Discussion:
hostnamectl doesn't work in a lxc container
Add Reply
Yuri Kanivetsky
2017-02-11 06:03:11 UTC
Reply
Permalink
Raw Message
Hi,

Not sure it's a good place to ask. But it'd be great if you could help
me with this one. Or at least tell me where to ask. I failed to find
any systemd user mailing lists. The guys from lxc mailing list keep
silence:

https://lists.linuxcontainers.org/pipermail/lxc-users/2017-February/012840.html

So, on one physical server in a lxc container I get this:

# hostnamectl --static
Could not get property: Connection timed out
# hostnamectl
# echo $?
1

Occasionally I get this error message:

Could not get property: Failed to activate service
'org.freedesktop.hostname1': timed out

And in the log I see this:

Feb 10 12:39:04 server1 dbus[79]: [system] Activating via systemd:
service name='org.freedesktop.hostname1'
unit='dbus-org.freedesktop.hostname1.service'
Feb 10 12:39:05 server1 systemd[1]: Starting Hostname Service...
Feb 10 12:39:05 server1 systemd[2935]: systemd-hostnamed.service:
Failed at step NETWORK spawning /lib/systemd/systemd-hostnamed:
Permission denied
Feb 10 12:39:05 server1 systemd[1]: systemd-hostnamed.service: Main
process exited, code=exited, status=225/NETWORK
Feb 10 12:39:05 server1 systemd[1]: Failed to start Hostname Service.
Feb 10 12:39:05 server1 systemd[1]: systemd-hostnamed.service: Unit
entered failed state.
Feb 10 12:39:05 server1 systemd[1]: systemd-hostnamed.service:
Failed with result 'exit-code'.
Feb 10 12:39:29 server1 dbus[79]: [system] Failed to activate
service 'org.freedesktop.hostname1': timed out

On the other server it works though. Here's what I see in the log:

Feb 10 14:40:26 server2 dbus[25957]: [system] Activating via
systemd: service name='org.freedesktop.hostname1'
unit='dbus-org.freedesktop.hostname1.service'
Feb 10 14:40:26 server2 systemd[1]: Starting Hostname Service...
Feb 10 14:40:26 server2 systemd-hostnamed[18340]: Warning:
nss-myhostname is not installed. Changing the local hostname might
make it unresolveable. Please install nss-myhostname!
Feb 10 14:40:26 server2 dbus[25957]: [system] Successfully
activated service 'org.freedesktop.hostname1'
Feb 10 14:40:26 server2 systemd[1]: Started Hostname Service.

What's causing it? What can I check? How do I remedy this? Thanks in advance.

Regards,
Yuri
Lennart Poettering
2017-02-13 12:19:07 UTC
Reply
Permalink
Raw Message
Post by Yuri Kanivetsky
Hi,
Not sure it's a good place to ask. But it'd be great if you could help
me with this one. Or at least tell me where to ask. I failed to find
any systemd user mailing lists. The guys from lxc mailing list keep
https://lists.linuxcontainers.org/pipermail/lxc-users/2017-February/012840.html
Permission denied
Feb 10 12:39:05 server1 systemd[1]: systemd-hostnamed.service: Main
process exited, code=exited, status=225/NETWORK
What's causing it? What can I check? How do I remedy this? Thanks in advance.
So, this is caused by PrivateNetwork=yes in the hostnamed unit
file. This is supposed to ensure that hostnamed runs within its own
network namespace, for sandboxing reasons. Depending on your precise
LXC configuration network namespaces are available to containers or
are not. If they aren't the above is what you are seeing.

That said, it's actually our intention to gracefully degrade if a
sandboxing option is set for a service and we lack the privs to set it
up. That's OK since sandboxing while enhancing security lockdown
doesn't actually provide anything the service would need to run
correctly.

If you look into the TODO file in our git tree, you'll find this item:

* fix PrivateNetwork= so that we fall back gracefully on kernels
lacking namespacing support (similar for the other namespacing
options)

Until that#s fixed you'll see the problem in your setup.

A local work-around would be to either grant your LXC container enough
privs to do network namespacing internally. Or simply disable the
option in hostnamed, by placing a drop-in file that turns it off...

Lennart
--
Lennart Poettering, Red Hat
Loading...