WARNING: terminal is not fully functional ![]() Here are the logs from systemd-networkd ~]# systemctl status systemd-networkd The privileged container does not get an IP. The unprivileged container gets an IP, and has internet access (I have configured NAT on the bridge with nftables). One with -c security.privileged=true and one without. I have just launched two new arch containers. I’ve looked through that forum post, and I think it’s something different going on for me. Once our kernel change is widely available, this workaround can then be removed. The plan is to ship a very small systemd unit override in all affected images to make networkd behave as it did previously. It’s that last option we’re now investigating for our own images. Use a systemd override on the systemd-networkd unit to give it a read-only /sys.Use raw.lxc to force /sys to be read-only (as suggested above).Have individual distros revert the systemd change (we will push for Ubuntu to do that).The issue can be worked around a few other ways in the mean time: We have identified one kernel issue which prevents udev from behaving in the way networkd expects it and is working on fixing this upstream, though as with any kernel change, this will take time to roll out to all distros. So this gets us in a bit of a stuck situation as far as easy fixes are concerned. We also care about having udev running in containers to handle our device hotplug logic for which we’ve done kernel work in the past few years. We can’t make /sys read-only as we specifically need it writable for a number of other network operations (bridges for libvirt and the like). The systemd developers refused to back this change to fix our users arguing that the new logic is correct and that the problem is that /sys is writable in our containers. The regression was indeed introduced through a bugfix in systemd 244.1 as linked in the post above. Just wanted to give an update in this thread as we now think we fully understand the problem.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |