[Bug 1999275] Re: systemd-binfmt.service fails in tests-in-lxd
Launchpad Bug Tracker
1999275 at bugs.launchpad.net
Fri Jan 27 04:42:11 UTC 2023
This bug was fixed in the package systemd - 252.4-1ubuntu1
---------------
systemd (252.4-1ubuntu1) lunar; urgency=medium
* Drop oomd-fix-unreachable-test-case-in-test-oomd-util.patch.
Applied upstream: https://github.com/systemd/systemd-stable/commit/bcd42b3c88
File: debian/patches/oomd-fix-unreachable-test-case-in-test-oomd-util.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=93cf2f4709a6768d6eeb04153c92bffec0726753
* Drop oomd-always-allow-root-owned-cgroups-to-set-ManagedOOMPre.patch.
Applied upstream: https://github.com/systemd/systemd-stable/commit/2bdf5b0382
File: debian/patches/oomd-always-allow-root-owned-cgroups-to-set-ManagedOOMPre.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=24f51625bcec9a7b4f32a0caf363b000b173748b
* debian/rules: remove explicit -fcf-protection flag.
This is included in the default gcc flags on Ubuntu[1], so we do not need
this anymore. Drop the diff to reduce our delta from Debian.
[1] https://wiki.ubuntu.com/ToolChain/CompilerFlags#A-fcf-protection
File: debian/rules
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b72bf5bb964aa89769417491fcc99926a06490ba
* Revert "Drop systemd.prerm safety check."
This reverts commit 0244c4d56556317f14eecc2f51871969ef02ba7b.
systemd does not run in a chroot, so /run/systemd/system should not
exist in chroots. Debian has kept this without issue, so revert this in
order to reduce delta with Debian.
File: debian/systemd.prerm
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d7df55f11603022cde6cf897aaddc02624e79336
* Drop 0001-Revert-tests-add-test-case-for-UMask-BindPaths-combi.patch.
This patch is specific to privileged LXD containers, which we are not
testing anymore, so there is no need to carry the patch anymore.
File: debian/patches/0001-Revert-tests-add-test-case-for-UMask-BindPaths-combi.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2acbc4741346c684ea3fa8aecf1d6ed88a7444cd
* binfmt: fix systemd-binfmt in LXD containers (LP: #1999275)
Files:
- debian/patches/lp1999275-binfmt-check-if-binfmt-is-mounted-before-applying-rules.patch
- debian/patches/lp1999275-binfmt-util-also-check-if-binfmt-is-mounted-in-read-write.patch
- debian/patches/lp1999275-binfmt-util-split-out-binfmt_mounted.patch
- debian/patches/lp1999275-stat-util-introduce-fd_is_read_only_fs.patch
- debian/patches/lp1999275-unit-check-more-specific-path-to-be-written-by-systemd-bi.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=41fa3a0420c5633200ecd60add6cadb149c98ccd
* debian/patches: update test-skip-some-tests-when-machine-id-is-not-initialized.patch.
The latest stable tag includes some, but not all patches which [1] needs
to work correctly. For now, just simplify the `machine_id_initialized()`
helper and make a note in the patch that the changes were forwarded
upstream.
[1] https://github.com/systemd/systemd/pull/25732
File: debian/patches/test-skip-some-tests-when-machine-id-is-not-initialized.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d17ca14b237f477899c7af793b698dc0740985d1
systemd (252.4-1) unstable; urgency=medium
* Enable p11kit. Backport patch to dlopen-ify p11kit support and enable
it. (Closes: #1023635)
* New upstream version 252.4. (Closes: #1026831 and fixes CVE-2022-4415)
* Refresh patches
* Bump Standards-Version to 4.6.2, no changes
systemd (252.3-2) unstable; urgency=medium
* Skip flaky test_resolved_domain_restricted_dns in networkd-test.py.
This test is part of DnsmasqClientTest and does not work reliably under
LXC/debci, so skip it for the time being. (Closes: #1025908)
systemd (252.3-1) unstable; urgency=medium
* New upstream version 252.3
* Rebase patches
systemd (252.2-2) unstable; urgency=medium
* Keep policykit-1 as alternative dependency to polkitd for systemd.
This will make backports easier.
* Update remaining policykit-1 (test) dependencies and prefer polkitd.
Keep the policykit-1 dependency as alternative for easier backports.
(Closes: #1025591)
systemd (252.2-1) unstable; urgency=medium
[ Helmut Grohne ]
* Explicitly B-D on libcrypt-dev (Closes: #1024646)
[ Nick Rosbrook ]
* Add handling for /etc/default/locale to firstboot. The TEST-74-AUX-
UTILS upstream test revealed that firstboot does not currently handle
Debian's /etc/default/locale.
[ Luca Boccassi ]
* Build depend on dh-package-notes, sequence was removed. Only the
makefile is in use now, no files are generated at build time as
--package-metadata from the linkers is used now
* New upstream version 252.2
* Refresh patches
-- Nick Rosbrook <nick.rosbrook at canonical.com> Wed, 04 Jan 2023
13:56:18 -0500
** Changed in: systemd (Ubuntu)
Status: Triaged => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4415
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1999275
Title:
systemd-binfmt.service fails in tests-in-lxd
Status in systemd package in Ubuntu:
Fix Released
Bug description:
The systemd-binfmt.service requires read-write access to
/proc/sys/fs/binfmt_misc, but this is not possible in unprivileged LXD
containers without binfmt_misc namespace support in the kernel [1].
When this service is triggered, we get the following failure from
test_no_failed within tests-in-lxd:
No failed units ... -------- journal for failed service systemd-binfmt.service -----------
Dec 08 10:43:37 autopkgtest-lxd-qicaxl systemd[1]: Starting Set Up Additional Binary Formats...
Dec 08 10:43:37 autopkgtest-lxd-qicaxl systemd-binfmt[99]: Failed to flush binfmt_misc rules, ignoring: Permission denied
Dec 08 10:43:37 autopkgtest-lxd-qicaxl systemd-binfmt[99]: /usr/lib/binfmt.d/python3.10.conf:1: Failed to delete rule 'python3.10', ignoring: Permission denied
Dec 08 10:43:37 autopkgtest-lxd-qicaxl systemd-binfmt[99]: /usr/lib/binfmt.d/python3.10.conf:1: Failed to add binary format 'python3.10': Permission denied
Dec 08 10:43:37 autopkgtest-lxd-qicaxl systemd[1]: systemd-binfmt.service: Main process exited, code=exited, status=1/FAILURE
Dec 08 10:43:37 autopkgtest-lxd-qicaxl systemd[1]: systemd-binfmt.service: Failed with result 'exit-code'.
Dec 08 10:43:37 autopkgtest-lxd-qicaxl systemd[1]: Failed to start Set Up Additional Binary Formats.
FAIL
test_rsyslog (__main__.ServicesTest) ... ok
test_tmp_cleanup (__main__.ServicesTest) ... ok
test_tmp_mount (__main__.ServicesTest) ... ok
test_udev (__main__.ServicesTest) ... skipped 'udev does not work in containers'
======================================================================
FAIL: test_no_failed (__main__.ServicesTest)
No failed units
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/autopkgtest.METFVA/build.LjB/real-tree/debian/tests/boot-and-services", line 74, in test_no_failed
self.assertEqual(failed, [])
AssertionError: Lists differ: ['systemd-binfmt.service loaded failed failed Set Up Additional Binary Formats'] != []
First list contains 1 additional elements.
First extra element 0:
'systemd-binfmt.service loaded failed failed Set Up Additional Binary Formats'
- ['systemd-binfmt.service loaded failed failed Set Up Additional Binary Formats']
+ []
The systemd-binfmt.service is only started if there is a configuration
to be loaded from one of the valid configuration directories (e.g.
/usr/lib/binfmt.d/python3.10.conf). Previously, no such file was
installed in the test LXD images, but a recent upload of python3.10
added support for systemd-binfmt [2].
[1] https://discuss.linuxcontainers.org/t/3-1-0-binfmt-support-service-in-unprivileged-guest-requires-write-access-on-hosts-proc-sys-fs-binfmt-misc/5249
[2] https://launchpadlibrarian.net/632281245/python3.10_3.10.8-1_3.10.8-3.diff.gz
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1999275/+subscriptions
More information about the foundations-bugs
mailing list