"Failed to set up mount namespacing" with systemd at HEAD, for systemd-resolved and systemd-hostnamed #10032
Description
systemd version the issue has been seen with
v239-713-g3457a7a939e3 (commit 3457a7a)
Used distribution
Fedora Rawhide (fc30)
Expected behaviour you didn't see
Services systemd-resolved and systemd-hostnamed would start
Unexpected behaviour you saw
Services fail with these messages:
Sep 06 23:28:36 rawhide.libvirt systemd[1]: Starting Hostname Service...
Sep 06 23:28:36 rawhide.libvirt systemd[23916]: systemd-hostnamed.service: Failed to set up mount namespacing: Permission denied
Sep 06 23:28:36 rawhide.libvirt systemd[23916]: systemd-hostnamed.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-hostnamed: Permission denied
Sep 06 23:28:36 rawhide.libvirt systemd[1]: systemd-hostnamed.service: Main process exited, code=exited, status=226/NAMESPACE
Sep 06 23:28:36 rawhide.libvirt systemd[1]: systemd-hostnamed.service: Failed with result 'exit-code'.
Sep 06 23:28:36 rawhide.libvirt systemd[1]: Failed to start Hostname Service.
And:
Sep 06 23:32:04 rawhide.libvirt systemd[1]: Starting Network Name Resolution...
Sep 06 23:32:04 rawhide.libvirt systemd[23986]: systemd-resolved.service: Failed to set up mount namespacing: Permission denied
Sep 06 23:32:04 rawhide.libvirt systemd[23986]: systemd-resolved.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-resolved: Permission denied
Sep 06 23:32:04 rawhide.libvirt systemd[1]: systemd-resolved.service: Main process exited, code=exited, status=226/NAMESPACE
Sep 06 23:32:04 rawhide.libvirt systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Sep 06 23:32:04 rawhide.libvirt systemd[1]: Failed to start Network Name Resolution.
Sep 06 23:32:04 rawhide.libvirt systemd[1]: systemd-resolved.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Sep 06 23:32:04 rawhide.libvirt systemd[1]: systemd-resolved.service: Scheduled restart job, restart counter is at 5.
Sep 06 23:32:04 rawhide.libvirt systemd[1]: Stopped Network Name Resolution.
Sep 06 23:32:04 rawhide.libvirt systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Sep 06 23:32:04 rawhide.libvirt systemd[1]: systemd-resolved.service: Failed with result 'exit-code'.
Sep 06 23:32:04 rawhide.libvirt systemd[1]: Failed to start Network Name Resolution.
SELinux is enabled, but I don't see any AVCs on any of the processes involved. Using policy from selinux-policy-3.14.3-1.fc30.noarch.
No customizations on the two service files, systemd-delta doesn't report anything for them.
I also tried to build PR #10012 from @yuwata, but that didn't work either, same results.
Steps to reproduce the problem
Just install the new software and restart the services, problem manifests right away (no need to reboot).