Description of problem: Since update of my PC to fedora 35, when I login to my PC via ssh or directly on a getty console, a simple command, e.g. systemd-run --scope --user ls return with the error: Job failed. See "journalctl -xe" for details. Nov 10 16:33:59 hostname systemd[198]: run-r6bdcfd10d55c4c78a19afbb516c04170.scope: No PIDs left to attach to the scope's control group, refusi> Nov 10 16:33:59 hostname systemd[198]: run-r6bdcfd10d55c4c78a19afbb516c04170.scope: Failed with result 'resources'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit UNIT has entered the 'failed' state with result 'resources'. Nov 10 16:33:59 container-lehfeld-f35-ci-rack2-1 systemd[198]: Failed to start /usr/bin/ls. ░░ Subject: A start job for unit UNIT has failed ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit UNIT has finished with a failure. ░░ ░░ The job identifier is 104 and the job result is failed. Version-Release number of selected component (if applicable): systemd-249.6-2.fc35.x86_64 How reproducible: In order to easier reproduce the problem, I used the ls command as an example. Steps to Reproduce: 1. ssh localhost 2. systemd-run --user --scope ls 3. Actual results: Job failed. See "journalctl -xe" for details. Expected results: ls is getting executed and shows the content of the current folder. This used to work with fedora 34 on ssh and getty logins Additional info: According to my tests, this was still working on the pre-release of Fedora 35 when testing the same scenario on the 25th of october.
One additional comment. When using gdm login, it works as expected. So something is not as expected with the user session for ssh and gettys I guess.
Looks like I have the same issue after update to systemd-249.6-2.fc35.x86_64, 249.4-2.fc35 works fine (in my case it's not ssh, but a sway graphical session). Please check if it works for you after `dnf install systemd-249.4-2.fc35.x86_64` & reboot, I'll fill a separate bugreport if it's not the same.
Offendind commit/PR, I guess: https://github.com/systemd/systemd-stable/commit/7ecb1b82d9b55a081d81b2802695fd21293ce029 https://github.com/systemd/systemd/pull/21163
@ojab I just tested with the proposed version and problem disappeared. Thus it indeed looks like it is the very same problem.
This bug prevents runc to run rootless containers when systemd cgroup manager is used (https://github.com/opencontainers/runc/issues/3266). Since the fix (https://github.com/systemd/systemd/pull/21298) was just merged upstream, it makes sense to update systemd in Fedora to fix this rather critical bug.
I have also tested the fix myself yesterday by rebuilding systemd-249.6-4 fc35 rpm with the same patch as in https://github.com/systemd/systemd/pull/21298, and it fixed the issue.
Created attachment 1841294 [details] Fix scope activation from a user instance Here's the fix.
Like @ retweet https://github.com/systemd/systemd-stable/pull/142 Without openssl-3.0 fixes it would fail on rawhide and `creds-util: switch to OpenSSL 3.0 APIs` commit couldn't be applied cleanly to the `-stable`, so no PR to systemd.spec because dunno how it should be handled there.
I'm not quite sure how to propose package updates, so I have created PRs: - rawhide: https://src.fedoraproject.org/rpms/systemd/pull-request/65 - f35: https://src.fedoraproject.org/rpms/systemd/pull-request/66
FEDORA-2021-a77b44ab13 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-a77b44ab13
FEDORA-2021-a77b44ab13 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-a77b44ab13` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-a77b44ab13 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Many thanks for the update. I tested the rpm in testing and it is working for me.
FEDORA-2021-a77b44ab13 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.