[Bug 2092718] Re: systemd-resolved not starting after do-release-upgrade to 24.04

Nick Rosbrook 2092718 at bugs.launchpad.net
Thu Jan 16 19:57:35 UTC 2025 

Newer versions of systemd ships services that utilized systemd
credentials more[1].

Unfortunately, lxd's default apparmor restrictions are overly
restrictive and prevent these from working. Assuming you are using
unprivileged containers, the solution is to set security.nesting=true in
the LXD config. This is NOT safe for privileged containers.

[1] https://systemd.io/CREDENTIALS/

** Package changed: ubuntu-release-upgrader (Ubuntu) => systemd (Ubuntu)

** Changed in: systemd (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2092718

Title:
  systemd-resolved not starting after do-release-upgrade to 24.04

Status in systemd package in Ubuntu:
  Invalid

Bug description:
  I have a system originally installed with Ubuntu 16.04 that I today
  ugraded to 24.04. It's an lxc vm in case that matters.

  After the upgrade, systemd-resolved refused to start. When enabling
  systemd debug output this is the log:

  ```
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Trying to enqueue job systemd-resolved.service/start/replace
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Installed new job systemd-resolved.service/start as 29754
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Enqueued job systemd-resolved.service/start as 29754
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Will spawn child (service_enter_start): /usr/lib/systemd/systemd-resolved
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Passing 0 fds to service
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: About to execute: /usr/lib/systemd/systemd-resolved
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Forked /usr/lib/systemd/systemd-resolved as 5038
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Changed failed -> start
  Dec 30 10:44:54 dev systemd[1]: Starting systemd-resolved.service - Network Name Resolution...
  ░░ Subject: A start job for unit systemd-resolved.service has begun execution
  ░░ Defined-By: systemd
  ░░ Support: http://www.ubuntu.com/support
  ░░ 
  ░░ A start job for unit systemd-resolved.service has begun execution.
  ░░ 
  ░░ The job identifier is 29754.
  Dec 30 10:44:54 dev (resolved)[5038]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: User lookup succeeded: uid=102 gid=104
  Dec 30 10:44:54 dev (resolved)[5038]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
  Dec 30 10:44:54 dev (resolved)[5038]: Successfully forked off '(sd-mkdcreds)' as PID 5039.
  Dec 30 10:44:54 dev (resolved)[5038]: (sd-mkdcreds) failed with exit status 1.
  Dec 30 10:44:54 dev (resolved)[5038]: systemd-resolved.service: Failed to set up credentials: Protocol error
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Child 5038 belongs to systemd-resolved.service.
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=243/CREDENTIALS
  ░░ Subject: Unit process exited
  ░░ Defined-By: systemd
  ░░ Support: http://www.ubuntu.com/support
  ░░ 
  ░░ An ExecStart= process belonging to unit systemd-resolved.service has exited.
  ░░ 
  ░░ The process' exit code is 'exited' and its exit status is 243.
  Dec 30 10:44:54 dev systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
  ░░ Subject: Unit failed
  ░░ Defined-By: systemd
  ░░ Support: http://www.ubuntu.com/support
  ░░ 
  ░░ The unit systemd-resolved.service has entered the 'failed' state with result 'exit-code'.
  ```

  Since it mentioned `sd-mkdcreds` failing I figured it might be
  apparmor related, but couldn't figure out exactly where as I'm not to
  familiar with apparmor. I decided to disable it completely using lxc:

  ```
  config:
    raw.lxc: |
      lxc.apparmor.profile = unconfined
  ```

  With that change, the system starts normally.

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: ubuntu-release-upgrader-core 1:24.04.23
  ProcVersionSignature: Ubuntu 6.8.0-49.49~22.04.1-generic 6.8.12
  Uname: Linux 6.8.0-49-generic x86_64
  ApportVersion: 2.28.1-0ubuntu3.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CrashDB: ubuntu
  Date: Mon Dec 30 10:52:15 2024
  JournalErrors:
   Dec 30 10:49:28 hostname (cron)[254]: cron.service: Referenced but unset environment variable evaluates to an empty string: EXTRA_OPTS
   Dec 30 10:49:28 hostname systemd[1]: Cannot find unit for notify message of PID 301, ignoring.
   Dec 30 10:51:59 hostname systemd[1]: Configuration file /run/systemd/system/netplan-ovs-cleanup.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
   Dec 30 10:51:59 hostname systemd[1]: Configuration file /run/systemd/system/netplan-ovs-cleanup.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
   Dec 30 10:52:00 hostname systemd[1]: Configuration file /run/systemd/system/netplan-ovs-cleanup.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
  PackageArchitecture: all
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
  SourcePackage: ubuntu-release-upgrader
  UpgradeStatus: Upgraded to noble on 2024-12-30 (0 days ago)
  VarLogDistupgradeXorgFixuplog:
   INFO:root:/usr/bin/do-release-upgrade running
   INFO:root:No xorg.conf, exiting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2092718/+subscriptions

More information about the foundations-bugs mailing list