Ubuntu
systemd package

Units using PrivateNetwork=yes don't work inside user namespaces

Bug #1656024 reported by Jeremy Bícha
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Won't Fix
Undecided
Unassigned
varnish (Ubuntu)
New
Undecided
Unassigned

Bug Description

lxd host is Ubuntu 17.04 Alpha amd64
lxd container is ubuntu:16.10

hostnamectl does not work inside the lxd container:

$ hostnamectl status
$ sudo hostnamectl set-hostname server.example.com
Could not set property: Connection timed out

Revision history for this message
Stéphane Graber (stgraber) wrote :

Jan 12 16:47:07 xen systemd[7897]: systemd-hostnamed.service: Failed at step NETWORK spawning /lib/systemd/systemd-hostnamed: Permission denied
Jan 12 16:47:07 xen systemd[1]: systemd-hostnamed.service: Main process exited, code=exited, status=225/NETWORK
Jan 12 16:47:07 xen systemd[1]: Failed to start Hostname Service.
Jan 12 16:47:07 xen systemd[1]: systemd-hostnamed.service: Unit entered failed state.
Jan 12 16:47:07 xen systemd[1]: systemd-hostnamed.service: Failed with result 'exit-code'.

Revision history for this message
Stéphane Graber (stgraber) wrote :

Looks like the problem is to do with systemd and it failing to spawn units that have:

PrivateNetwork=yes

I'm not sure exactly what systemd attempts to do which doesn't work in an unprivileged container, but the answer is almost certainly to have it not do that :)

Re-assigning bug to systemd.

affects: lxd (Ubuntu) → systemd (Ubuntu)
summary: - hostnamectl does not work inside lxd
+ Units using PrivateNetwork=yes don't work inside user namespaces
Revision history for this message
Stéphane Graber (stgraber) wrote :

You should be able to use "systemctl edit" to set PrivateNetwork=no as a temporary workaround.

Revision history for this message
Jeremy Bícha (jbicha) wrote :

Stéphane, thanks for looking into this. Is there a way I can set that by default for any new lxd containers I create, as a workaround?

Revision history for this message
Jeremy Bícha (jbicha) wrote :

I'm not sure how to use the "systemctl edit" command.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status: New → Confirmed
Revision history for this message
Marlin Cremers (marlinc) wrote :

I had the same problem using the varnishncsa service:

systemd[30274]: varnishncsa.service: Failed at step NETWORK spawning /usr/bin/varnishncsa: Permission denied

Overriding PrivateNetwork to be false seems to work as a workoround.

Revision history for this message
Dan Streetman (ddstreet) wrote :

please reopen if this is still an issue

Changed in systemd (Ubuntu):
status: Confirmed → Won't Fix
Revision history for this message
Michael (miiichael) wrote :

This might be a duplicate of https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1635382

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.