I've attempted to prepare naive SRUs and it doesn't get me far yet. The issue is that unified cgroups2 support in xenial's systemd is rudimental, and falls apart very quickly with none of the xenial userspace expecting or able to work correctly with unified cgroups2 setup.
I fear that it will not be practical to SRU systemd into xenial to resolve this. And users on Jammy that need to launch xenial containers should continue to switch their systems to hybrid cgroups setup by using `systemd.unified_cgroup_hierarchy=false` kernel command line option on their hosts. ** Summary changed: - xenial systemd fails to start if cgroup2 is mounted + xenial systemd fails to start if unified-only (non-hybrid) cgroup2 is mounted on jammy hosts ** Description changed: [impact] now that jammy has moved to using unified cgroup2, containers started on jammy must also use unified cgroup2 (since the cgroup subsystems can only be mounted as v1 or v2 throughout the entire system, including inside containers). However, the systemd in xenial does not include support for cgroup2, and doesn't recognize its magic (added in upstream commit 099619957a0), so it fails to start completely. [workaround] On Jammy host edit default kernel command line to include systemd.unified_cgroup_hierarchy=false update your bootloader configuration; and reboot then hybrid cgroups will be on the host, and one can launch xenial container then. [test case] create a jammy system, that has unified cgroup2 mounted. Then: $ lxc launch ubuntu:xenial test-x ... $ lxc shell test-x (inside xenial container): $ mv /sbin/init /sbin/init.old $ cat > /sbin/init <<EOF #!/bin/bash sleep 2 exec /lib/systemd/systemd --log-level=debug --log-target=console EOF $ chmod 755 /sbin/init $ exit (back in jammy host system): $ lxc stop test-x -f $ lxc start --console test-x To detach from the console, press: <ctrl>+a q Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted [!!!!!!] Failed to mount API filesystems, freezing. Freezing execution. [regression potential] any regression would likely break xenial containers from starting at all, or cause cgroup-related problems with systemd starting and/or managing services. [scope] this is needed only for xenial. However, as xenial is out of standard support, this would need to be an exception. this is fixed upstream with commit 099619957a0 (and possibly others - needs closer investigation and testing) which is first included in v230, - so this is fixed already in b and later. + so this is fixed already in b and later. However that patch alone is + insufficient, does not implement hybrid group setup, and breaks a lot of + xenial userspace expectations. this is not needed - by default - for trusty because upstart is used there; however, I think it's possible to change trusty over to use systemd instead of upstart. But since trusty is out of standard support, and it doesn't fail by default, it doesn't seem like it should be fixed. - - [backported patch] - - the backported patch adds support to mount cgroup2 (new way) in addition - to the old way (cgroup + __DEVEL_ option) and also adds a fallback to do - that when mounting cgroups1 fails (because host is already using non- - hybrid v2 cgroups). This way the default behaviour remains the same, - apart from when trying to boot xenial on latest kernels and userspace - that opts into using cgroups2-only. [other info] An alternative appears to be to change the host system back to using the 'hybrid' cgroup, however that obviously is awful and would remove the benefits of cgroup v2 from the host system, and force all containers on the host system to also use the 'hybrid' cgroup. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1962332 Title: xenial systemd fails to start if unified-only (non-hybrid) cgroup2 is mounted on jammy hosts Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Confirmed Bug description: [impact] now that jammy has moved to using unified cgroup2, containers started on jammy must also use unified cgroup2 (since the cgroup subsystems can only be mounted as v1 or v2 throughout the entire system, including inside containers). However, the systemd in xenial does not include support for cgroup2, and doesn't recognize its magic (added in upstream commit 099619957a0), so it fails to start completely. [workaround] On Jammy host edit default kernel command line to include systemd.unified_cgroup_hierarchy=false update your bootloader configuration; and reboot then hybrid cgroups will be on the host, and one can launch xenial container then. [test case] create a jammy system, that has unified cgroup2 mounted. Then: $ lxc launch ubuntu:xenial test-x ... $ lxc shell test-x (inside xenial container): $ mv /sbin/init /sbin/init.old $ cat > /sbin/init <<EOF #!/bin/bash sleep 2 exec /lib/systemd/systemd --log-level=debug --log-target=console EOF $ chmod 755 /sbin/init $ exit (back in jammy host system): $ lxc stop test-x -f $ lxc start --console test-x To detach from the console, press: <ctrl>+a q Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted [!!!!!!] Failed to mount API filesystems, freezing. Freezing execution. [regression potential] any regression would likely break xenial containers from starting at all, or cause cgroup-related problems with systemd starting and/or managing services. [scope] this is needed only for xenial. However, as xenial is out of standard support, this would need to be an exception. this is fixed upstream with commit 099619957a0 (and possibly others - needs closer investigation and testing) which is first included in v230, so this is fixed already in b and later. However that patch alone is insufficient, does not implement hybrid group setup, and breaks a lot of xenial userspace expectations. this is not needed - by default - for trusty because upstart is used there; however, I think it's possible to change trusty over to use systemd instead of upstart. But since trusty is out of standard support, and it doesn't fail by default, it doesn't seem like it should be fixed. [other info] An alternative appears to be to change the host system back to using the 'hybrid' cgroup, however that obviously is awful and would remove the benefits of cgroup v2 from the host system, and force all containers on the host system to also use the 'hybrid' cgroup. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1962332/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
