Bug#840529: systemd-sysctl.service does not run in LXC containers
Felipe Sateler
fsateler at debian.org
Thu Oct 13 17:29:02 BST 2016
On 13 October 2016 at 13:14, Christian Hofstaedtler <zeha at debian.org> wrote:
> * Felipe Sateler <fsateler at debian.org> [161013 17:39]:
>> > systemd-sysctl.service does not start in LXC containters, as they
>> > have /proc/sys R/O. *BUT* /proc/sys/net is R/W.
>
>> 1. Have systemd-sysctl lose the ConditionPathIsReadWrite, and
>> systemd-sysctl itself should check which prefixes are writable.
>
> Or, for now, it could just fail for sysctls that are not writable.
> Benefits: Similar to what the old sysctl tool would be doing. Also
> very clear failure mode for these. (Ignoring them would be silent
> failure...)
So, warning messages would appear.
>
>> 2. Have lxc (or the template) ship a new systemd-sysctl-net.service,
>> that includes the new ExecStart and an updated
>> ConditionPathIsReadWrite
>>
>> Option 2 looks like something that has a chance of being fixed in
>> jessie, although by the LXC folks. Option 1 may be addressed upstream,
>> but I don't think this fits backporting material.
>
> I don't massively care about this in jessie; we already have a
> workaround for it. But it'd be nice to get this fixed for stretch.
>
> Having a fix in LXC sounds wrong to me - everything that depends on
> template creations scripts has a high chance of failing. (A ton of
> users do not run those creation scripts in the first place, but get
> their templates from elsewhere, sometimes plain debootstrap.)
OK, I have looked it up, and the Condition is introduced in commit
f2a46f8da5, with message:
units: run sysctl stuff only when /proc/sys is actually writable, to
quieten container boots a little
Could you file this upstream? I'm not sure we want to deviate from
upstream here...
--
Saludos,
Felipe Sateler
More information about the Pkg-systemd-maintainers
mailing list