drop = sys_module lxc.cap.drop = sys_rawio lxc.cap.drop = sys_time lxc.cap.drop = net_admin lxc.cap.drop = audit_control lxc.cap.drop = sys_admin -- Package-specific info: -- System Information: Debian Release: 9.3 APT prefers stable APT policy: (990, 'stable'), (800, 'testing'), (700, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii adduser 3.115 ii libacl1 2.2.52-3+b1 ii libapparmor1 2.11.0-3 ii libaudit1 1:2.6.7-2 ii libblkid1 2.29.2-1+deb9u1 ii libc6 2.24-11+deb9u1 ii libcap2 1:2.25-1 ii libcryptsetup4 2:1.7.3-4 ii libgcrypt20 1.7.6-2+deb9u3 ii libgpg-error0 1.26-2 ii libidn11 1.33-1 ii libip4tc0 1.6.0+snapshot20161117-6 ii libkmod2 23-2 ii liblz4-1 0.0~r131-2+b1 ii liblzma5 5.2.2-1.2+b1 ii libmount1 2.29.2-1+deb9u1 ii libpam0g 1.1.8-3.6 ii libseccomp2 2.3.1-2.1 ii libselinux1 2.6-3+b3 ii libsystemd0 232-25+deb9u7 ii mount 2.29.2-1+deb9u1 ii procps 2:3.3.12-3+deb9u1 ii util-linux 2.29.2-1+deb9u1 Versions of packages systemd recommends: ii dbus 1.10.24-0+deb9u1 ii libpam-systemd 232-25+deb9u7 Versions of packages systemd suggests: pn policykit-1 <none> pn systemd-container <none> pn systemd-ui <none> Versions of packages systemd is related to: pn dracut <none> pn initramfs-tools <none> pn udev <none> -- no debconf information
[REDIRECTED] /etc/systemd/system/default.target -> /lib/systemd/system/default.target [EXTENDED] /lib/systemd/system/getty@.service -> /etc/systemd/system/getty@.service.d/local.conf [EXTENDED] /lib/systemd/system/willie.service -> /etc/systemd/system/willie.service.d/local.conf [EXTENDED] /lib/systemd/system/systemd-resolved.service -> /lib/systemd/system/systemd-resolved.service.d/resolvconf.conf [EXTENDED] /lib/systemd/system/systemd-timesyncd.service -> /lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf [EXTENDED] /lib/systemd/system/rc-local.service -> /lib/systemd/system/rc-local.service.d/debian.conf [REDIRECTED] /etc/systemd/system/sigpwr.target -> /lib/systemd/system/sigpwr.target 7 overridden configuration files found.
Failed issue method call: Failed to activate service 'org.freedesktop.systemd1': timed out
==> /var/lib/systemd/deb-systemd-helper-enabled/redis-server.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/redis-server.service ==> /var/lib/systemd/deb-systemd-helper-enabled/rsync.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/rsync.service ==> /var/lib/systemd/deb-systemd-helper-enabled/avahi-daemon.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/avahi-daemon.service /etc/systemd/system/sockets.target.wants/avahi-daemon.socket /etc/systemd/system/dbus-org.freedesktop.Avahi.service ==> /var/lib/systemd/deb-systemd-helper-enabled/ssh.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/ssh.service /etc/systemd/system/sshd.service ==> /var/lib/systemd/deb-systemd-helper-enabled/sshd.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/inetd.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/inetd.service ==> /var/lib/systemd/deb-systemd-helper-enabled/lxc.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/lxc.service ==> /var/lib/systemd/deb-systemd-helper-enabled/lxcfs.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/lxcfs.service ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/nullmailer.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ssh.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/avahi-daemon.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/rsyslog.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/willie.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/inetd.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/redis-server.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/lxcfs.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/lxc.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/rsync.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/atd.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/bitlbee.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/lxc-net.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/cron.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/atd.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/atd.service ==> /var/lib/systemd/deb-systemd-helper-enabled/sockets.target.wants/avahi-daemon.socket <== ==> /var/lib/systemd/deb-systemd-helper-enabled/sockets.target.wants/bitlbee.socket <== ==> /var/lib/systemd/deb-systemd-helper-enabled/rsyslog.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/rsyslog.service /etc/systemd/system/syslog.service ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/apt-daily-upgrade.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/apt-daily.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/apt-daily.timer.dsh-also <== /etc/systemd/system/timers.target.wants/apt-daily.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/bitlbee.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/bitlbee.service ==> /var/lib/systemd/deb-systemd-helper-enabled/avahi-daemon.socket.dsh-also <== /etc/systemd/system/sockets.target.wants/avahi-daemon.socket ==> /var/lib/systemd/deb-systemd-helper-enabled/cron.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/cron.service ==> /var/lib/systemd/deb-systemd-helper-enabled/bitlbee.socket.dsh-also <== /etc/systemd/system/sockets.target.wants/bitlbee.socket ==> /var/lib/systemd/deb-systemd-helper-enabled/apt-daily-upgrade.timer.dsh-also <== /etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/syslog.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/lxc-net.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/lxc-net.service ==> /var/lib/systemd/deb-systemd-helper-enabled/dbus-org.freedesktop.Avahi.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/shutdown.target.wants/unattended-upgrades.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/unattended-upgrades.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/unattended-upgrades.service ==> /var/lib/systemd/deb-systemd-helper-enabled/ssh.socket.dsh-also <== /etc/systemd/system/sockets.target.wants/ssh.socket ==> /var/lib/systemd/deb-systemd-helper-enabled/nullmailer.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/nullmailer.service ==> /var/lib/systemd/deb-systemd-helper-enabled/willie.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/willie.service
# UNCONFIGURED FSTAB FOR BASE SYSTEM
