Bug#858149: systemd-nspawn: ephemeral flag ignored with raw images

Antoine Musso hashar at free.fr
Sat Mar 18 22:16:35 GMT 2017 

Package: systemd-container
Version: 230-7~bpo8+2
Severity: important

Dear Maintainer,

Short version
=============

Assuming one has an image /var/lib/machines/jessie.raw and spawn it
with: systemd-nspawn --ephemeral -m jessie
The jessie.raw ends up being modified.

Fix released with systemd 233 that should be backported:
https://github.com/poettering/systemd/commit/0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6

Longer version
==============

systemd-nspawn has a [-x|--ephemeral] option which is supposed to
snapshot the image and boot a container out of it. Once the container is
terminated, the snapshot is dismissed entirely.

The ephemeral option is ignored entirely when using a raw image, for
example via --machine which can load either a fs tree if the name match
a directory or a raw image if the base name match.

The upstream issue has a detailled reproducible case:
https://github.com/systemd/systemd/issues/4664

Original thread:
https://lists.freedesktop.org/archives/systemd-devel/2016-November/037699.html

The fix is commit 0f3be6ca4
https://github.com/poettering/systemd/commit/0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6

It seems straightforward to backport to jessie-backports and for
stretch.   Non ephemeral ephemeral containers sounds like a release
critical bug to me.


Note: upstream issue also state that junk files are left behind in host
/tmp there are a couple more commits to address that:
https://github.com/poettering/systemd/commit/64e604111a8466764f36ae8ac83d5d0c0addc024
https://github.com/poettering/systemd/commit/0f3be6ca4dbbac8350cd8f10a8968d31f7bc13b6

-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (500, 'stable'), (99, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd-container depends on:
ii  libacl1          2.2.52-2
ii  libblkid1        2.25.2-6
ii  libbz2-1.0       1.0.6-7+b3
ii  libc6            2.19-18+deb8u7
ii  libcurl3-gnutls  7.38.0-4+deb8u5
ii  libgcrypt20      1.6.3-2+deb8u2
ii  liblzma5         5.1.1alpha+20120614-2+b3
ii  libseccomp2      2.1.1-1
ii  libselinux1      2.3-2
ii  systemd          230-7~bpo8+2
ii  zlib1g           1:1.2.8.dfsg-2+b1

Versions of packages systemd-container recommends:
ii  btrfs-tools        3.17-1.1
ii  libnss-mymachines  230-7~bpo8+2

systemd-container suggests no packages.

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list