On 13 October 2016 at 13:14, Christian Hofstaedtler <z...@debian.org> wrote: > * Felipe Sateler <fsate...@debian.org> [161013 17:39]: >> > systemd-sysctl.service does not start in LXC containters, as they >> > have /proc/sys R/O. *BUT* /proc/sys/net is R/W. > >> 1. Have systemd-sysctl lose the ConditionPathIsReadWrite, and >> systemd-sysctl itself should check which prefixes are writable. > > Or, for now, it could just fail for sysctls that are not writable. > Benefits: Similar to what the old sysctl tool would be doing. Also > very clear failure mode for these. (Ignoring them would be silent > failure...)
So, warning messages would appear. > >> 2. Have lxc (or the template) ship a new systemd-sysctl-net.service, >> that includes the new ExecStart and an updated >> ConditionPathIsReadWrite >> >> Option 2 looks like something that has a chance of being fixed in >> jessie, although by the LXC folks. Option 1 may be addressed upstream, >> but I don't think this fits backporting material. > > I don't massively care about this in jessie; we already have a > workaround for it. But it'd be nice to get this fixed for stretch. > > Having a fix in LXC sounds wrong to me - everything that depends on > template creations scripts has a high chance of failing. (A ton of > users do not run those creation scripts in the first place, but get > their templates from elsewhere, sometimes plain debootstrap.) OK, I have looked it up, and the Condition is introduced in commit f2a46f8da5, with message: units: run sysctl stuff only when /proc/sys is actually writable, to quieten container boots a little Could you file this upstream? I'm not sure we want to deviate from upstream here... -- Saludos, Felipe Sateler