Bug#858986: systemd-container: systemd-nspawn fails to spawn container from a read-only image

Sat Apr 29 17:05:29 BST 2017

On 28.04.2017 22:16, Michael Biebl wrote:
> Hi Felix
> 
Hi Michael,

> On Wed, 29 Mar 2017 12:20:52 +0200 Felix Wiedemann
> <1wiedema at informatik.uni-hamburg.de> wrote:
>> Package: systemd-container
>> Version: 232-19
>> Severity: normal
>>
>> Dear Maintainer,
>>
>> systemd-nspawn fails to spawn a container from an image which has a
>> read-only file system as root partition (SquashFS):
>>
>>   $ systemd-nspawn -i foo.img
>>   Spawning container foo.img on /home/felix/foo.img.
>>   Press ^] three times within 1s to kill container.
>>   Failed to create directory /tmp/nspawn-root-jvD8mU/sys: Read-only file system
>>
>> I filed the bug upstream [0] and it was fixed in systemd v233 [1].
>> Please consider backporting the patch to stretch.
>>
>> [0]: https://github.com/systemd/systemd/issues/4711
>> [1]: https://github.com/systemd/systemd/commit/acbbf69b718260755a5dff60dd68ba239ac0d61b
> 
> Have you confirmed that applying this commit on top of v232 fixes the
> issue you have? Otherwise, can you give me instructions how to create
> such a read-only image or provide one for me, so I can test it myself.
> 
I have a script attached to this mail which builds such a disk image.
Also, I verfied that `systemd-nspawn -i $IMAGE` with such a disk image
fails on stretch/v232 and on jessie-backports/v230. It works on jessie/v215.

I just tried to build systemd v232 with the commit applied on top, but
it does not compile because it's missing the type 'MountSettingsMask'. I
have not looked into that any further.

> Regards,
> Michael
> 
Thanks,
Felix

-------------- next part --------------
A non-text attachment was scrubbed...
Name: build-ro-disk-image.sh
Type: application/x-shellscript
Size: 413 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20170429/f9ec347f/attachment-0002.bin>