[Touch-packages] [Bug 2046495] Re: test-execute fails in LXD with failure in exec-privatenetwork-yes-privatemounts-yes.service
This bug was fixed in the package systemd - 255.2-3ubuntu2 --- systemd (255.2-3ubuntu2) noble; urgency=medium * test: skip test_exec_networknamespacepath if netns setup fails (LP: #2046498) Files: - debian/patches/lp2046498-test-skip-test_exec_networknamespacepath-if-netns-setup-f.patch - debian/patches/test-skip-failing-test-execute-tests-in-LXC.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=de1fcf756e47858f4a206db97434bce4a71384d0 * test: skip TEST-43-PRIVATEUSER-UNPRIV if unprivileged userns is restricted File: debian/patches/test-skip-TEST-43-PRIVATEUSER-UNPRIV-if-unprivileged-user.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2aba69874c83289c43d199ca360aa2fc451486a7 * Drop debian/UBUNTU-src-test-test-execute.c-Skip-parts-of-test-execute-in-con.patch. This will be re-addressed with a different patch. File: debian/patches/debian/UBUNTU-src-test-test-execute.c-Skip-parts-of-test-execute-in-con.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c3cd814e028364fe0c641d4bacfce22aafd1b572 * Drop test-skip-failing-test-execute-tests-in-LXC.patch. This will be re-addressed with different patches. File: debian/patches/test-skip-failing-test-execute-tests-in-LXC.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ab853707f4cc3e7e2d5993ff38998c3c2c789f62 * test: temporarily skip credentials tests in LXC. This was already skipped in another patch, but now that we know what's going on with it, split it out. File: debian/patches/test-temporarily-skip-credentials-tests-in-LXC.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c71acb411d315267fe811f024cdab97e032453f3 * test: skip test-execute in arhmf LXC containers File: debian/patches/test-skip-test-execute-in-arhmf-LXC-containers.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1cb1e3060822bfadddead564e779942e73e02f62 * test: skip exec-privatenetwork-yes-privatemounts-yes.service in LXC (LP: #2046495) File: debian/patches/test-skip-exec-privatenetwork-yes-privatemounts-yes.servi.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3ab76fd2db4291ee0531a07085c72cee06cb0d12 * test: skip a systemd-run test if unprivileged userns is restricted File: debian/patches/test-skip-a-systemd-run-test-if-unprivileged-userns-is-re.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c85f2b4e32ee8fd1c0dc58d23e7fabdb7590d3cc * test-execute: skip tests that are broken without unprivileged userns File: debian/patches/test-execute-skip-tests-that-are-broken-without-unprivile.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7a6573c4f5133a7fec11fb059dd215f7c8c2204e -- Nick Rosbrook Wed, 24 Jan 2024 14:53:46 -0500 ** Changed in: systemd (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046495 Title: test-execute fails in LXD with failure in exec-privatenetwork-yes- privatemounts-yes.service Status in systemd package in Ubuntu: Fix Released Bug description: This is in v255. This log snippet is taken from a local autopkgtest build: exec-privatenetwork-yes-privatemounts-yes.service: Will spawn child (service_enter_start): /bin/sh exec-privatenetwork-yes-privatemounts-yes.service: Failed to set 'trusted.invocation_id' xattr on control group /system.slice/test-execute-48e27182b3724b7.scope/99d288e6f11f869e/system.slice/exec-privatenetwork-yes-privatemounts-yes.service, ignoring: Operation not permitted exec-privatenetwork-yes-privatemounts-yes.service: Failed to remove 'trusted.delegate' xattr flag on control group /system.slice/test-execute-48e27182b3724b7.scope/99d288e6f11f869e/system.slice/exec-privatenetwork-yes-privatemounts-yes.service, ignoring: Operation not permitted exec-privatenetwork-yes-privatemounts-yes.service: Failed to remove 'trusted.survive_final_kill_signal' xattr flag on control group /system.slice/test-execute-48e27182b3724b7.scope/99d288e6f11f869e/system.slice/exec-privatenetwork-yes-privatemounts-yes.service, ignoring: Operation not permitted exec-privatenetwork-yes-privatemounts-yes.service: Passing 0 fds to service exec-privatenetwork-yes-privatemounts-yes.service: About to execute: /bin/sh -x -c "! ip link show dummy-test-exec" Serializing sd-executor-state to memfd. exec-privatenetwork-yes-privatemounts-yes.service: Forked /bin/sh as 5092 Closing set fd 21 (socket:[116840]) Closing set fd 19 (socket:[113527]) Closing set fd 20 (socket:[116839]) exec-privatenetwork-yes-privatemounts-yes.service: Changed dead ->
[Touch-packages] [Bug 2046495] Re: test-execute fails in LXD with failure in exec-privatenetwork-yes-privatemounts-yes.service
I think this test will just need to remain skipped. Since systemd gets -EPERM when trying to mount the private sysfs, it just takes some fallback code and re-uses the existing sysfs, which means that dummy- test-exec will still be accessible through sysfs. I can't currently think of a good way to generalize a patch for upstream, so we will probably just keep this in Ubuntu only. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046495 Title: test-execute fails in LXD with failure in exec-privatenetwork-yes- privatemounts-yes.service Status in systemd package in Ubuntu: New Bug description: This is in v255. This log snippet is taken from a local autopkgtest build: exec-privatenetwork-yes-privatemounts-yes.service: Will spawn child (service_enter_start): /bin/sh exec-privatenetwork-yes-privatemounts-yes.service: Failed to set 'trusted.invocation_id' xattr on control group /system.slice/test-execute-48e27182b3724b7.scope/99d288e6f11f869e/system.slice/exec-privatenetwork-yes-privatemounts-yes.service, ignoring: Operation not permitted exec-privatenetwork-yes-privatemounts-yes.service: Failed to remove 'trusted.delegate' xattr flag on control group /system.slice/test-execute-48e27182b3724b7.scope/99d288e6f11f869e/system.slice/exec-privatenetwork-yes-privatemounts-yes.service, ignoring: Operation not permitted exec-privatenetwork-yes-privatemounts-yes.service: Failed to remove 'trusted.survive_final_kill_signal' xattr flag on control group /system.slice/test-execute-48e27182b3724b7.scope/99d288e6f11f869e/system.slice/exec-privatenetwork-yes-privatemounts-yes.service, ignoring: Operation not permitted exec-privatenetwork-yes-privatemounts-yes.service: Passing 0 fds to service exec-privatenetwork-yes-privatemounts-yes.service: About to execute: /bin/sh -x -c "! ip link show dummy-test-exec" Serializing sd-executor-state to memfd. exec-privatenetwork-yes-privatemounts-yes.service: Forked /bin/sh as 5092 Closing set fd 21 (socket:[116840]) Closing set fd 19 (socket:[113527]) Closing set fd 20 (socket:[116839]) exec-privatenetwork-yes-privatemounts-yes.service: Changed dead -> start Received SIGCHLD from PID 5092 (sh). Child 5092 (sh) died (code=exited, status=0/SUCCESS) exec-privatenetwork-yes-privatemounts-yes.service: Child 5092 belongs to exec-privatenetwork-yes-privatemounts-yes.service. exec-privatenetwork-yes-privatemounts-yes.service: Main process exited, code=exited, status=0/SUCCESS (success) exec-privatenetwork-yes-privatemounts-yes.service: Running next main command for state start. exec-privatenetwork-yes-privatemounts-yes.service: Will spawn child (service_run_next_main): /bin/sh exec-privatenetwork-yes-privatemounts-yes.service: Passing 0 fds to service exec-privatenetwork-yes-privatemounts-yes.service: About to execute: /bin/sh -x -c "test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec" Serializing sd-executor-state to memfd. exec-privatenetwork-yes-privatemounts-yes.service: Forked /bin/sh as 5094 Closing set fd 21 (socket:[116840]) Closing set fd 19 (socket:[113527]) Closing set fd 20 (socket:[116839]) Received SIGCHLD from PID 5094 (sh). Child 5094 (sh) died (code=exited, status=0/SUCCESS) exec-privatenetwork-yes-privatemounts-yes.service: Child 5094 belongs to exec-privatenetwork-yes-privatemounts-yes.service. exec-privatenetwork-yes-privatemounts-yes.service: Main process exited, code=exited, status=0/SUCCESS (success) exec-privatenetwork-yes-privatemounts-yes.service: Running next main command for state start. exec-privatenetwork-yes-privatemounts-yes.service: Will spawn child (service_run_next_main): /bin/sh exec-privatenetwork-yes-privatemounts-yes.service: Passing 0 fds to service exec-privatenetwork-yes-privatemounts-yes.service: About to execute: /bin/sh -x -c "test ! -e /sys/class/net/dummy-test-exec" Serializing sd-executor-state to memfd. exec-privatenetwork-yes-privatemounts-yes.service: Forked /bin/sh as 5095 Closing set fd 21 (socket:[116840]) Closing set fd 19 (socket:[113527]) Closing set fd 20 (socket:[116839]) exec-privatenetwork-yes-privatemounts-yes.service: Control group is empty. Received SIGCHLD from PID 5095 (sh). Child 5095 (sh) died (code=exited, status=1/FAILURE) exec-privatenetwork-yes-privatemounts-yes.service: Child 5095 belongs to exec-privatenetwork-yes-privatemounts-yes.service. exec-privatenetwork-yes-privatemounts-yes.service: Main process exited, code=exited, status=1/FAILURE exec-privatenetwork-yes-privatemounts-yes.service: Failed with result 'exit-code'. exec-privatenetwork-yes-privatemounts-yes.service: Service will not restart (restart setting) exec-privatenetwork-yes-privatemounts-yes.service: Changed start -> failed exec-privatenetwork-yes-privatemounts-yes.service: Unit entered failed state.
[Touch-packages] [Bug 2046495] Re: test-execute fails in LXD with failure in exec-privatenetwork-yes-privatemounts-yes.service
The problem here is that the AppArmor policy prevents the private mount namespace from being setup, but systemd continues on after: Jan 04 21:10:39 noble (sh)[565]: Applying namespace mount on /run/systemd/mount-rootfs/sys Jan 04 21:10:39 noble (sh)[565]: Mounting sysfs (sysfs) on /run/systemd/namespace-SO6qp6 (MS_NOSUID|MS_NODEV|MS_NOEXEC "")... Jan 04 21:10:39 noble (sh)[565]: Failed to mount sysfs (type sysfs) on /run/systemd/namespace-SO6qp6 (MS_NOSUID|MS_NODEV|MS_NOEXEC ""): Permission denied Jan 04 21:10:39 noble sh[565]: + test ! -e /sys/class/net/dummy-test-exec So the test fails, because a private sysfs was not mounted. NB the above snippet is take from debug level logs when running this test manually in a LXD container. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046495 Title: test-execute fails in LXD with failure in exec-privatenetwork-yes- privatemounts-yes.service Status in systemd package in Ubuntu: New Bug description: This is in v255. This log snippet is taken from a local autopkgtest build: exec-privatenetwork-yes-privatemounts-yes.service: Will spawn child (service_enter_start): /bin/sh exec-privatenetwork-yes-privatemounts-yes.service: Failed to set 'trusted.invocation_id' xattr on control group /system.slice/test-execute-48e27182b3724b7.scope/99d288e6f11f869e/system.slice/exec-privatenetwork-yes-privatemounts-yes.service, ignoring: Operation not permitted exec-privatenetwork-yes-privatemounts-yes.service: Failed to remove 'trusted.delegate' xattr flag on control group /system.slice/test-execute-48e27182b3724b7.scope/99d288e6f11f869e/system.slice/exec-privatenetwork-yes-privatemounts-yes.service, ignoring: Operation not permitted exec-privatenetwork-yes-privatemounts-yes.service: Failed to remove 'trusted.survive_final_kill_signal' xattr flag on control group /system.slice/test-execute-48e27182b3724b7.scope/99d288e6f11f869e/system.slice/exec-privatenetwork-yes-privatemounts-yes.service, ignoring: Operation not permitted exec-privatenetwork-yes-privatemounts-yes.service: Passing 0 fds to service exec-privatenetwork-yes-privatemounts-yes.service: About to execute: /bin/sh -x -c "! ip link show dummy-test-exec" Serializing sd-executor-state to memfd. exec-privatenetwork-yes-privatemounts-yes.service: Forked /bin/sh as 5092 Closing set fd 21 (socket:[116840]) Closing set fd 19 (socket:[113527]) Closing set fd 20 (socket:[116839]) exec-privatenetwork-yes-privatemounts-yes.service: Changed dead -> start Received SIGCHLD from PID 5092 (sh). Child 5092 (sh) died (code=exited, status=0/SUCCESS) exec-privatenetwork-yes-privatemounts-yes.service: Child 5092 belongs to exec-privatenetwork-yes-privatemounts-yes.service. exec-privatenetwork-yes-privatemounts-yes.service: Main process exited, code=exited, status=0/SUCCESS (success) exec-privatenetwork-yes-privatemounts-yes.service: Running next main command for state start. exec-privatenetwork-yes-privatemounts-yes.service: Will spawn child (service_run_next_main): /bin/sh exec-privatenetwork-yes-privatemounts-yes.service: Passing 0 fds to service exec-privatenetwork-yes-privatemounts-yes.service: About to execute: /bin/sh -x -c "test ! -e /proc/sys/net/ipv4/conf/dummy-test-exec" Serializing sd-executor-state to memfd. exec-privatenetwork-yes-privatemounts-yes.service: Forked /bin/sh as 5094 Closing set fd 21 (socket:[116840]) Closing set fd 19 (socket:[113527]) Closing set fd 20 (socket:[116839]) Received SIGCHLD from PID 5094 (sh). Child 5094 (sh) died (code=exited, status=0/SUCCESS) exec-privatenetwork-yes-privatemounts-yes.service: Child 5094 belongs to exec-privatenetwork-yes-privatemounts-yes.service. exec-privatenetwork-yes-privatemounts-yes.service: Main process exited, code=exited, status=0/SUCCESS (success) exec-privatenetwork-yes-privatemounts-yes.service: Running next main command for state start. exec-privatenetwork-yes-privatemounts-yes.service: Will spawn child (service_run_next_main): /bin/sh exec-privatenetwork-yes-privatemounts-yes.service: Passing 0 fds to service exec-privatenetwork-yes-privatemounts-yes.service: About to execute: /bin/sh -x -c "test ! -e /sys/class/net/dummy-test-exec" Serializing sd-executor-state to memfd. exec-privatenetwork-yes-privatemounts-yes.service: Forked /bin/sh as 5095 Closing set fd 21 (socket:[116840]) Closing set fd 19 (socket:[113527]) Closing set fd 20 (socket:[116839]) exec-privatenetwork-yes-privatemounts-yes.service: Control group is empty. Received SIGCHLD from PID 5095 (sh). Child 5095 (sh) died (code=exited, status=1/FAILURE) exec-privatenetwork-yes-privatemounts-yes.service: Child 5095 belongs to exec-privatenetwork-yes-privatemounts-yes.service. exec-privatenetwork-yes-privatemounts-yes.service: Main process exited, code=exited,