dracut 059 和 systemd 255 当前不兼容:Debian Unstable/sid 用户谨慎升级

From Systemd v255-rc2 Changes:

The way services are spawned has been overhauled. Previously, a process was forked that shared all of the manager’s memory (via copy-on-write) while doing all the required setup (e.g.: mount namespaces, CGroup configuration, etc.) before exec’ing the target executable. This was problematic for various reasons: several glibc APIs were called that are not supposed to be used after a fork but before an exec, copy-on-write meant that if either process (the manager or the child) touched a memory page a copy was triggered, and also the memory footprint of the child process was that of the manager, but with the memory limits of the service. From this version onward, the new process is spawned using CLONE_VM and CLONE_VFORK semantics via posix_spawn(3), and it immediately execs a new internal binary, systemd-executor, that receives the configuration to apply via memfd, and sets up the process before exec’ing the target executable.

从 systemd v255 版本开始,引入了新二进制文件 systemd-executor ,这应当被包括在 initrd 中。 dracut 修复了这一错误,但尚未发布包括这一修改的新版本(实际上,上游已经接近两年没有发表新版本)。

dracut 的 Debian 软件包维护者表示,他已经向后移植修复,因此此问题应当在下次软件包更新时解决:

I’ve already included the upstream patch to the git master branch of dracut on salsa. The next dracut release in Debian will include the fix.

因此,运行 Debian Unstable/sid 且使用 dracut 生成其 initrd 的用户请考虑以下的选项:

  • 修改其 dracut 配置以复制 systemd-executor 至 initrd 中
  • 在 dracut 软件包更新以解决此问题前不要升级 systemd