Merge ~andersson123/autopkgtest-cloud:lxd-security-nesting-true into autopkgtest-cloud:master
Status: | Merged |
---|---|
Merged at revision: | 7e2db60fdb52a81febf88f462383f557abe5b7dd |
Proposed branch: | ~andersson123/autopkgtest-cloud:lxd-security-nesting-true |
Merge into: | autopkgtest-cloud:master |
Diff against target: |
12 lines (+1/-0) 1 file modified
charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/tools/armhf-lxd.userdata (+1/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Skia | Approve | ||
Review via email:
|
Commit message
fix: lxd-worker: add security.
There's a version of systemd in oracular-proposed which is purported to
break armhf tests (for oracular) once it migrates to the release pocket.
TLDR; Any systemd units with credentials on unprivileged containers will
fail on oracular tests with the new version of systemd in proposed.
This would cause systemd-
containers, which is a service which creates /var/run/utmp, which is how
runlevel is stored. runlevel is checked in lib/VirtSubProc.py [1] in the
wait_booted function. So, subsequently, wait_booted would eventually
timeout, as systemd-
appropriately on the testbed.
The workaround was discussed [2] between the systemd maintainer (enr0n)
and the lxd team, and the solution was to enable security.nesting for
the lxd containers running our armhf tests.
security.nesting simply allows for nested containerisation. [3]
To summarise, we would be hitting [4] because of [5].
[1] https:/
[2] https:/
[3] https:/
[4] https:/
[5] https:/
Description of the change
This is a change requested by enr0n (the systemd maintainer). The new version of systemd in oracular-proposed will break all oracular armhf tests. It's currently block-proposed, so it won't migrate, but it's waiting on us adding this change to our lxd containers to migrate.
How do we know that this indeed will enable security.nesting?
I need to find a link that states that this is the correct section for this - or at least something close
also come up with a way to deploy this live/next steps