Package: e2fsprogs Version: 1.45.0-1 In a standard sid LXC container, this unit fails:
| ● e2scrub_reap.service - Remove Stale Online ext4 Metadata Check Snapshots | Loaded: loaded (/lib/systemd/system/e2scrub_reap.service; enabled; vendor preset: enabled) | Active: failed (Result: exit-code) since Sun 2019-03-31 20:31:21 UTC; 5min ago | Docs: man:e2scrub_all(8) | Main PID: 61 (code=exited, status=218/CAPABILITIES) | | Mar 31 20:31:21 sid-amd64 systemd[1]: Starting Remove Stale Online ext4 Metadata Check Snapshots... | Mar 31 20:31:21 sid-amd64 systemd[61]: e2scrub_reap.service: Failed to apply ambient capabilities (before UID change): Operation not permitted | Mar 31 20:31:21 sid-amd64 systemd[61]: e2scrub_reap.service: Failed at step CAPABILITIES spawning /sbin/e2scrub_all: Operation not permitted | Mar 31 20:31:21 sid-amd64 systemd[1]: e2scrub_reap.service: Main process exited, code=exited, status=218/CAPABILITIES | Mar 31 20:31:21 sid-amd64 systemd[1]: e2scrub_reap.service: Failed with result 'exit-code'. | Mar 31 20:31:21 sid-amd64 systemd[1]: Failed to start Remove Stale Online ext4 Metadata Check Snapshots. This is due to `AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO`, and containers usually don't (and really should't) have RAWIO. Also, this unit seems fairly useless in containers anyway, as these only run on already mounted file systems. Can you please consider adding [Unit] ConditionVirtualization=!container to the unit, to avoid this failure and noise? Thank you! Martin
