Bug#1093490: cgroupfs-mount: places v1 mount at /sys/fs/cgroup preventing elogind from mounting cgroup2 hierarchy

Andrew Bower andrew at bower.uk
Sun Jan 19 09:27:39 GMT 2025 

Package: cgroupfs-mount
Version: 1.4+nmu1
Severity: normal
X-Debbugs-CC: debian-init-diversity at chiark.greenend.org.uk

Dear Maintainer,

After a recent upgrade (could be coincidence or a timing change) I found that
cgroupfs-mount was being run before elogind's, preventing elogind from mounting
a cgroup2 hierarchy at /sys/fs/cgroup. This prevented privilege elevation
resulting in GnuPG no longer being able to use my Yubikey HSM from the console
(there is no display manager or session running).

This is similar to #1076278, recently solved by starting elogind before docker
and #959021.

I tried to perform a similar remedy as #1076278 by adding 'cgroupfs-mount' to
X-Start-Before in the elogind initscript but this seemed to make no difference
on my system, with the cgroupsfs-mount script still getting called first.
Perhaps I needed to do something to recompute the dependencies but in any case
there is an issue here that needs solving in one package or other!

For my system, cgroupfs-mount is brought in as a Suggests of docker.io and
liblxc1t64 and I have currently worked around the issue with update-rc.d
cgroupsfs-mount disable.

As well as solving the ordering issue, I wonder if it is worth reviewing the
functionality of this package to do the right thing in a cgroup2 world,
whatever that is, or whether it is in fact only needed in systems that don't
have seat management and we could review when it gets pulled into a new
installation?

Thanks!


Extract from boot.log:

INIT: Entering runlevel: 2
Using makefile-style concurrent boot in runlevel 2.
Setting up console font and keymap...done.
Starting enhanced syslogd: rsyslogd.
 * Starting Citrix Log daemon [ OK ]
Starting anac(h)ronistic cron: anacron.
Starting deferred execution scheduler: atd.
Mounting cgroupfs hierarchy.
Starting mouse interface server: gpm.
Starting system message bus: dbus.
Starting NTP server: ntpd2025-01-15T19:07:29 ntpd[1569]: INIT: ntpd ntpsec-1.2.3: Starting
2025-01-15T19:07:29 ntpd[1569]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
.
Starting Avahi mDNS/DNS-SD Daemon: avahi-daemon.
Starting bluetooth: bluetoothd.
Starting NetBIOS name server: nmbd.
Starting CUPS Bonjour daemon: cups-browsed.
Starting Common Unix Printing System: cupsd.
Starting session management daemon: elogind
^@.
Starting MTA: exim4.
Starting network connection manager: NetworkManager.
Starting Docker: docker.
Starting SANE network scanner server: saned.
Starting Samba Winbind daemon: winbindd.
Starting periodic command scheduler: cron.
Starting Samba SMB/CIFS daemon: smbd.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Foreign Architectures: amd64

Kernel: Linux 6.10.12-686 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages cgroupfs-mount depends on:
ii  sysvinit-utils [lsb-base]  3.13-1

cgroupfs-mount recommends no packages.

cgroupfs-mount suggests no packages.

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/debian-init-diversity/attachments/20250119/1a74751d/attachment.sig>

More information about the Debian-init-diversity mailing list