Your message dated Thu, 04 Apr 2019 21:47:16 +0000
with message-id <[email protected]>
and subject line Bug#917122: fixed in systemd 232-25+deb9u10
has caused the Debian Bug report #917122,
regarding systemd can not start without name_to_handle_at option
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
917122: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917122
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 232-25+deb9u6
Running Debian Stretch in docker container results in
Failed to determine whether /sys is a mount point: Operation not permitted
Failed to determine whether /proc is a mount point: Operation not permitted
Failed to determine whether /dev is a mount point: Operation not permitted
Failed to determine whether /dev/shm is a mount point: Operation not
permitted
Failed to determine whether /run is a mount point: Operation not permitted
Failed to determine whether /run/lock is a mount point: Operation not
permitted
Failed to determine whether /sys/fs/cgroup is a mount point: Operation not
permitted
Failed to determine whether /sys/fs/cgroup/systemd is a mount point:
Operation not permitted
[!!!!!!] Failed to mount API filesystems, freezing.
Freezing execution.
unless "name_to_handle_at" is whitelisted in default docker seccomp profile
which can be found here
https://github.com/moby/moby/blob/master/profiles/seccomp/default.json
Docker limits this system call be default. However RedHat image is running
correctly which means that they have back ported a patch for systemd from
upstream which resolves this problem on systemd side. Can you please do the
same?
The command I run
docker run -ti \
--mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup \
--mount type=bind,source=/sys/fs/fuse,target=/sys/fs/fuse \
--mount type=tmpfs,destination=/run \
--mount type=tmpfs,destination=/run/lock \
-e container=docker debian:stretch-slim
Vladimir
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 232-25+deb9u10
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 10 Mar 2019 15:52:46 +0100
Source: systemd
Architecture: source
Version: 232-25+deb9u10
Distribution: stretch
Urgency: medium
Maintainer: Debian systemd Maintainers
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 912005 916880 917122 918400
Changes:
systemd (232-25+deb9u10) stretch; urgency=medium
.
* journald: fix assertion failure on journal_file_link_data (Closes: #916880)
* tmpfiles: fix "e" to support shell style globs (Closes: #918400)
* mount-util: accept that name_to_handle_at() might fail with EPERM.
Container managers frequently block name_to_handle_at(), returning
EACCES or EPERM when this is issued. Accept that, and simply fall back
to fdinfo-based checks. (Closes: #917122)
* automount: ack automount requests even when already mounted.
Fixes a race condition in systemd which could result in automount requests
not being serviced and processes using them to hang, causing denial of
service. (CVE-2018-1049)
* core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
Fixes improper serialization on upgrade which can influence systemd
execution environment and lead to root privilege escalation.
(CVE-2018-15686, Closes: #912005)
Checksums-Sha1:
0d2b66bca4f77fe241a6a86dbb5937c62309a331 4801 systemd_232-25+deb9u10.dsc
75c8368b5743fceb3796d536d5cac6757a3365c0 221104
systemd_232-25+deb9u10.debian.tar.xz
423d25f95a764e175ed41459c9ed328020ea2779 9365
systemd_232-25+deb9u10_source.buildinfo
Checksums-Sha256:
5c91567d1243df91e12b52b7f5ce1dac203f4fea3eedd448e6eae2e014fe8667 4801
systemd_232-25+deb9u10.dsc
1f815ab415a62ab504084c2166f67e1b5623341ebda8dfe313146eff453df131 221104
systemd_232-25+deb9u10.debian.tar.xz
c4167523d962f2591538fbf61e8bf9882182e1c43c4d0cff6cd4cd600b7a4639 9365
systemd_232-25+deb9u10_source.buildinfo
Files:
0a3b3ce1e373a23731d5046b96f6f5c2 4801 admin optional systemd_232-25+deb9u10.dsc
e1c3daf27ee3130b52599c9e1323809d 221104 admin optional
systemd_232-25+deb9u10.debian.tar.xz
6de8b6d7e1341d79ec4dc1d0db6ff4e6 9365 admin optional
systemd_232-25+deb9u10_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlyjx60ACgkQauHfDWCP
ItyOUA//TDjV84lrFKjQJhZngh3E1f98hPovRhBdoSRO7i7Dgs3XU27nmw/H/B0x
//JNoF5zZlHjwKwdDHmaHD5Y4gZJePz/m39cnXixBrQrVxyCPxXfmeT3C6DaH/gd
rhfakKfyjUR7mQAUecnyKdX/xjKg/HOdVj7Xu/KUgwVUHVJwrjI8YWOsfAVS3Xjk
QIxkBox36DVqPYcpsZVFL2eyIj/9Kzvhco4RJaRQvQQGCg7bO+5X5XlYp7A9yOC9
BUcDGTzCV2KagxkwjnZb1LABdcucbiIKE9yE/6avvbsTghLJIu3n1UahELBFW/kh
6iMKIN+p2DfRL3juDs7f4iuxP3FhIjgjJvauNX7SYR3EoZWtM6OFUZu99g+Pq2Ko
nRsVdt8lVhBF5NSOKfi7uRwqyfMR+Ffo8nOOWAzbbFIlEsfOuGD9DIR9wV4bD0jD
YhE//1smZU26jmAIy3X63s3fh5+W52k08bJqT24Dk9UjMBQWsHNk8UYDccKLgxmi
MdU+9bO18+tuFTAy56HMwKBrYrKfdIiaKMJzoyC64rB7HvZKa5l6dcmtU0IK9WIr
chffgYVO9IAp6Lo0T0QwGVMLtYYNlN3AeOQA48b7tzJ/BAjJwRZ3GnEb6QYPsz/K
ARS/3KakZOQNmXM3yE/QiyMH0w2htm7YsJo6N4dVF1CAQ3AuZHY=
=0oeB
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-systemd-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
