[CentOS-devel] Bug 1913806 - Can't start CentOS Stream 8 systemd-nspawn container on CentOS Stream 8

Sat Jan 30 23:25:44 UTC 2021
Gena Makhomed <gmm at csdoc.com>

On 31.01.2021 0:57, Gordon Messmer wrote:

>> https://bugzilla.redhat.com/show_bug.cgi?id=1913806

> systemd-nspawn is defaulting to a private user namespace,
> but no private network namespace, and that combination is not supported.

This is not true. By default systemd-nspawn creates
private user namespace and private network namespace.

See /usr/lib/systemd/system/systemd-nspawn at .service
on the CentOS 8 / CentOS Stream 8 and the man page for more details:
https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html

> If you configure a private network namespace, 
> does that nspawn container start properly?

This is not systemd-nspawn issue, because all works fine
with CentOS 8.3 kernel. And broken with CentOS Stream 8 kernel.
This is CentOS Stream 8 kernel regression.

System journal fragment:

Jan 21 15:55:12 centos-stream systemd-nspawn[1235]: Failed to mount 
sysfs on /sys/full (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC ""): 
Operation not permitted

-- 
Best regards,
  Gena