Could you describe the minimal steps to reproduce the issue on top of a standard 16.04?
NB: /sys is not read-only on official images and deployments, and this doesn't seem to affect official images. ** Description changed: Dear all, - Following up the bug report #1713674, when executing systemd in a - hardened LXC context, it might not be suitable to reexec systemd daemon, - that would not be able to perform. + Following up the bug #1713674, when executing systemd in a hardened LXC + context, it might not be suitable to reexec systemd daemon, that would + not be able to perform. For instance, in our LXC, we drop several capabilities, including sys_admin and we set /sys to read-only (in which, systemd will find its cgroups). This means, systemd cannot be reexecuted, it will fail to restart and will freeze (properly) at restart making the LXC container in frozen state (still working, but no new services startable, no interaction with systemd possible anymore). When upgrading systemd the debian package, as postinst, will always attempt to reexecute systemd, possibly breaking every other upgrade where a daemon restart is made in postinst, and leaving the system in a degraded state. It would likely be appropriate the check whether the reexecute can work will before performing it: checking capabilities, sys mount point perms, etc. If not applicable, not performing a reexucte and possibly print a message to the user. Occurs with Ubuntu Xenial 16.04.3 LTS and systemd 229-4ubuntu21. Cheers -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732411 Title: On upgrade, daemon-reexec should only be issued if safe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1732411/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
