Am 16.11.23 um 17:17 schrieb Sven Joachim:
Package: systemd Version: 255~rc2-1 Severity: importantAfter upgrading systemd from 254.5-1 and rebooting, rsyslog failed to start on my system. These messages appear in the journal: ,---- | Nov 16 16:58:10 localhost systemd[1]: Starting rsyslog.service - System Logging Service... | Nov 16 16:58:10 localhost (rsyslogd)[674]: Failed to create destination mount point node '/run/systemd/mount-rootfs/dev/xconsole', ignoring: Read-only file system | Nov 16 16:58:10 localhost (rsyslogd)[674]: Failed to mount /dev/xconsole to /run/systemd/mount-rootfs/dev/xconsole: No such file or directory | Nov 16 16:58:10 localhost (rsyslogd)[674]: rsyslog.service: Failed to set up mount namespacing: /dev/xconsole: No such file or directory | Nov 16 16:58:10 localhost systemd[1]: rsyslog.service: Main process exited, code=exited, status=226/NAMESPACE | Nov 16 16:58:10 localhost systemd[1]: rsyslog.service: Failed with result 'exit-code'. | Nov 16 16:58:10 localhost systemd[1]: Failed to start rsyslog.service - System Logging Service. | Nov 16 16:58:10 localhost systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 1. `---- This gets repeated a few times, and after five restart attempts systemd gives up. It should be noted that I have enabled forwarding messages to xconsole according to the the "Logging to xconsole" section in /usr/share/doc/rsyslog/README.Debian, and the problem is obviously in the bind mount for /dev/xconsole. Removing /dev/xconsole so that the "BindPaths=-/dev/xconsole" statement in rsyslog.service has no effect lets rsyslog start, but recreates the problem of #1053913.
It appears, that PrivateTmp=yes was locked down further and is now remounted read-only (thanks bluca for the reference):
https://github.com/systemd/systemd/commit/4a9e03aa6bb2cbd23dac00f2b2a7642cc79eaade We basically have two options as I see it: a/ Drop PrivateDevices=yes from rsyslog.service b/ Move /dev/xconsole to run and turn /dev/xconsole into a symlinkThe latter b/ will require updates to the local copies in /etc/tmpfiles.d/ and /etc/rsyslog.d/
They would look like this now:
$ cat /etc/rsyslog.d/xconsole.conf
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn |/run/xconsole
$ cat /etc/tmpfiles.d/xconsole.conf
# Type Path Mode UID GID Age Argument
p /run/xconsole 0640 root adm
L /dev/xconsole - - - - /run/xconsole
Conceptually, moving the named pipe out of /dev and into /run is the
cleaner solution I think. The /dev/xconsole symlink should make it
reasonably backwards compatible.
Thoughts? Michael
OpenPGP_signature.asc
Description: OpenPGP digital signature
