systemd: handle undelegated cgroup2 hierarchy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Fix Released
|
Undecided
|
Dimitri John Ledkov | ||
Xenial |
Invalid
|
Undecided
|
Unassigned | ||
Zesty |
Won't Fix
|
Undecided
|
Unassigned | ||
Artful |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Dimitri John Ledkov |
Bug Description
[Impact]
* When a container is presented with a unified cgroup hierarchy, which is not properly delegated, systemd should not attempt (and fail) to use. This improves compatibility of xenial containers running on unified cgroup hierarchy hosts.
[Test Case]
* Xenial containers should boot, with non-writable unified cgroup hierarchy hosts.
[Regression Potential]
* unified cgroup hierarchy is not in use by default on xenial hosts, thus this is forward compatibility improvment with e.g. bionic hosts running xenial containers.
[Other Info]
* Original bug report
Hey everyone,
Current systemd versions all fail when the unified cgroup hierarchy is not-writable. This is especially problematic in containers where the systemd administrator might decide to not delegate the unified hierarchy or when running with a liblxc driver that doesn't yet know how to handle the unified cgroup hierarchy. I've pushed patches to systemd upstream that let systemd ingnore the non-delegated unified hierarchy. The relevant commits are:
e07aefbd675b651
2d56b80a1855836
1ff654e28b7b8e7
These patches will be in 236 but should be backported from xenial upwards.
Christian
CVE References
Changed in systemd (Ubuntu Artful): | |
status: | New → In Progress |
Changed in systemd (Ubuntu Zesty): | |
status: | New → Won't Fix |
Changed in systemd (Ubuntu Xenial): | |
status: | New → In Progress |
description: | updated |
tags: |
added: verification-done-artful removed: verification-needed verification-needed-artful |
These did not make v235, I guess you meant v236. Description updated.