Bug 1841139
Summary: | Running systemd in container results in failing systemd-logind.service | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Pazdziora <jpazdziora> |
Component: | systemd | Assignee: | systemd-maint |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 33 | CC: | fedoraproject, jpazdziora, lnykryn, msekleta, randy, ssahani, s, systemd-maint, zbyszek |
Target Milestone: | --- | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | systemd-245.5-1.fc33 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-14 14:09:26 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Pazdziora
2020-05-28 13:12:40 UTC
This is a regression in the sense that before, fedora-container-base.ks in https://pagure.io/fedora-kickstarts/ did systemctl mask systemd-remount-fs.service dev-hugepages.mount sys-fs-fuse-connections.mount systemd-logind.service getty.target console-getty.service It no longer does so, so it's really up to those units to protects themselves if they cannot run in containers, or to some presets to correctly not enable those units. This is the commit that removed these services from Fedora 32: https://pagure.io/fedora-kickstarts/c/57e13a1b8970c2e15d0c310aa871e4737781a23f?branch=f32 I filed https://pagure.io/releng/issue/9603 about this problem in stable container releases. (In reply to Jan Pazdziora from comment #1) > It no longer does so, so it's really up to those units to protects > themselves if they cannot run in containers, or to some presets to correctly > not enable those units. I don't think there's anything to fix on systemd side. systemd-logind.service works fine in containers, as long as the container environment provides adequate permissions. If there's something specific in the rootless podman container setup that prevents systemd from starting the unit, then we can work on resolving this, but this will have to be driven by the maintainers of that container env. Maybe additional privileges need to be given by the container maintainer, or maybe the container images for that environment need to provide dropins for the unit to disable some protections, or maybe some other solution is appropriate. I don't know enough about podman to resolve this. Today with registry.fedoraproject.org/fedora:rawhide = bd0f684e7cbc and systemd-246-1.fc33.x86_64 installed into the container, the bug seems no longer present. What has changed? This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle. Changing version to 33. I think this was fixed in https://github.com/systemd/systemd/commit/daf8f72b4e (v246, v245.5). |