[systemd-devel] systemd-container: Trying to use a bookworm chroot with a buster host fails / Failed to create /init.scope control group

Michael Biebl mbiebl at gmail.com
Fri Oct 14 20:57:00 UTC 2022 

Hi,

since the issue came up on the Debian bug tracker at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019147 , I figured
I ask here:

Am 04.09.22 um 18:40 schrieb Bernhard Übelacker:
>
> Package: systemd-container
> Severity: wishlist
> X-Debbugs-Cc: bernhardu at mailbox.org
>
>
> Dear Maintainer,
> I tried to run on top of a buster system
> with systemd-container 241-7~deb10u8 to start a container
> with a current bookworm chroot with systemd-container 251.4-3.
> This buster system was running linux-image 4.19.0-21-amd64.
>
> This failed with following error:
>
>      root at debian:~# systemd-nspawn
> --directory=/var/lib/machines/test-bookworm --boot --network-veth
>      Spawning container test-bookworm on /var/lib/machines/test-bookworm.
>      Press ^] three times within 1s to kill container.
>      systemd 251.4-3 running in system mode (+PAM +AUDIT +SELINUX
> +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID
> +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK
> +PCRE2 -PWQUALITY -P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD
> -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
>      Detected virtualization systemd-nspawn.
>      Detected architecture x86-64.
>
>      Welcome to Debian GNU/Linux bookworm/sid!
>
>      Hostname set to <debian>.
>      Failed to create /init.scope control group: Operation not permitted
>      Failed to allocate manager object: Operation not permitted
>      [!!!!!!] Failed to allocate manager object.
>      Exiting PID 1...
>      Container test-bookworm failed with error code 255.
>
>
> So this report is mostly to ask if this expected or desired to work?

Good question. Maybe raise that on the systemd-devel mailing list?
Keep in mind, that in bullseye we switched to cgroupv2, i.e. we build
systemd with -Ddefault-hierarchy=unified

I'm honestly not sure which combination of versions (and cgroup layouts)
are supported.

More information about the systemd-devel mailing list