FS#68950 - [systemd] services fail to start if PrivateUsers/ProtectControlGroups are set

Attached to Project: Arch Linux
Opened by George Rawlinson (rawlinsong) - Saturday, 12 December 2020, 07:53 GMT
Last edited by Christian Heusel (gromit) - Tuesday, 05 September 2023, 17:58 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Christian Hesse (eworm)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

Services that utilise PrivateUsers=true or ProtectControlGroups=true (and possibly other sandboxing parameters) fail to start.


Additional info:
* systemd 247.1-3 (I went straight from 246.6-1 to 247.1-3, have not tested skipped packages)
* Upstream bug report: https://github.com/systemd/systemd/issues/17860
* PR that fixes bug: https://github.com/systemd/systemd/pull/17872

Steps to reproduce:

Upgrade from 246.*-* to 247.1-3
Reboot system, several services will fail to start, as shown by following systemctl output (removed successful services, for brevity):

● apcupsd.service loaded failed failed APC UPS Power Control Daemon for Linux
● grafana.service loaded failed failed Grafana service
● logrotate.service loaded failed failed Rotate log files
modprobe@drm.service loaded failed failed Load Kernel Module drm
● postgresql.service loaded failed failed PostgreSQL database server
● prometheus-blackbox-exporter.service loaded failed failed Prometheus blackbox Exporter
● prometheus.service loaded failed failed Prometheus service
● systemd-logind.service loaded failed failed User Login Management
● systemd-networkd.service loaded failed failed Network Service
● systemd-resolved.service loaded failed failed Network Name Resolution
● systemd-udev-trigger.service loaded failed failed Coldplug All udev Devices

Downgrading to 246.6-1 fixes all these problems.
This task depends upon

Closed by  Christian Heusel (gromit)
Tuesday, 05 September 2023, 17:58 GMT
Reason for closing:  No response
Additional comments about closing:  @grawlinson feel free to reopen if the bug persists
Comment by George Rawlinson (rawlinsong) - Saturday, 12 December 2020, 07:55 GMT
Argh, forgot to attach output of journalctl -eu systemd-resolved.service

First reboot = upgraded to 247.1-3
Second reboot = downgraded to 246.6-1

-- Reboot --
Dec 12 07:17:21 teardown systemd[1]: Starting Network Name Resolution...
Dec 12 07:17:21 teardown systemd[106]: systemd-resolved.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permis>
Dec 12 07:17:21 teardown systemd[106]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: Pe>
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Dec 12 07:17:21 teardown systemd[1]: Failed to start Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 1.
Dec 12 07:17:21 teardown systemd[1]: Stopped Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: Starting Network Name Resolution...
Dec 12 07:17:21 teardown systemd[109]: systemd-resolved.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permis>
Dec 12 07:17:21 teardown systemd[109]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: Pe>
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Dec 12 07:17:21 teardown systemd[1]: Failed to start Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 2.
Dec 12 07:17:21 teardown systemd[1]: Stopped Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: Starting Network Name Resolution...
Dec 12 07:17:21 teardown systemd[112]: systemd-resolved.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permis>
Dec 12 07:17:21 teardown systemd[112]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: Pe>
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Dec 12 07:17:21 teardown systemd[1]: Failed to start Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 3.
Dec 12 07:17:21 teardown systemd[1]: Stopped Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: Starting Network Name Resolution...
Dec 12 07:17:21 teardown systemd[115]: systemd-resolved.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permis>
Dec 12 07:17:21 teardown systemd[115]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: Pe>
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Dec 12 07:17:21 teardown systemd[1]: Failed to start Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 4.
Dec 12 07:17:21 teardown systemd[1]: Stopped Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: Starting Network Name Resolution...
Dec 12 07:17:21 teardown systemd[125]: systemd-resolved.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permis>
Dec 12 07:17:21 teardown systemd[125]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: Pe>
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Dec 12 07:17:21 teardown systemd[1]: Failed to start Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.
Dec 12 07:17:21 teardown systemd[1]: Stopped Network Name Resolution.
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Dec 12 07:17:21 teardown systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Dec 12 07:17:21 teardown systemd[1]: Failed to start Network Name Resolution.
-- Reboot --
Dec 12 07:18:27 teardown systemd[1]: Starting Network Name Resolution...
Dec 12 07:18:28 teardown systemd-resolved[75]: Positive Trust Anchors:
Dec 12 07:18:28 teardown systemd-resolved[75]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Dec 12 07:18:28 teardown systemd-resolved[75]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in>
Dec 12 07:18:28 teardown systemd-resolved[75]: Using system hostname 'teardown'.
Dec 12 07:18:28 teardown systemd[1]: Started Network Name Resolution.
Comment by Christian Hesse (eworm) - Wednesday, 21 April 2021, 12:06 GMT
Is this still an issue with systemd 248?
Comment by Buggy McBugFace (bugbot) - Tuesday, 08 August 2023, 19:11 GMT
This is an automated comment as this bug is open for more then 2 years. Please reply if you still experience this bug otherwise this issue will be closed after 1 month.

Loading...