Let me reiterate what I mentioned in the MM channel. The snap in
question apparently uses device access in which case we'll set up device
filtering. The host being impish, uses cgroup v2, which percolates to
the container. Since it's v2, device filtering is implemented by
attaching a BPF program on the cgorup, hence we need to have a separate
group otherwise we'd break your session. Snap will ask your systemd
--user to create a transient scope for the app, but looking at the logs
this fails with:
Mar 17 16:13:22 b2 systemd[2487]:
snap.snapcraft.snapcraft.237e42c2-4906-439b-a992-743647600bc6.scope: Failed to
add PIDs to scope's control
Mar 17 16:13:22 b2 systemd[2487]:
snap.snapcraft.snapcraft.237e42c2-4906-439b-a992-743647600bc6.scope: Failed
with result 'resources'.
Mar 17 16:13:22 b2 systemd[2487]: Failed to start
snap.snapcraft.snapcraft.237e42c2-4906-439b-a992-743647600bc6.scope.
At this point running snap will fail and the sandbox cannot be
completed.
I think the main problem is why create transient scope fails the way it
did, and whether systemd from bionic even works properly on a host with
unified hierarchy.
** Also affects: systemd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1965328
Title:
transient scope could not be started error in bionic lxd container
To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1965328/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
