Hi, On Fri, Jul 26, 2024 at 12:20 PM Robie Basak <robie.ba...@ubuntu.com> wrote: > > On Wed, Jul 24, 2024 at 09:06:13AM -0400, Nick Rosbrook wrote: > > On Wed, Jul 24, 2024 at 8:18 AM Robie Basak <robie.ba...@ubuntu.com> wrote: > > > There seems to be a second issue between systemd and lxd which > > > security.nesting=true doesn't seem to fix: > > > > > > https://github.com/canonical/lxd/issues/13807 > > > > I cannot reproduce this with Oracular or Jammy containers running on a > > Noble host. [1] However, also note that my containers are using ext4 > > for the rootfs. Are you using ZFS? If so, this sounds similar to [2], > > but we uploaded a workaround in systemd-sysusers for Noble (and it's > > present in upstream >= v256) and I thought the kernel got fixed, too. > > Thanks! A newer kernel is what I needed. IIUC, systemd 255.4-1ubuntu8 is > supposed to handle an older kernel with this issue though, and it > doesn't seem to? So I'm not sure if it's the same bug or not. > > > > I've just heard that Oracular Raspi pre-install images have been broken > > > for a week for what appears to be the same reason. > > > > Is there a bug you can share? I have not seen details of this yet. > > The failures are here: > https://launchpad.net/~ubuntu-cdimage/+livefs/ubuntu/oracular/ubuntu-preinstalled > > > > What do you think about kicking this systemd update back to > > > oracular-proposed until it is resolved properly, and/or uploading a > > > revert? > > > > I don't see sufficient evidence that this would help the situation. > > But then again, I am confused about the details of this bug on > > Oracular vs Jammy because your LXD issue is about Jammy, and I have > > not seen any details for the Oracular Raspi issue. > > Sorry - I was looking at multiple lxd issues in the same week and I > conflated them. This one was for a Noble host running a Jammy container > and you're right to question that it has nothing to do with Oracular. > > I was surprised to see the security.nesting=true workaround going in to > samba in LP: #2046486 though. That, together with developers having to
My understanding is that workaround is temporary. Am I mistaken? -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
