Bug#876103: systemd-nspawn: --read-only is broken

Sun, 03 Dec 2017 04:52:20 -0800 

Am 18.09.2017 um 15:43 schrieb Lauri Tirkkonen:
> Package: systemd-container
> Version: 232-25+deb9u1
> Severity: normal
> 
> Dear Maintainer,
> 
> on stretch, 'systemd-nspawn --read-only' fails to start the container
> entirely. Trivial test case:
> 
>     # machinectl pull-tar 
> https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-root.tar.gz
>     [ output omitted ]
>     # systemd-nspawn -M xenial-server-cloudimg-amd64-root -- true
>     # systemd-nspawn -M xenial-server-cloudimg-amd64-root --read-only -- true
>     Spawning container xenial-server-cloudimg-amd64-root on 
> /var/lib/machines/xenial-server-cloudimg-amd64-root.
>     Press ^] three times within 1s to kill container.
>     Failed to create directory 
> /var/lib/machines/xenial-server-cloudimg-amd64-root/sys: Read-only file system
> 
> (the first systemd-nspawn call is there to implicitly create some
> directories inside the container root that must exist for read-only to
> work)
> 
> The expected behavior is that 'true' is executed in container and exit
> status 0 is returned; however, the container is not started and the exit
> status is 1.
> 
> There is an upstream fix for this in
> https://github.com/systemd/systemd/pull/4693 --
> acbbf69b718260755a5dff60dd68ba239ac0d61b is the commit that actually
> fixes read-only containers, but it requires two other commits to apply
> cleanly. I applied the following sequence to systemd-container on
> stretch:
> 
> https://github.com/systemd/systemd/commit/bdb4e0cb646ff33ecbb1cf4b502870f84bf4016d
> https://github.com/systemd/systemd/commit/4f086aab52812472a24c9b8b627589880a38696e
> https://github.com/systemd/systemd/commit/acbbf69b718260755a5dff60dd68ba239ac0d61b
> 
> and it solved my problem. Could you backport these patches to stretch?
> 

Those patches looks a bit invasive for a stretch stable upload.
But we do provide updated systemd versions with this fix via
stretch-backports:
https://packages.debian.org/source/stable-backports/systemd

Would that be sufficient for your case?

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers

Reply via email to