Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Transmission service fails to start inside a container #258793

Closed
justryanw opened this issue Oct 3, 2023 · 7 comments · Fixed by #267319
Closed

Transmission service fails to start inside a container #258793

justryanw opened this issue Oct 3, 2023 · 7 comments · Fixed by #267319
Labels
0.kind: bug Something is broken

Comments

@justryanw
Copy link

Describe the bug

I have transmission running inside a Nixos container which has been working without issue until I recently updated the system.
It now fails to start inside the container, I have tried deleting the container and all its data but the same issue exists when creating a new one. I have also tried creating the path "/run/transmission/run/host/.os-release-stage/" on both the host and container but it doesn't seem to care.

Steps To Reproduce

Steps to reproduce the behavior:
Run transmission inside of a container

Expected behavior

Transmission service starts and runs without issue

Screenshots

Service status

× transmission.service - Transmission BitTorrent Service
     Loaded: loaded (/etc/systemd/system/transmission.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Tue 2023-10-03 13:54:49 BST; 18s ago
   Duration: 26ms
    Process: 174 ExecStartPre=/nix/store/lgpmbcj1q3r8hd22zj7msf0jhcrf8y3w-transmission-prestart (code=exited, status=0/SUCCESS)
    Process: 192 ExecStart=/nix/store/9ynx7q44xs7vr2z723kxs4pp3dr1v968-transmission-3.00/bin/transmission-daemon -f -g /var/lib/transmission/.config/transmission-daemon (code=exited, status=226/NAMESPACE)
   Main PID: 192 (code=exited, status=226/NAMESPACE)
        CPU: 20ms

Oct 03 13:54:49 vpn systemd[1]: Starting Transmission BitTorrent Service...
Oct 03 13:54:49 vpn systemd[1]: Started Transmission BitTorrent Service.
Oct 03 13:54:49 vpn (n-daemon)[192]: Failed to create destination mount point node '/run/transmission/run/host/.os-release-stage/': Read-only file system
Oct 03 13:54:49 vpn (n-daemon)[192]: Failed to mount /run/systemd/propagate/.os-release-stage to /run/transmission/run/host/.os-release-stage/: No such file or directory
Oct 03 13:54:49 vpn (n-daemon)[192]: transmission.service: Failed to set up mount namespacing: /run/transmission/run/host/.os-release-stage/: No such file or directory
Oct 03 13:54:49 vpn (n-daemon)[192]: transmission.service: Failed at step NAMESPACE spawning /nix/store/9ynx7q44xs7vr2z723kxs4pp3dr1v968-transmission-3.00/bin/transmission-daemon: No such file or directory
Oct 03 13:54:49 vpn systemd[1]: transmission.service: Main process exited, code=exited, status=226/NAMESPACE
Oct 03 13:54:49 vpn systemd[1]: transmission.service: Failed with result 'exit-code'.

Additional context

Here's where I have the container and transmission defined in my config.
https://github.com/justryanw/Flake/blob/master/containers/vpn.nix

Notify maintainers

@astsmtl
@vcunat

Metadata

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.5.5, NixOS, 23.11 (Tapir), 23.11.20230929.f5892dd`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.17.0`
 - channels(root): `"nixos"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
@justryanw justryanw added the 0.kind: bug Something is broken label Oct 3, 2023
@aorith
Copy link
Contributor

aorith commented Oct 4, 2023

Same here, not sure if it's an upstream or nixpkgs issue

@aorith
Copy link
Contributor

aorith commented Oct 5, 2023

For the time being and since it's inside a container anyway I'm overriding the root dir of the systemd unit:

  systemd.services.transmission.serviceConfig = {
    RootDirectoryStartOnly = lib.mkForce false;
    RootDirectory = lib.mkForce "";
  };

@jdreaver
Copy link
Contributor

Thanks @aorith, your fix is working for me!

@puffnfresh
Copy link
Member

puffnfresh commented Nov 11, 2023

The problem is that /run is listed in BindReadOnlyPaths:

Which got introduced in c48faf0 to fix #98904. The original problem was that /run/systemd/resolve/stub-resolv.conf was not in the chroot. I'd say mounting all of /run as read-only is going too far, so a better fix would be to just mount /run/systemd and only if services.resolved.enable is true. It also seems weird to have this logic be part of Transmission, but whatever.

So a workaround is:

systemd.services.transmission.serviceConfig.BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];

(And I'm not sure why this wasn't a problem for 3 years)

@eyJhb
Copy link
Member

eyJhb commented Nov 13, 2023

@ju1m I've stumbled upon this issue as well, and wondering if there is anything we can do about it regarding the Transmission service. I had to disable the following is well, before it played nicely in my setup.

          PrivateMounts = lib.mkForce false;
          PrivateUsers = lib.mkForce false;

@ju1m
Copy link
Contributor

ju1m commented Nov 13, 2023

@puffnfresh, indeed, adding only /run/systemd was one the alternatives suggested in #103043 (comment) , so we can try your suggestion.

@eyJhb, IMHO disabling PrivateMounts= or PrivateUsers= should not be the default, we could make them use mkDefault though, would that be enough for you?

ju1m added a commit to ju1m/nixpkgs that referenced this issue Nov 13, 2023
doronbehar added a commit that referenced this issue Dec 22, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
nixos/transmission: fixes #258793
GoogleBot42 added a commit to GoogleBot42/nix-config that referenced this issue Feb 3, 2024
@telometto
Copy link

telometto commented Sep 9, 2024

This is actually still an issue and it isn't limited to containers. Adding the params that @aorith posted, unfortunately, does not work for me ;/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0.kind: bug Something is broken
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants