Bug#840529: systemd-sysctl.service does not run in LXC containers
Christian Hofstaedtler
zeha at debian.org
Thu Oct 13 17:14:00 BST 2016
* Felipe Sateler <fsateler at debian.org> [161013 17:39]:
> > systemd-sysctl.service does not start in LXC containters, as they
> > have /proc/sys R/O. *BUT* /proc/sys/net is R/W.
> 1. Have systemd-sysctl lose the ConditionPathIsReadWrite, and
> systemd-sysctl itself should check which prefixes are writable.
Or, for now, it could just fail for sysctls that are not writable.
Benefits: Similar to what the old sysctl tool would be doing. Also
very clear failure mode for these. (Ignoring them would be silent
failure...)
> 2. Have lxc (or the template) ship a new systemd-sysctl-net.service,
> that includes the new ExecStart and an updated
> ConditionPathIsReadWrite
>
> Option 2 looks like something that has a chance of being fixed in
> jessie, although by the LXC folks. Option 1 may be addressed upstream,
> but I don't think this fits backporting material.
I don't massively care about this in jessie; we already have a
workaround for it. But it'd be nice to get this fixed for stretch.
Having a fix in LXC sounds wrong to me - everything that depends on
template creations scripts has a high chance of failing. (A ton of
users do not run those creation scripts in the first place, but get
their templates from elsewhere, sometimes plain debootstrap.)
C.
--
,''`. Christian Hofstaedtler <zeha at debian.org>
: :' : Debian Developer
`. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03
`-
More information about the Pkg-systemd-maintainers
mailing list