On Fri, Jul 26, 2024 at 12:20 PM Robie Basak <robie.basak@ubuntu.com> wrote:
>
> On Wed, Jul 24, 2024 at 09:06:13AM -0400, Nick Rosbrook wrote:
> > On Wed, Jul 24, 2024 at 8:18 AM Robie Basak <robie.basak@ubuntu.com> wrote:
> > > There seems to be a second issue between systemd and lxd which
> > > security.nesting=true doesn't seem to fix:
> > >
> > > https://github.com/canonical/lxd/issues/13807
> >
> > I cannot reproduce this with Oracular or Jammy containers running on a
> > Noble host. [1] However, also note that my containers are using ext4
> > for the rootfs. Are you using ZFS? If so, this sounds similar to [2],
> > but we uploaded a workaround in systemd-sysusers for Noble (and it's
> > present in upstream >= v256) and I thought the kernel got fixed, too.
>
> Thanks! A newer kernel is what I needed. IIUC, systemd 255.4-1ubuntu8 is
> supposed to handle an older kernel with this issue though, and it
> doesn't seem to? So I'm not sure if it's the same bug or not.
>
> > > I've just heard that Oracular Raspi pre-install images have been broken
> > > for a week for what appears to be the same reason.
> >
> > Is there a bug you can share? I have not seen details of this yet.
>
> The failures are here:
> https://launchpad.net/~ubuntu-cdimage/+livefs/ubuntu/oracular/ubuntu-preinstalled
>
> > > What do you think about kicking this systemd update back to
> > > oracular-proposed until it is resolved properly, and/or uploading a
> > > revert?
> >
> > I don't see sufficient evidence that this would help the situation.
> > But then again, I am confused about the details of this bug on
> > Oracular vs Jammy because your LXD issue is about Jammy, and I have
> > not seen any details for the Oracular Raspi issue.
>
> Sorry - I was looking at multiple lxd issues in the same week and I
> conflated them. This one was for a Noble host running a Jammy container
> and you're right to question that it has nothing to do with Oracular.
>
> I was surprised to see the security.nesting=true workaround going in to
> samba in LP: #2046486 though. That, together with developers having to
My understanding is that workaround is temporary. Am I mistaken?
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
