Bug#770275: marked as done (nspawn units a bit hard to get working)

[Debian Bug Tracking System]

Your message dated Fri, 28 Nov 2014 06:05:05 +0000
with message-id <e1xuefx-0008r0...@franck.debian.org>
and subject line Bug#770275: fixed in systemd 215-7
has caused the Debian Bug report #770275,
regarding nspawn units a bit hard to get working
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
770275: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770275
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: systemd
Version: 215-5+b1
Severity: normal

A few problems with using systemd-nspawn@$foo.service units on Debian:

* /var/lib/container doesn't exist, so the admin will have to make
  the directory in order to put containers where systemd expects to find
  them.

  If the admin does make the directory, they'll probably make it mode
  755 or something. But this allows local users to do eg, hard link
  farming to gather suid executables to exploit later, that would
  otherwise not be available but might be lying around in some poorly
  maintained containers.

  So, I think the debian package should create the directory with an
  appropriate locked down mode like 700. (Which works fine.)

* Once a nspawn unit is enabled and started, it will fail to run.

  This is because persistent journaling is not enabled by default,
  and the default for the service file is to use --link-journal=guest,
  which doesn't work w/o at least the journal directory existing
  (I don't know if it works when the directory exists but persistent
  journaling is otherwise disabled.

  Workaround: Edit the service file (or override the ExecStart line)
  to remove that switch after systemctl enable creates the file.

  It seems to me that --link-journal=auto would be a better value.

-- 
see shy jo

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: systemd
Source-Version: 215-7

We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 770...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Pitt <mp...@debian.org> (supplier of updated systemd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 28 Nov 2014 06:43:15 +0100
Source: systemd
Binary: systemd systemd-sysv libpam-systemd libsystemd0 libsystemd-dev 
libsystemd-login0 libsystemd-login-dev libsystemd-daemon0 libsystemd-daemon-dev 
libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 
libsystemd-id128-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb 
libgudev-1.0-0 gir1.2-gudev-1.0 libgudev-1.0-dev python3-systemd systemd-dbg
Architecture: source amd64
Version: 215-7
Distribution: unstable
Urgency: medium
Maintainer: Debian systemd Maintainers 
<pkg-systemd-maintain...@lists.alioth.debian.org>
Changed-By: Martin Pitt <mp...@debian.org>
Description:
 gir1.2-gudev-1.0 - libgudev-1.0 introspection data
 libgudev-1.0-0 - GObject-based wrapper library for libudev
 libgudev-1.0-dev - libgudev-1.0 development files
 libpam-systemd - system and service manager - PAM module
 libsystemd-daemon-dev - systemd utility library (transitional package)
 libsystemd-daemon0 - systemd utility library (deprecated)
 libsystemd-dev - systemd utility library - development files
 libsystemd-id128-0 - systemd 128 bit ID utility library (deprecated)
 libsystemd-id128-dev - systemd 128 bit ID utility library (transitional 
package)
 libsystemd-journal-dev - systemd journal utility library (transitional package)
 libsystemd-journal0 - systemd journal utility library (deprecated)
 libsystemd-login-dev - systemd login utility library (transitional package)
 libsystemd-login0 - systemd login utility library (deprecated)
 libsystemd0 - systemd utility library
 libudev-dev - libudev development files
 libudev1   - libudev shared library
 libudev1-udeb - libudev shared library (udeb)
 python3-systemd - Python 3 bindings for systemd
 systemd    - system and service manager
 systemd-dbg - system and service manager (debug symbols)
 systemd-sysv - system and service manager - SysV links
 udev       - /dev/ and hotplug management daemon
 udev-udeb  - /dev/ and hotplug management daemon (udeb)
Closes: 674755 769734 770275 771118
Changes:
 systemd (215-7) unstable; urgency=medium
 .
   [ Martin Pitt ]
   * Add myself to Uploaders.
   * Add boot-and-services autopkgtest: Check booting with systemd-sysv and
     that the most crucial services behave as expected.
   * logind autopkgtest: Fix stderr output in waiting loop for scsi_debug.
   * Add nspawn test to boot-and-services autopkgtest.
   * Make systemd-nspawn@.service work out of the box: (Closes: #770275)
     - Pre-create /var/lib/container with a secure mode (0700) via tmpfiles.d.
     - Add new try-{guest,host} modes for --link-journal to silently skip
       setting up the guest journal if the host has no persistant journal.
     - Extend boot-and-services autopkgtest to cover systemd-nspawn@.service.
   * Cherry-pick upstream patch to fix SELinux unit access check (regression
     in 215).
   * sysv-generator: Avoid wrong dependencies for failing units. Thanks to
     Michael Biebl for the patch! (Closes: #771118)
   * Cherry-pick patches to recognize and respect the "discard" mount option
     for swap devices. Thanks to Aurelien Jarno for finding and testing!
     (Closes: #769734)
 .
   [ Jon Severinsson]
   * Add /run/shm -> /dev/shm symlink in debian/tmpfiles.d/debian.conf. This
     avoids breakage in Jessie for packages which still refer to /run/shm, and
     while https://wiki.debian.org/ReleaseGoals/RunDirectory is still official.
     (LP: #1320534, Closes: #674755).
Checksums-Sha1:
 64ebf538f54ed765bcea8a68090aecc7ee6a35cb 4103 systemd_215-7.dsc
 3c3c27a3eda4b92df639f280f8c85e7944543c69 181352 systemd_215-7.debian.tar.xz
 f9217963e8a2d010ba435e687e8bd835704d3207 2532682 systemd_215-7_amd64.deb
 200affe32c5d22b10110b30eeaff801ebf766961 30196 systemd-sysv_215-7_amd64.deb
 c5f387ccfb4572802aba32cd433566c74469418e 119390 libpam-systemd_215-7_amd64.deb
 2c552b5ee8a4ba950635084ab445820c0e327cf1 83186 libsystemd0_215-7_amd64.deb
 9acc2b40d29a977384d810964f504afd48d9857c 89182 libsystemd-dev_215-7_amd64.deb
 70b468c3b2a1a48b8dc3012cd8be1cf772f4b46d 43218 
libsystemd-login0_215-7_amd64.deb
 62e63581eb230a6b29cf615ca501a13e2d3c6251 25818 
libsystemd-login-dev_215-7_amd64.deb
 b5f68a639da628270a816ae674f46428643b83d1 32422 
libsystemd-daemon0_215-7_amd64.deb
 ba57ac7b80ba25447496a33911a038b836834326 25836 
libsystemd-daemon-dev_215-7_amd64.deb
 96a1b4fb987cfcd86620b1de5e36f217f72c6167 68360 
libsystemd-journal0_215-7_amd64.deb
 f0eb9f59839d8e967df32056394df06897fa5a71 25808 
libsystemd-journal-dev_215-7_amd64.deb
 b7ec793877cbb5b84c2ad5ce0c85e142822467ca 31392 
libsystemd-id128-0_215-7_amd64.deb
 54c4df23fd867cc78fbffdec4c56c2f4863d90c5 25798 
libsystemd-id128-dev_215-7_amd64.deb
 7d6c4c386d0b9fa333e3462447af94c612274578 871552 udev_215-7_amd64.deb
 547ea175ef2505e9ede3f7ad71752a8c1a1cc788 50332 libudev1_215-7_amd64.deb
 3caf73d61bbe83746cce0bc427323674ce6ce548 23090 libudev-dev_215-7_amd64.deb
 dea21165287fc3abb89e3fe3b3019e36ff5055d0 193902 udev-udeb_215-7_amd64.udeb
 b289799bbe56c80b59391a17fe3473965e6d3b20 24746 libudev1-udeb_215-7_amd64.udeb
 81085fa8048871805caa29d456fc9cff24e6a8ae 36104 libgudev-1.0-0_215-7_amd64.deb
 accf6cd0cc658f2b0f75f44157a547274483ee04 2828 gir1.2-gudev-1.0_215-7_amd64.deb
 42bcc44a1d466a044fdccb367c0bb9a0a996167d 24482 libgudev-1.0-dev_215-7_amd64.deb
 fc14d5dc34eb28d13a6610ab8a875e335bc2e368 55610 python3-systemd_215-7_amd64.deb
 eef7a8dc7fc4bf5f64408fbb09b2248c544e9554 15861668 systemd-dbg_215-7_amd64.deb
Checksums-Sha256:
 143d7f990b83723b17409c5bf42456b5616112b4f89d46472a84a22c828a97af 4103 
systemd_215-7.dsc
 208c48ad41b32a550713cdeee5d5daabb2f7cc85172dab98feaa0ff7381460a8 181352 
systemd_215-7.debian.tar.xz
 93d2ff24f91e1a61c9d1fd244a417579f0c0f0e2fb282a08bc42164f31e4df43 2532682 
systemd_215-7_amd64.deb
 d52e81ffa3f872d9a1a5d0cafa817eeaa86b72ef5e2df632b0c4b875b1c425ab 30196 
systemd-sysv_215-7_amd64.deb
 35fe400bea0c893e2c0d73bd5826077f46298e142fa7e613fdfc5c516a272705 119390 
libpam-systemd_215-7_amd64.deb
 2b24d977017dffd0f56dbcbaa9fa7909b8b4601058b3bacdb3539c019c62fc95 83186 
libsystemd0_215-7_amd64.deb
 a011f64aec68018258b9034214a0caccca8426176138246837e78d3a24e1000f 89182 
libsystemd-dev_215-7_amd64.deb
 0fda1763232091f1096b166ed31c7e0d9aefbbdb05787333a1a06885a9fb0149 43218 
libsystemd-login0_215-7_amd64.deb
 d465d6511f92a07db228d6fefa9bcf95690de9557f42839bdb3dc58cddeeb007 25818 
libsystemd-login-dev_215-7_amd64.deb
 de61a2e4d11dce18697fe7db56aa65f8ddda4324012710e049f0243ad2b8f29c 32422 
libsystemd-daemon0_215-7_amd64.deb
 80184fbd93affdbf9caf24d012305748695be18ff00a0f541c8ce85c365323ee 25836 
libsystemd-daemon-dev_215-7_amd64.deb
 9cfa6f568da4239188bdc3a0f4c21f318317947c1375ca73c4d40750cee9b3ac 68360 
libsystemd-journal0_215-7_amd64.deb
 4295e02efa736e47cc887e09bd6470bc4aee3ccfb6f61e58121bf8595a30cd83 25808 
libsystemd-journal-dev_215-7_amd64.deb
 4f0a734399e28b12736653a82b385f002b9401e7a35845d3800899a8dea0c713 31392 
libsystemd-id128-0_215-7_amd64.deb
 394e5b83c88eb41d73e4e9068e69d79c71e607dc10c6c43c41748b1c1b529d0f 25798 
libsystemd-id128-dev_215-7_amd64.deb
 4f6738e86f6b4c880faf52baf2cbc5ae3897e86a4c3b445c3998137f98f5d82c 871552 
udev_215-7_amd64.deb
 addc777498648b3db40f5383c5a14a3c0a50b9f843f38234e0a7c4077db9a988 50332 
libudev1_215-7_amd64.deb
 e7f1b0aad1829a213ff9d23c929da85891fecc812bc557625d32084efddccd55 23090 
libudev-dev_215-7_amd64.deb
 1bc743466ccced9762818f32cd9d1ab941e866d59bdaa7c254acdce6755fe66a 193902 
udev-udeb_215-7_amd64.udeb
 11288ce46aa2bb4cb3c6c1a904a994f147218fc499255f024f1397060e375c30 24746 
libudev1-udeb_215-7_amd64.udeb
 ccb655a870b790038b5ec9828d9eed6768c03e192a21f36170f5db5f2d05d761 36104 
libgudev-1.0-0_215-7_amd64.deb
 7c3d0e702aa2bfd707d1e711865fc734f88f16db0dfe2cedb28eb316bdb5e3ca 2828 
gir1.2-gudev-1.0_215-7_amd64.deb
 87896455dc17e782d70ed949448d729a738d180ca2d88e2e7775373de7fb490a 24482 
libgudev-1.0-dev_215-7_amd64.deb
 ae01047782f29391566492b243c3bd80b50681b930e1e4faaa4cb8b782c5c299 55610 
python3-systemd_215-7_amd64.deb
 3ab376992c69c8133d61620112382ab67d4066f068d19aaec14385ad90fc3911 15861668 
systemd-dbg_215-7_amd64.deb
Files:
 471bcf066e9406cbef856641d6a20a61 4103 admin optional systemd_215-7.dsc
 e3fb8ba572c1aa2f89b3d4191b5c8a20 181352 admin optional 
systemd_215-7.debian.tar.xz
 b3287f7f19f25662b688a2fed2f913ed 2532682 admin optional systemd_215-7_amd64.deb
 43b672eb68f135e32aab5b4afe3de943 30196 admin extra systemd-sysv_215-7_amd64.deb
 992e81e9e292b63ae87aa1459c9fe5af 119390 admin optional 
libpam-systemd_215-7_amd64.deb
 ee7a288cacd47e07d0ab56be578ecafe 83186 libs optional 
libsystemd0_215-7_amd64.deb
 416b6e38b1d3c0c92bd9c65cc1194782 89182 libdevel optional 
libsystemd-dev_215-7_amd64.deb
 7fd00d31ec7be1e8a8bb76a4c11418a5 43218 oldlibs extra 
libsystemd-login0_215-7_amd64.deb
 4ca216f0930c319943e481be1474c8c4 25818 oldlibs extra 
libsystemd-login-dev_215-7_amd64.deb
 cfa3037665ff08ddbf14a882badf0691 32422 oldlibs extra 
libsystemd-daemon0_215-7_amd64.deb
 c5c3cddc476538b8e5e82548b31ee40e 25836 oldlibs extra 
libsystemd-daemon-dev_215-7_amd64.deb
 9a778fb6aa74547b5c4caa63f3ccf0c5 68360 oldlibs extra 
libsystemd-journal0_215-7_amd64.deb
 e08d3e27168a9e355f342f9264490384 25808 oldlibs extra 
libsystemd-journal-dev_215-7_amd64.deb
 341e34b1e1d6fe39451f285535a588b9 31392 oldlibs extra 
libsystemd-id128-0_215-7_amd64.deb
 f46d8f76eed6f5e339f1f5211baa324f 25798 oldlibs extra 
libsystemd-id128-dev_215-7_amd64.deb
 fff574a6bf22245e2c09429893c13890 871552 admin important udev_215-7_amd64.deb
 e26cdaf00d3156e15c03b23839acb6d8 50332 libs important libudev1_215-7_amd64.deb
 fb09cd07ecb49a004f203f7c55852509 23090 libdevel optional 
libudev-dev_215-7_amd64.deb
 0227986f59ed7715209e2988e9ac963c 193902 debian-installer optional 
udev-udeb_215-7_amd64.udeb
 fe51ed9cd454adec3493abe2a679aa63 24746 debian-installer optional 
libudev1-udeb_215-7_amd64.udeb
 f9b9fc4c8af3c69b246a09d8e49ef577 36104 libs optional 
libgudev-1.0-0_215-7_amd64.deb
 0c6364c045d92e845e8b48832f92da7f 2828 introspection optional 
gir1.2-gudev-1.0_215-7_amd64.deb
 cd5c4df1eec8e20fbeb2bec79aec7791 24482 libdevel optional 
libgudev-1.0-dev_215-7_amd64.deb
 4055ddb68a685d5c6d0db56916885b5c 55610 python optional 
python3-systemd_215-7_amd64.deb
 15a7518986cc1ff15675c1c473e25342 15861668 debug extra 
systemd-dbg_215-7_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUeA6vAAoJENFO8V2v4RNH/q8QAL9Lop3zeE+vo+31S1gdC83z
1XKcKLsyDO+ktcepviTqJzN4QVIpMio/PbagAcwauipvL/q33/PmcVCmWC79/Mx/
3BuzsyMJl0I3/Zrr+pRiy4OFdww2FGhrL+PKVLnqSzQLKRux859/fvo8lavnyZgO
WKcTVUJ7AIESYdeqpf94rAbWvEB9U4TWPlEma+3A4A+iEVEnpM6pUR9GLtIBQ1HO
eINea+aPlwYFWfFHWOO0990JK8LDmQd81RwstjKLZzDQHUXkaCkmbGU8E3ZdIznJ
+VG58zwriBMeLIBtQ0rUdcKwfHUILqrbr1gQEL+1hOPTKcMTTKZEznmL4zMKmFId
5/NCcyimwI+HFkf+IB7FEnJ22Xv9S5emTEsinpLBrEESyRQsCtHXxOR8X3P+Ub7w
qnakokN/BvVXlhoV8TwpzoQ2FTpAh/eH9IdsrkA407XeqtNKIpMpjufgIfUH27+0
FJ/zSOJUvAJEcvB58EM/Yryi7KkLUrKoJfNI/qxaIh30mvtyW+7JWSB8qIykXGN2
5IeJ8XHBG24SRzaZ8dPAtqnmSX/mqhv1bC/I+o/70Rqyk3ZYuetSq+VI6ePrtKp6
BUUu0tGU9ifnKiepyQNF6Z9ZdvUWQNixfTIm6yU1Bmz7BubJJfzrlUgqPvUYqA4v
AxDD95jyQKHTjbi/xkP6
=vbmY
-----END PGP SIGNATURE-----

--- End Message ---