systemd-sysusers cannot mount /dev in privileged containers (to pass credentials)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxd (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
systemd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
systemd-
```
# Optionally, pick up a root password and shell for the root user from a
# credential passed to the service manager. This is useful for importing this
# data from nspawn's --set-credential= switch.
LoadCredential=
LoadCredential=
LoadCredential=
```
Reproducer:
$ lxc profile set default security.privileged "true"
$ lxc launch ubuntu-daily:jammy test
$ lxc exec test bash
# add-apt-repository ppa:ci-
# apt install systemd # install systemd 249.5-2ubuntu1
# systemctl restart systemd-sysusers
# systemctl status systemd-sysusers
# system --status=failed
$ lxc profile set default security.privileged "false"
A workaround is to disable it via:
$ cat /etc/systemd/
[Service]
LoadCredential=
Interesting logs:
Nov 12 12:09:44 test systemd[1]: systemd-
Nov 12 12:09:44 test systemd[431]: Mounting /dev (MS_REC|MS_SLAVE "")...
Nov 12 12:09:44 test systemd[431]: Failed to mount n/a (type n/a) on /dev (MS_REC|MS_SLAVE ""): Permission denied
Nov 12 12:09:44 test systemd[430]: (sd-mkdcreds) failed with exit status 1.
Nov 12 12:09:44 test systemd[430]: systemd-
Nov 12 12:09:44 test systemd[430]: systemd-
Changed in systemd (Ubuntu): | |
status: | Fix Committed → Fix Released |
This commit seems to be related: https:/ /github. com/lxc/ distrobuilder/ commit/ 33a4302ca5a62ed 9eb9009dcc5059a ecfb55ba41 But why does it not work in privileged containers?