Bug 2169063

Summary: systemd: Failed to set up mount namespacing: File exists when using StateDirectory, LogsDirectory with RootDirectory and DynamicUser=true
Product: Red Hat Enterprise Linux 9 Reporter: Ernesto Castellotti <mail>
Component: systemdAssignee: systemd-maint
Status: CLOSED ERRATA QA Contact: Frantisek Sumsal <fsumsal>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.1CC: dtardon, jamacku, mail, systemd-maint-list
Target Milestone: rcKeywords: Bugfix, TestOnly, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 08:22:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2138081    
Bug Blocks:    

Description Ernesto Castellotti 2023-02-11 14:20:31 UTC 
Description of problem:
Systemd fails to mount namespace when using RootDirectory=some_ath, DynamicUser=true and StateDirectory, LogsDirectory etc.
This issue was already reported to systemd upstream (https://github.com/systemd/systemd/issues/22264) and they made a patch to fix it (https://github.com/systemd/systemd/pull/22272), however it has not currently been backported to the systemd package used by RHEL 9.1.

Version-Release number of selected component (if applicable): 250-12.el9_1.1





Steps to Reproduce:
1. wget https://dl-cdn.alpinelinux.org/alpine/v3.17/releases/x86_64/alpine-minirootfs-3.17.2-x86_64.tar.gz -O /tmp/rootfs.tar.gz
2. mkdir /tmp/rootfs && tar xf /tmp/rootfs.tar.gz -C /tmp/rootfs
3. chcon -R -t bin_t /tmp/rootfs/bin
4. chcon -R -t lib_t /tmp/rootfs/lib
5. sudo systemctl daemon-reload
6. sudo systemctl start test
7. systemctl status test

Content of unit test.service:
[Service]
DynamicUser=true
StateDirectory=foo
RootDirectory=/tmp/rootfs
ExecStart=/bin/cat /etc/os-release





Actual results:
× test.service
     Loaded: loaded (/etc/systemd/system/test.service; static)
     Active: failed (Result: exit-code) since Sat 2023-02-11 15:10:41 CET; 2s ago
   Duration: 4ms
    Process: 3468 ExecStart=/bin/cat /etc/os-release (code=exited, status=226/NAMESPACE)
   Main PID: 3468 (code=exited, status=226/NAMESPACE)
        CPU: 3ms

feb 11 15:10:41 lpc-machine systemd[1]: Started test.service.
feb 11 15:10:41 lpc-machine systemd[3468]: test.service: Failed to set up mount namespacing: File exists
feb 11 15:10:41 lpc-machine systemd[3468]: test.service: Failed at step NAMESPACE spawning /bin/cat: File exists
feb 11 15:10:41 lpc-machine systemd[1]: test.service: Main process exited, code=exited, status=226/NAMESPACE
feb 11 15:10:41 lpc-machine systemd[1]: test.service: Failed with result 'exit-code'





Expected results:
○ test.service
     Loaded: loaded (/etc/systemd/system/test.service; static)
     Active: inactive (dead)

feb 11 15:05:19 lpc-machine cat[10778]: 
feb 11 15:06:38 lpc-machine systemd[1]: Started test.service.
feb 11 15:06:38 lpc-machine cat[10856]: NAME="Alpine Linux"
feb 11 15:06:38 lpc-machine cat[10856]: ID=alpine
feb 11 15:06:38 lpc-machine cat[10856]: VERSION_ID=3.17.2
feb 11 15:06:38 lpc-machine cat[10856]: PRETTY_NAME="Alpine Linux v3.17"
feb 11 15:06:38 lpc-machine cat[10856]: HOME_URL="https://alpinelinux.org/"
feb 11 15:06:38 lpc-machine cat[10856]: BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"
feb 11 15:06:38 lpc-machine systemd[1]: test.service: Deactivated successfully.






Additional info:
I was able to patch the systemd RPM package source used by RHEL and compile the systemd RPM package solving the issue, it would be helpful to update the RHEL 9 systemd package with the addition of the patch (https://github.com/systemd/systemd/pull/22272)
Comment 3 errata-xmlrpc 2023-05-09 08:22:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (systemd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2531