Ubuntu
systemd package

transient scope could not be started error in bionic lxd container

  1. Bionic (18.04)
  2. Bug #1965328
Bug #1965328 reported by Jonathan Cave
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
snapd
New
Undecided
Unassigned
systemd (Ubuntu)
Invalid
Undecided
Unassigned
Bionic
New
Low
Unassigned

Bug Description

On my impish development host machine I tend to use lxd containers to support snap building and other tasks targeting different releases. Today I came to use a bionic container as per usual and found that I could not invoke any snap applications. I installed hello-world as the most simple test of running a snap app:

```
ubuntu@b:~$ hello-world
internal error, please report: running "hello-world" failed: transient scope could not be started, job /org/freedesktop/systemd1/job/44 finished with result failed
```

I made sure the container had up to date packages in it (apt & snaps) and rebooted it. But the problem persisted. I then created a second container and installed hello-world in it and again the problem was reproducible. At the time of producing the following attachments I had not attempted to reboot the host.

Revision history for this message
Jonathan Cave (jocave) wrote :
Revision history for this message
Jonathan Cave (jocave) wrote :
Revision history for this message
Jonathan Cave (jocave) wrote :
Revision history for this message
Maciej Borzecki (maciek-borzecki) wrote :

Let me reiterate what I mentioned in the MM channel. The snap in question apparently uses device access in which case we'll set up device filtering. The host being impish, uses cgroup v2, which percolates to the container. Since it's v2, device filtering is implemented by attaching a BPF program on the cgorup, hence we need to have a separate group otherwise we'd break your session. Snap will ask your systemd --user to create a transient scope for the app, but looking at the logs this fails with:

Mar 17 16:13:22 b2 systemd[2487]: snap.snapcraft.snapcraft.237e42c2-4906-439b-a992-743647600bc6.scope: Failed to add PIDs to scope's control
Mar 17 16:13:22 b2 systemd[2487]: snap.snapcraft.snapcraft.237e42c2-4906-439b-a992-743647600bc6.scope: Failed with result 'resources'.
Mar 17 16:13:22 b2 systemd[2487]: Failed to start snap.snapcraft.snapcraft.237e42c2-4906-439b-a992-743647600bc6.scope.

At this point running snap will fail and the sandbox cannot be completed.

I think the main problem is why create transient scope fails the way it did, and whether systemd from bionic even works properly on a host with unified hierarchy.

Revision history for this message
Nick Rosbrook (enr0n) wrote :

Is this still an issue? I tried running a bionic LXD container from a Lunar host, and in the container I was able to run the snap without issues.

Changed in systemd (Ubuntu):
status: New → Incomplete
Michael Vogt (mvo)
affects: snappy → snapd
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'm seeing this problem with a few snaps on a bionic lxd, where lunar is the host:

classic snaps:
$ git ubuntu merge --help
internal error, please report: running "git-ubuntu" failed: transient scope could not be started, job /org/freedesktop/systemd1/job/29 finished with result failed

$ kubectl
internal error, please report: running "kubectl" failed: transient scope could not be started, job /org/freedesktop/systemd1/job/32 finished with result failed

Non-classic:
$ ustriage
internal error, please report: running "ustriage" failed: transient scope could not be started, job /org/freedesktop/systemd1/job/35 finished with result failed

Nick Rosbrook (enr0n)
Changed in systemd (Ubuntu):
status: Incomplete → Invalid
Changed in systemd (Ubuntu Bionic):
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.