However, lxd seems to deal with /sys/kernel/debug itself by mounting it unconditionally, irrespective of what systemd would do.
This was tested by running `systemctl mask sys-kernel-debug.mount` in a container and seeing /sys/kernel/debug being mounted nevertheless. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1912855 Title: debugfs shouldn't be mounted by default Status in systemd package in Ubuntu: New Bug description: On modern Ubuntu systems, /sys/kernel/debug is mounted by default due to sys-kernel-debug.mount being enabled by default. AFAIK, this FS doesn't need to be mounted for normal operations and back in the day, there were concerns about the security implications of having it enabled/mounted by default (https://lists.ubuntu.com/archives/kernel- team/2011-January/013418.html). Would it be possible to not have it mounted by default? $ apt-cache policy systemd systemd: Installed: 245.4-4ubuntu3.4 Candidate: 245.4-4ubuntu3.4 Version table: *** 245.4-4ubuntu3.4 500 500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 100 /var/lib/dpkg/status 245.4-4ubuntu3 500 500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages $ lsb_release -rd Description: Ubuntu 20.04.1 LTS Release: 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1912855/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
