Bug 1807462

Summary: Running systemd in container results in failing systemd-boot-system-token.service
Product: [Fedora] Fedora Reporter: Jan Pazdziora (Red Hat) <jpazdziora>
Component: systemdAssignee: systemd-maint
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 32CC: lnykryn, msekleta, ssahani, s, systemd-maint, zbyszek
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: systemd-245.2-1.fc32 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-01 18:26:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Pazdziora (Red Hat) 2020-02-26 12:15:08 UTC 
Description of problem:

When running /usr/sbin/init in container, systemd-boot-system-token.service reports fatal errors.

Version-Release number of selected component (if applicable):

systemd-245~rc1-3.fc33.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. podman run --rm -ti --systemd=true registry.fedoraproject.org/fedora:rawhide /usr/sbin/init

Actual results:

systemd v245~rc1-3.fc33 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified)
Detected virtualization container-other.
Detected architecture x86-64.

Welcome to Fedora 33 (Container Image)!

Set hostname to <522ca84a661f>.
Initializing machine ID from random generator.
initrd-root-fs.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
/usr/lib/systemd/system/systemd-boot-system-token.service:21: Executable "bootctl" not found in path "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
systemd-boot-system-token.service: Unit configuration has fatal error, unit will not be started.
local-fs.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
systemd-boot-system-token.service: Cannot add dependency job, ignoring: Unit systemd-boot-system-token.service has a bad unit file setting.
[  OK  ] Started Dispatch Password …ts to Console Directory Watch.
[  OK  ] Started Forward Password R…uests to Wall Directory Watch.
[  OK  ] Reached target Local File Systems.
[  OK  ] Reached target Paths.
[  OK  ] Reached target Remote File Systems.
[...]

Expected results:

With Fedora 31 container, the result is

systemd v243.7-1.fc31 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified)
Detected virtualization container-other.
Detected architecture x86-64.

Welcome to Fedora 31 (Container Image)!

Set hostname to <4b20d8f80ff8>.
Initializing machine ID from random generator.
[  OK  ] Started Dispatch Password …ts to Console Directory Watch.
[  OK  ] Started Forward Password R…uests to Wall Directory Watch.
[  OK  ] Reached target Local File Systems.
[  OK  ] Reached target Paths.
[  OK  ] Reached target Remote File Systems.
[...]

Additional info:

In Fedora rawhide container, systemctl status systemd-boot-system-token.service shows

● systemd-boot-system-token.service - Store a System Token in an EFI Variable
     Loaded: bad-setting (Reason: Unit systemd-boot-system-token.serv
ice has a bad unit file setting.)
     Active: inactive (dead)
       Docs: man:systemd-boot-system-token.service(8)

In Fedora 31 container, it shows

● systemd-boot-system-token.service - Store a System Token in an EFI Variable
   Loaded: loaded (/usr/lib/systemd/system/systemd-boot-system-token.service; st
atic; vendor preset: disabled)
   Active: inactive (dead)
Condition: start condition failed at Wed 2020-02-26 12:07:56 UT
C; 6min ago
           └─ ConditionPathExists=/sys/firmware/efi/efivars/LoaderFeatures-4a67b
082-0a4c-41cf-b6c7-440b29bb8c4f was not met
     Docs: man:systemd-boot-system-token.service(8)
Comment 1 Zbigniew Jędrzejewski-Szmek 2020-02-28 12:36:35 UTC 
systemd-boot-system-token.service belongs in systemd-udev.rpm. It is useless in containers.
Comment 2 Zbigniew Jędrzejewski-Szmek 2020-03-03 13:21:15 UTC 
Fixed in rawhide now.
Comment 3 Fedora Update System 2020-03-18 21:18:41 UTC 
FEDORA-2020-645de57f2e has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-645de57f2e
Comment 4 Fedora Update System 2020-03-19 02:26:32 UTC 
systemd-245.2-1.fc32 has been pushed to the Fedora 32 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-645de57f2e
Comment 5 Fedora Update System 2020-03-23 20:24:53 UTC 
FEDORA-2020-645de57f2e has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Zbigniew Jędrzejewski-Szmek 2020-04-01 18:26:29 UTC 
For some reason, bodhi didn't close this bug.