So I'm confused, wasn't the SRU supposed to have been fixed for this? We're still getting reports of users that have a broken snapd because of this issue, some of whom then decided to switch to privileged containers just to avoid this problem, therefore loosing a lot of LXD's security features and potentially exposing their hosts to attacks...
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1709536 Title: snapd 2.26.14 on ubuntu-core won't start in containers anymore Status in Snap Layer: New Status in snapd: New Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Confirmed Status in systemd source package in Artful: Fix Released Bug description: It looks like snapd in ubuntu-core (2.26.14 here) has been modified to use a negative Nice value in systemd. Systemd seems to treat a failure to apply the requested Nice value as critical to unit startup. Unprivileged LXD containers do not allow the use of negative nice values as those are restricted to the real root user. I believe the optimal fix would be for systemd to ignore permission errors when attempting to setup such custom nice values in containers but if that can't be resolved quickly, then it means that snapd will now fail to start inside containers. Aug 09 05:54:37 core systemd[1]: snapd.service: Main process exited, code=exited, status=201/NICE Aug 09 05:54:37 core systemd[1]: snapd.service: Unit entered failed state. Aug 09 05:54:37 core systemd[1]: snapd.service: Failed with result 'exit-code'. I have confirmed that setting up a unit override by hand which sets Nice=0 does resolve the problem, confirming that the negative Nice value is the problem (snapd.service has Nice=-5 here). To manage notifications about this bug go to: https://bugs.launchpad.net/layer-snap/+bug/1709536/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
