Thanks Vincent. I think I got some hints: I downloaded the package from Jammy, I unpacked it and then ran a diff on the systemd unit file for the udev service (since in the documentation of udev[1] it's written that programs are executed in a sandbox) from the version in Focal:
========== --- /lib/systemd/system/systemd-udevd.service 2022-04-21 15:54:39.000000000 +0300 +++ lib/systemd/system/systemd-udevd.service 2022-04-07 22:28:15.000000000 +0300 @@ -1,4 +1,4 @@ -# SPDX-License-Identifier: LGPL-2.1+ +# SPDX-License-Identifier: LGPL-2.1-or-later # # This file is part of systemd. # @@ -8,7 +8,7 @@ # (at your option) any later version. [Unit] -Description=udev Kernel Device Manager +Description=Rule-based Manager for Device Events and Files Documentation=man:systemd-udevd.service(8) man:udev(7) DefaultDependencies=no After=systemd-sysusers.service systemd-hwdb-update.service @@ -16,8 +16,10 @@ ConditionPathIsReadWrite=/sys [Service] +DeviceAllow=block-* rwm +DeviceAllow=char-* rwm Type=notify -# Note that udev also adjusts the OOM score internally and will reset the value internally for its workers +# Note that udev will reset the value internally for its workers OOMScoreAdjust=-1000 Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket Restart=always @@ -27,11 +29,14 @@ KillMode=mixed TasksMax=infinity PrivateMounts=yes +ProtectClock=yes ProtectHostname=yes MemoryDenyWriteExecute=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 RestrictRealtime=yes RestrictSUIDSGID=yes +SystemCallFilter=@system-service @module @raw-io bpf +SystemCallErrorNumber=EPERM LockPersonality=yes IPAddressDeny=any WatchdogSec=3min ========== I need to double-check, but I suspect that the SystemCallFilterAddition might be causing problems. Vince, can you please make a backup copy of /lib/systemd/system/systemd- udevd.service, then remove the two SystemCallFilter and SystemCallErrorNumber lines, reboot and see if the errors are gone? If they are, then please restore the original file, and try adding "@process" to the SystemCallFilter list; then reboot and see if it helped. Or you can have a look at the possible values here [2] and try understanding which ones are necessary. Though if you don't have time, don't worry too much with this: it's something that we should be able to determine ourselves. [1]: https://www.freedesktop.org/software/systemd/man/udev.html [2]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#SystemCallFilter= -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1971955 Title: systemd-udevd call unshare process when attaching nvme volume Status in dellserver: New Status in linux package in Ubuntu: Invalid Status in snapd package in Ubuntu: In Progress Bug description: env: PRETTY_NAME="Ubuntu 22.04 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04 (Jammy Jellyfish)" VERSION_CODENAME=jammy # lsb_release -rd Description: Ubuntu 22.04 LTS Release: 22.04 host connect dellemc powerstore with nvme-tcp connection # nvme list-subsys nvme-subsys0 - NQN=nqn.1988-11.com.dell:powerstore:00:d42d581e674f2B16F2E2 \ +- nvme1 tcp traddr=172.16.100.165 trsvcid=4420 live +- nvme2 tcp traddr=172.16.200.164 trsvcid=4420 live +- nvme3 tcp traddr=172.16.200.165 trsvcid=4420 live +- nvme4 tcp traddr=172.16.100.164 trsvcid=4420 live when attaching new volume to host. systemd-udevd trigger unshare process to run snap import command on new volumes and it fail. volume finally map to host. it doesn't affect volume usage. but some udev rule need to check for this strange behavior. May 06 08:16:43 e2e-l4-094051 systemd-udevd[33374]: nvme0n234: Process '/usr/bin/unshare -m /usr/bin/snap auto-import --mount=/dev/nvme0n234' failed with exit code 1. May 06 08:16:43 e2e-l4-094051 systemd-udevd[33371]: nvme0n232: Process '/usr/bin/unshare -m /usr/bin/snap auto-import --mount=/dev/nvme0n232' failed with exit code 1. May 06 08:16:43 e2e-l4-094051 systemd-udevd[33378]: nvme0n236: Process '/usr/bin/unshare -m /usr/bin/snap auto-import --mount=/dev/nvme0n236' failed with exit code 1. May 06 08:16:43 e2e-l4-094051 systemd-udevd[33384]: nvme0n239: Process '/usr/bin/unshare -m /usr/bin/snap auto-import --mount=/dev/nvme0n239' failed with exit code 1. --- ProblemType: Bug AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 May 6 08:14 seq crw-rw---- 1 root audio 116, 33 May 6 08:14 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: N/A CasperMD5CheckResult: pass DistroRelease: Ubuntu 22.04 InstallationDate: Installed on 2022-05-04 (2 days ago) InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220421) IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lsusb: Bus 002 Device 002: ID 8087:8002 Intel Corp. 8 channel internal hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 413c:a001 Dell Computer Corp. Hub Bus 001 Device 002: ID 8087:800a Intel Corp. Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Lsusb-t: /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/8p, 480M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/6p, 480M |__ Port 6: Dev 3, If 0, Class=Hub, Driver=hub/6p, 480M Package: linux (not installed) PciMultimedia: ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 mgag200drmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-27-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30 RelatedPackageVersions: linux-restricted-modules-5.15.0-27-generic N/A linux-backports-modules-5.15.0-27-generic N/A linux-firmware 20220329.git681281e4-0ubuntu1 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' Tags: jammy uec-images Uname: Linux 5.15.0-27-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: N/A _MarkForUpload: True dmi.bios.date: 05/14/2021 dmi.bios.release: 2.13 dmi.bios.version: 2.13.0 dmi.board.name: 072T6D dmi.board.version: A01 dmi.chassis.type: 23 dmi.modalias: dmi:bvn:bvr2.13.0:bd05/14/2021:br2.13:svn:pn:pvr:rvn:rn072T6D:rvrA01:cvn:ct23:cvr:skuSKU=NotProvided;ModelName=: dmi.product.sku: SKU=NotProvided;ModelName= To manage notifications about this bug go to: https://bugs.launchpad.net/dellserver/+bug/1971955/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
