[systemd-devel] Problem bind-mounting /etc/hosts

Thomas Köller thomas at krokinole.de
Wed Jan 29 18:02:08 UTC 2025 

I am creating a systemd service that contains the three lines below:

TemporaryFileSystem = %E
BindReadOnlyPaths = %E/hosts
NetworkNamespacePath = /var/run/netns/vpnlink

So the service runs in a network namespace of its own. The problem is 
that I cannot mount '/etc/hosts' into the tmpfs:

root at yoga:/etc/systemd/system# journalctl -l -b -u vpn at wlan_builtin.service
Jan 29 18:41:33 yoga systemd[1]: Starting vpn at wlan_builtin.service - 
Create ssh tunnel to sarkovy.krokinole.de...
Jan 29 18:41:33 yoga (ip)[3230]: Failed to create destination mount 
point node '/run/systemd/mount-rootfs/etc/hosts', ignoring: Permission 
denied
Jan 29 18:41:33 yoga (ip)[3230]: Failed to mount /etc/hosts to 
/run/systemd/mount-rootfs/etc/hosts: No such file or directory
Jan 29 18:41:33 yoga (ip)[3230]: vpn at wlan_builtin.service: Failed to set 
up mount namespacing: /etc/hosts: No such file or directory
Jan 29 18:41:33 yoga (ip)[3230]: vpn at wlan_builtin.service: Failed at 
step NAMESPACE spawning ip: No such file or directory
Jan 29 18:41:33 yoga systemd[1]: vpn at wlan_builtin.service: Control 
process exited, code=exited, status=226/NAMESPACE
Jan 29 18:41:33 yoga (sh)[3231]: Failed to create destination mount 
point node '/run/systemd/mount-rootfs/etc/hosts', ignoring: Permission 
denied
Jan 29 18:41:33 yoga (sh)[3231]: Failed to mount /etc/hosts to 
/run/systemd/mount-rootfs/etc/hosts: No such file or directory
Jan 29 18:41:33 yoga (sh)[3231]: vpn at wlan_builtin.service: Failed to set 
up mount namespacing: /etc/hosts: No such file or directory
Jan 29 18:41:33 yoga (sh)[3231]: vpn at wlan_builtin.service: Failed at 
step NAMESPACE spawning sh: No such file or directory
Jan 29 18:41:33 yoga systemd[1]: vpn at wlan_builtin.service: Control 
process exited, code=exited, status=226/NAMESPACE
Jan 29 18:41:33 yoga systemd[1]: vpn at wlan_builtin.service: Failed with 
result 'exit-code'.
Jan 29 18:41:33 yoga systemd[1]: Failed to start 
vpn at wlan_builtin.service - Create ssh tunnel to sarkovy.krokinole.de.

The error disappears as soon as I remove the line with 
BindReadOnlyPaths. Unfortunatly, the command invoked by ExecStart relies 
on the presence of /etc/hosts.

More information about the systemd-devel mailing list