Bug#876103: systemd-nspawn: --read-only is broken
Michael Biebl
biebl at debian.org
Sun Dec 3 12:47:29 GMT 2017
Am 18.09.2017 um 15:43 schrieb Lauri Tirkkonen:
> Package: systemd-container
> Version: 232-25+deb9u1
> Severity: normal
>
> Dear Maintainer,
>
> on stretch, 'systemd-nspawn --read-only' fails to start the container
> entirely. Trivial test case:
>
> # machinectl pull-tar https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-root.tar.gz
> [ output omitted ]
> # systemd-nspawn -M xenial-server-cloudimg-amd64-root -- true
> # systemd-nspawn -M xenial-server-cloudimg-amd64-root --read-only -- true
> Spawning container xenial-server-cloudimg-amd64-root on /var/lib/machines/xenial-server-cloudimg-amd64-root.
> Press ^] three times within 1s to kill container.
> Failed to create directory /var/lib/machines/xenial-server-cloudimg-amd64-root/sys: Read-only file system
>
> (the first systemd-nspawn call is there to implicitly create some
> directories inside the container root that must exist for read-only to
> work)
>
> The expected behavior is that 'true' is executed in container and exit
> status 0 is returned; however, the container is not started and the exit
> status is 1.
>
> There is an upstream fix for this in
> https://github.com/systemd/systemd/pull/4693 --
> acbbf69b718260755a5dff60dd68ba239ac0d61b is the commit that actually
> fixes read-only containers, but it requires two other commits to apply
> cleanly. I applied the following sequence to systemd-container on
> stretch:
>
> https://github.com/systemd/systemd/commit/bdb4e0cb646ff33ecbb1cf4b502870f84bf4016d
> https://github.com/systemd/systemd/commit/4f086aab52812472a24c9b8b627589880a38696e
> https://github.com/systemd/systemd/commit/acbbf69b718260755a5dff60dd68ba239ac0d61b
>
> and it solved my problem. Could you backport these patches to stretch?
>
Those patches looks a bit invasive for a stretch stable upload.
But we do provide updated systemd versions with this fix via
stretch-backports:
https://packages.debian.org/source/stable-backports/systemd
Would that be sufficient for your case?
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20171203/57834118/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list