On Wed, Jul 24, 2024 at 09:06:13AM -0400, Nick Rosbrook wrote: > On Wed, Jul 24, 2024 at 8:18 AM Robie Basak <robie.ba...@ubuntu.com> wrote: > > There seems to be a second issue between systemd and lxd which > > security.nesting=true doesn't seem to fix: > > > > https://github.com/canonical/lxd/issues/13807 > > I cannot reproduce this with Oracular or Jammy containers running on a > Noble host. [1] However, also note that my containers are using ext4 > for the rootfs. Are you using ZFS? If so, this sounds similar to [2], > but we uploaded a workaround in systemd-sysusers for Noble (and it's > present in upstream >= v256) and I thought the kernel got fixed, too.
Thanks! A newer kernel is what I needed. IIUC, systemd 255.4-1ubuntu8 is supposed to handle an older kernel with this issue though, and it doesn't seem to? So I'm not sure if it's the same bug or not. > > I've just heard that Oracular Raspi pre-install images have been broken > > for a week for what appears to be the same reason. > > Is there a bug you can share? I have not seen details of this yet. The failures are here: https://launchpad.net/~ubuntu-cdimage/+livefs/ubuntu/oracular/ubuntu-preinstalled > > What do you think about kicking this systemd update back to > > oracular-proposed until it is resolved properly, and/or uploading a > > revert? > > I don't see sufficient evidence that this would help the situation. > But then again, I am confused about the details of this bug on > Oracular vs Jammy because your LXD issue is about Jammy, and I have > not seen any details for the Oracular Raspi issue. Sorry - I was looking at multiple lxd issues in the same week and I conflated them. This one was for a Noble host running a Jammy container and you're right to question that it has nothing to do with Oracular. I was surprised to see the security.nesting=true workaround going in to samba in LP: #2046486 though. That, together with developers having to set security.nesting=true everywhere to continue with their work, does still seem onerous. If this problem was introduced by a new systemd, why wouldn't a systemd revert help the situation? Robie -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
