| 2019-01-29 12:54:30 |
Dimitri John Ledkov |
description |
This is a regression from 239-7ubuntu15 to 240-5ubuntu1.
Steps to reproduce:
lxc launch ubuntu-daily:disco rbasak-resolv
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe running
echo "deb http://archive.ubuntu.com/ubuntu/ disco-proposed main universe multiverse restricted" >> /etc/apt/sources.list
apt update
# Update to 240-5ubuntu1 from proposed
apt install systemd libsystemd0 systemd-sysv libnss-systemd libpam-systemd
reboot
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe failed
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-01-28 16:50:37 UTC; 2min 28s ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Process: 290 ExecStart=/lib/systemd/systemd-resolved (code=exited, status=226/NAMESPACE)
Main PID: 290 (code=exited, status=226/NAMESPACE)
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Stopped Network Name Resolution.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Failed to start Network Name Resolution.
This causes /etc/resolv.conf to point to a file that isn't created, so all name resolution fails. As far as I can determine, landing this in the release pocket would cause all default LXD containers to stop working.
In my case it breaks "autopkgtest -U --apt-pocket=proposed ... -- lxd ubuntu-daily:disco"
Tagging block-proposed as migration would regress the release pocket, and marking Critical as it breaks the system (presumably only in a container though, and it is only in proposed currently). |
This is a regression from 239-7ubuntu15 to 240-5ubuntu1.
Steps to reproduce:
lxc launch ubuntu-daily:disco rbasak-resolv
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe running
echo "deb http://archive.ubuntu.com/ubuntu/ disco-proposed main universe multiverse restricted" >> /etc/apt/sources.list
apt update
# Update to 240-5ubuntu1 from proposed
apt install systemd libsystemd0 systemd-sysv libnss-systemd libpam-systemd
reboot
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe failed
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-01-28 16:50:37 UTC; 2min 28s ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Process: 290 ExecStart=/lib/systemd/systemd-resolved (code=exited, status=226/NAMESPACE)
Main PID: 290 (code=exited, status=226/NAMESPACE)
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Stopped Network Name Resolution.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Failed to start Network Name Resolution.
This causes /etc/resolv.conf to point to a file that isn't created, so all name resolution fails. As far as I can determine, landing this in the release pocket would cause all default LXD containers to stop working.
In my case it breaks "autopkgtest -U --apt-pocket=proposed ... -- lxd ubuntu-daily:disco"
Tagging block-proposed as migration would regress the release pocket, and marking Critical as it breaks the system (presumably only in a container though, and it is only in proposed currently).
=== Workaround ===
$ lxc config set improved-kodiak raw.apparmor 'mount options=(ro,nodev,remount,bind),
mount options=(ro,nosuid,nodev,remount,bind),
mount options=(ro,nosuid,noexec,remount,strictatime),
mount options=(ro,nosuid,nodev,noexec,remount,bind),' |
|
| 2019-01-29 13:11:22 |
Dimitri John Ledkov |
description |
This is a regression from 239-7ubuntu15 to 240-5ubuntu1.
Steps to reproduce:
lxc launch ubuntu-daily:disco rbasak-resolv
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe running
echo "deb http://archive.ubuntu.com/ubuntu/ disco-proposed main universe multiverse restricted" >> /etc/apt/sources.list
apt update
# Update to 240-5ubuntu1 from proposed
apt install systemd libsystemd0 systemd-sysv libnss-systemd libpam-systemd
reboot
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe failed
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-01-28 16:50:37 UTC; 2min 28s ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Process: 290 ExecStart=/lib/systemd/systemd-resolved (code=exited, status=226/NAMESPACE)
Main PID: 290 (code=exited, status=226/NAMESPACE)
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Stopped Network Name Resolution.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Failed to start Network Name Resolution.
This causes /etc/resolv.conf to point to a file that isn't created, so all name resolution fails. As far as I can determine, landing this in the release pocket would cause all default LXD containers to stop working.
In my case it breaks "autopkgtest -U --apt-pocket=proposed ... -- lxd ubuntu-daily:disco"
Tagging block-proposed as migration would regress the release pocket, and marking Critical as it breaks the system (presumably only in a container though, and it is only in proposed currently).
=== Workaround ===
$ lxc config set improved-kodiak raw.apparmor 'mount options=(ro,nodev,remount,bind),
mount options=(ro,nosuid,nodev,remount,bind),
mount options=(ro,nosuid,noexec,remount,strictatime),
mount options=(ro,nosuid,nodev,noexec,remount,bind),' |
This is a regression from 239-7ubuntu15 to 240-5ubuntu1.
Steps to reproduce:
lxc launch ubuntu-daily:disco rbasak-resolv
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe running
echo "deb http://archive.ubuntu.com/ubuntu/ disco-proposed main universe multiverse restricted" >> /etc/apt/sources.list
apt update
# Update to 240-5ubuntu1 from proposed
apt install systemd libsystemd0 systemd-sysv libnss-systemd libpam-systemd
reboot
lxc exec rbasak-resolv bash
systemctl status systemd-resolved # observe failed
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-01-28 16:50:37 UTC; 2min 28s ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Process: 290 ExecStart=/lib/systemd/systemd-resolved (code=exited, status=226/NAMESPACE)
Main PID: 290 (code=exited, status=226/NAMESPACE)
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Stopped Network Name Resolution.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Jan 28 16:50:37 rbasak-resolv systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Jan 28 16:50:37 rbasak-resolv systemd[1]: Failed to start Network Name Resolution.
This causes /etc/resolv.conf to point to a file that isn't created, so all name resolution fails. As far as I can determine, landing this in the release pocket would cause all default LXD containers to stop working.
In my case it breaks "autopkgtest -U --apt-pocket=proposed ... -- lxd ubuntu-daily:disco"
Tagging block-proposed as migration would regress the release pocket, and marking Critical as it breaks the system (presumably only in a container though, and it is only in proposed currently).
=== Workaround ===
$ lxc config set test-v240 raw.apparmor 'mount options=(ro,nodev,remount,bind),
mount options=(ro,nosuid,nodev,remount,bind),
mount options=(ro,nosuid,noexec,remount,strictatime),
mount options=(ro,nosuid,noexec,remount,bind,strictatime),
mount options=(ro,nosuid,nodev,noexec,remount,bind),' |
|
