From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id DB9E11FF183 for ; Wed, 19 Nov 2025 15:28:15 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CABF1EE1F; Wed, 19 Nov 2025 15:28:11 +0100 (CET) From: Robert Obkircher To: pve-devel@lists.proxmox.com Date: Wed, 19 Nov 2025 15:24:55 +0100 Message-ID: <20251119142738.26840-4-r.obkircher@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251119142738.26840-1-r.obkircher@proxmox.com> References: <20251119142738.26840-1-r.obkircher@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1763562457740 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.078 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH v6 pve-container 3/5] fix #6897: warn that nesting may be required for systemd X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Recent versions of systemd require nesting to isolate services. If nesting is disabled Debian 11 and 12 containers hang for 25 seconds after login and Debian 13 just shows an empty console. To make this less confusing for users, add a task-log warning on CT start if a systemd version >241 (used by Debian 10) is detected. Signed-off-by: Robert Obkircher --- src/PVE/LXC/Setup.pm | 10 ++++++++++ src/PVE/LXC/Setup/Base.pm | 19 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm index 57b8df1..adb8d6c 100644 --- a/src/PVE/LXC/Setup.pm +++ b/src/PVE/LXC/Setup.pm @@ -296,10 +296,20 @@ sub rewrite_ssh_host_keys { }); } +sub check_systemd_nesting { + my ($self) = @_; + + my $init = $self->get_ct_init_path(); + # not a protected_call because it calls objdump + my $warning = $self->{plugin}->check_systemd_nesting($self->{conf}, $init); + $self->{log_warn}->($warning) if $warning; +} + sub pre_start_hook { my ($self) = @_; $self->protected_call(sub { $self->{plugin}->pre_start_hook($self->{conf}) }); + $self->check_systemd_nesting(); } sub post_clone_hook { diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm index ffd4bac..370f3fa 100644 --- a/src/PVE/LXC/Setup/Base.pm +++ b/src/PVE/LXC/Setup/Base.pm @@ -649,6 +649,25 @@ sub get_ct_init_path { return $init_path; } +sub check_systemd_nesting { + my ($self, $conf, $init) = @_; + + my $features = PVE::LXC::Config->parse_features($conf->{features}); + return if $features->{nesting}; + + return if (!defined($init) || $init !~ m@/systemd$@); + + my $sdver = $self->get_systemd_version($init); + + # 241 is the systemd version used by Debian 10. It was chosen based + # on a forum post that suggested enabling nesting for the upgrade + # from PMG 6.x to 7 and after a quick test where a Debian 11 container + # hung 25 seconds after login. + return if (!defined($sdver) || $sdver <= 241); + + return "Systemd $sdver detected. You may need to enable nesting."; +} + sub ssh_host_key_types_to_generate { my ($self) = @_; -- 2.47.3 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel