Discussion:
Systemd weird behavior after upgrade -
Add Reply
arnaud gaboury
2017-07-13 21:40:49 UTC
Reply
Permalink
Raw Message
(no HTML crapps)


OS= Fedora 26
Linux container managed by machinectl

% systemctl --version
systemd 233
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
default-hierarchy=hybrid

% machinectl list
MACHINE CLASS SERVICE OS VERSION ADDRESSES
poppy container systemd-nspawn fedora 26 192.168.1.94...

% machinectl show poppy
Name=poppy
Id=59b720b533834a4eafe07a62c2482266
Timestamp=Wed 2017-07-12 22:07:15 CEST
TimestampMonotonic=6928076
Service=systemd-nspawn
Unit=systemd-***@poppy.service
Leader=648
Class=container
RootDirectory=/var/lib/machines/poppy
State=running


-----------------------------------------------------------------------------------------------------

After upgrade from Fedora 25 to 26, some services are broken.
Below are some broken service status


% systemctl status ***@1000.service
● ***@1000.service - User Manager for UID 1000
Loaded: loaded (/usr/lib/systemd/system/***@.service; static; vendor
preset: disabled)
Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45 CEST;
15h ago
Main PID: 257 (code=exited, status=237/KEYRING)

Jul 12 22:09:45 thetradinghall.com systemd[1]: Starting User Manager for
UID 1000...
Jul 12 22:09:45 thetradinghall.com systemd[257]: ***@1000.service: Failed
at step KEYRING spawning /usr/lib/systemd/systemd: Permission denied
Jul 12 22:09:45 thetradinghall.com systemd[1]: Failed to start User Manager
for UID 1000.
Jul 12 22:09:45 thetradinghall.com systemd[1]: ***@1000.service: Unit
entered failed state.
Jul 12 22:09:45 thetradinghall.com systemd[1]: ***@1000.service: Failed
with result 'protocol'.


% systemctl status user.slice
● user.slice - User and Session Slice
Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor
preset: disabled)
Active: active since Wed 2017-07-12 22:07:15 CEST; 15h ago
Docs: man:systemd.special(7)
CGroup: /user.slice
└─user-1000.slice
├─session-c1.scope
│ ├─ 256 login -- poisonivy
│ ├─ 258 -zsh
│ ├─ 356 su
│ ├─ 357 zsh
│ ├─1553 systemctl status user.slice
│ └─1554 less
└─session-c2.scope
├─449 login -- poisonivy
├─450 -zsh
├─494 su
├─495 zsh
└─526 /usr/bin/python3 -O /usr/bin/ranger

Jul 12 22:09:45 thetradinghall.com systemd[1]: user.slice: Failed to set
invocation ID on control group /user.slice, ignoring: Operation not
permitted

% systemctl status opendkim.service
● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled;
vendor preset: disabled)
Drop-In: /etc/systemd/system/opendkim.service.d
└─override.conf
Active: failed (Result: exit-code) since Thu 2017-07-13 11:33:25 CEST;
2h 30min ago
Docs: man:opendkim(8)
man:opendkim.conf(5)
man:opendkim-genkey(8)
man:opendkim-genzone(8)


Jul 13 11:33:25 thetradinghall systemd[1]: Starting DomainKeys Identified
Mail (DKIM) Milter...
Jul 13 11:33:25 thetradinghall systemd[1243]: opendkim.service: Failed at
step KEYRING spawning /usr/sbin/opendkim: Permission denied

*N.B:* I can manually start opendkim as root


I have no ideas why these new issues. The only hint is the following one.
Hope below command outputs may help:

------------------------------------------------------

# /usr/lib/systemd/systemd --user
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: Permission denied
Failed to attach 338 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 247 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 249 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 305 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 306 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: Permission denied
Failed to attach 342 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: No such file or
directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/sys-class.mount: Permission
denied

---------------------------------------------------

# ls -al /sys/fs/cgroup/
total 0
drwxr-xr-x 13 root root 340 Jul 13 22:52 ./
drwxr-xr-x 4 root root 80 Jul 13 22:52 ../
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 blkio/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 cpu,cpuacct/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 cpuset/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 devices/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 freezer/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 memory/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 net_cls,net_prio/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 perf_event/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 pids/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 systemd/

# chown root:root /sys/fs/cgroup/blkio
chown: changing ownership of '/sys/fs/cgroup/blkio': Operation not permitted

On host
# ls -al $POPPY/sys/
total 0
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 0 Aug 16 2014 ./
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 236 Jul 13 14:21 ../

-----------------------------------------

On container, one dbus session running:
% myps dbus
dbus 35 1 0 22:52 ? 00:00:00 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
--syslog-only

When on container I have 4 (when only 3 before). The one from vu-poppy user
(container) is new.

% myps dbus
195:dbus 582 1 1 Jul12 ? 00:21:57 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
204:gabx 614 602 0 Jul12 ? 00:00:00 /usr/bin/dbus-daemon
--session --address=systemd: --nofork --nopidfile --systemd-activation
251:gabx 1593 1588 0 Jul12 ? 00:00:00 /usr/bin/dbus-daemon
--config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork
--print-address 3
333:vu-popp+ 16543 16502 0 22:52 ? 00:00:00 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
--syslog-only
-----------------------------------------------------------------------------------------------

I build my kernel with CONFIG_USER_NS=y since a while. I guess it is this
setting which cause the following trouble with UID/GID

From host
***@hortensia ➀➀ ~aur # ls -al $POPPY/var/log/journal
total 0
drwxr-xr-x+ 1 vu-poppy-0 systemd-journal 64 Oct 4 2016 ./
drwxr-xr-x 1 vu-poppy-0 vg-poppy-0 1.3K Jul 12 20:20 ../
drwxr-sr-x+ 1 root systemd-journal 7.8K Mar 11 15:25
59b720b533834a4eafe07a62c2482266/

From container:
***@thetradinghall ➀➀ dovecot/conf.d # ls -al /var/log/journal
total 0
drwxr-xr-x+ 1 root nobody 64 Oct 4 2016 ./
drwxr-xr-x 1 root root 1.3K Jul 12 20:20 ../
drwxr-sr-x+ 1 nobody nobody 7.8K Mar 11 15:25
59b720b533834a4eafe07a62c2482266/

As you can see, on host, root:root is by default vu-poppy-0 vg-poppy-0
On container, I am left with lots of files/folders owned by nobody.

---------------------------
When looking at the output of systemctl --failed, and verifying status, I
can observe a commun failure, like the one below:

postgresql.service: Failed at step KEYRING spawning
/usr/libexec/postgresql-check-db-dir: Permission denied

-----------------------------

When upgrading some package, I have again a permission issue.

# dnf upgrade filesystem
......................
error: unpacking of archive failed on file /proc: cpio: chown

# ls -al /proc/filesystems
.........
-r--r--r-- 1 nobody nobody 0 Jul 13 14:22 /proc/filesystems
.....................
# chown root:root /proc/filesystems
chown: changing ownership of '/proc/filesystems': Operation not permitted
-------------------------------------

Can anyone help me in debugging my system, as it starts to be difficult to
use the container. Thank you
Reindl Harald
2017-07-13 21:45:33 UTC
Reply
Permalink
Raw Message
Post by arnaud gaboury
(no HTML crapps)
still HTML and no meaningful quoting to distinct your "i respond to
myself" answer with your initial post - no idea what you expect by
sending a bunch of mails with the same content within a few hours nor
why you think it's a good idea to upgrade to F26 a dy after release if
the system is important and you have no testing environment

additionally this is the upstzream mailing list and not the Fedora
users-list nur the Fedora bugtracker - here you go:
https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora
Post by arnaud gaboury
OS= Fedora 26
Linux container managed by machinectl
% systemctl --version
systemd 233
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP
+LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS
+KMOD +IDN default-hierarchy=hybrid
% machinectl list
MACHINE CLASS SERVICE OS VERSION ADDRESSES
poppy container systemd-nspawn fedora 26 192.168.1.94...
% machinectl show poppy
Name=poppy
Id=59b720b533834a4eafe07a62c2482266
Timestamp=Wed 2017-07-12 22:07:15 CEST
TimestampMonotonic=6928076
Service=systemd-nspawn
Leader=648
Class=container
RootDirectory=/var/lib/machines/poppy
State=running
-----------------------------------------------------------------------------------------------------
After upgrade from Fedora 25 to 26, some services are broken.
Below are some broken service status
vendor preset: disabled)
Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45
CEST; 15h ago
Main PID: 257 (code=exited, status=237/KEYRING)
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
systemd[1]: Starting User Manager for UID 1000...
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
/usr/lib/systemd/systemd: Permission denied
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
systemd[1]: Failed to start User Manager for UID 1000.
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
% systemctl status user.slice
● user.slice - User and Session Slice
Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor
preset: disabled)
Active: active since Wed 2017-07-12 22:07:15 CEST; 15h ago
Docs: man:systemd.special(7)
CGroup: /user.slice
└─user-1000.slice
├─session-c1.scope
│ ├─ 256 login -- poisonivy
│ ├─ 258 -zsh
│ ├─ 356 su
│ ├─ 357 zsh
│ ├─1553 systemctl status user.slice
│ └─1554 less
└─session-c2.scope
├─449 login -- poisonivy
├─450 -zsh
├─494 su
├─495 zsh
└─526 /usr/bin/python3 -O /usr/bin/ranger
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
systemd[1]: user.slice: Failed to set invocation ID on control group
/user.slice, ignoring: Operation not permitted
% systemctl status opendkim.service
● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled;
vendor preset: disabled)
Drop-In: /etc/systemd/system/opendkim.service.d
└─override.conf
Active: failed (Result: exit-code) since Thu 2017-07-13 11:33:25
CEST; 2h 30min ago
Docs: man:opendkim(8)
man:opendkim.conf(5)
man:opendkim-genkey(8)
man:opendkim-genzone(8)
Jul 13 11:33:25 thetradinghall systemd[1]: Starting DomainKeys
Identified Mail (DKIM) Milter...
Jul 13 11:33:25 thetradinghall systemd[1243]: opendkim.service: Failed
at step KEYRING spawning /usr/sbin/opendkim: Permission denied
*N.B:* I can manually start opendkim as root
I have no ideas why these new issues. The only hint is the following
------------------------------------------------------
# /usr/lib/systemd/systemd --user
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: Permission denied
Failed to attach 338 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 247 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 249 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 305 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 306 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: Permission denied
Failed to attach 342 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: No such file
or directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/sys-class.mount: Permission
denied
---------------------------------------------------
# ls -al /sys/fs/cgroup/
total 0
drwxr-xr-x 13 root root 340 Jul 13 22:52 ./
drwxr-xr-x 4 root root 80 Jul 13 22:52 ../
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 blkio/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 cpu,cpuacct/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 cpuset/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 devices/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 freezer/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 memory/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 net_cls,net_prio/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 perf_event/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 pids/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 systemd/
*
*
# chown root:root /sys/fs/cgroup/blkio
chown: changing ownership of '/sys/fs/cgroup/blkio': Operation not permitted
*
*
On host
# ls -al $POPPY/sys/
total 0
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 0 Aug 16 2014 ./
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 236 Jul 13 14:21 ../
-----------------------------------------
% myps dbus
dbus 35 1 0 22:52 ? 00:00:00 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
--syslog-only
When on container I have 4 (when only 3 before). The one from vu-poppy
user (container) is new.
% myps dbus
195:dbus 582 1 1 Jul12 ? 00:21:57 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
204:gabx 614 602 0 Jul12 ? 00:00:00 /usr/bin/dbus-daemon
--session --address=systemd: --nofork --nopidfile --systemd-activation
251:gabx 1593 1588 0 Jul12 ? 00:00:00 /usr/bin/dbus-daemon
--config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork
--print-address 3
333:vu-popp+ 16543 16502 0 22:52 ? 00:00:00 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
--syslog-only
-----------------------------------------------------------------------------------------------
I build my kernel with CONFIG_USER_NS=y since a while. I guess it is
this setting which cause the following trouble with UID/GID
From host
total 0
drwxr-xr-x+ 1 vu-poppy-0 systemd-journal 64 Oct 4 2016 ./
drwxr-xr-x 1 vu-poppy-0 vg-poppy-0 1.3K Jul 12 20:20 ../
drwxr-sr-x+ 1 root systemd-journal 7.8K Mar 11 15:25
59b720b533834a4eafe07a62c2482266/
total 0
drwxr-xr-x+ 1 root nobody 64 Oct 4 2016 ./
drwxr-xr-x 1 root root 1.3K Jul 12 20:20 ../
drwxr-sr-x+ 1 nobody nobody 7.8K Mar 11 15:25
59b720b533834a4eafe07a62c2482266/
As you can see, on host, root:root is by default vu-poppy-0 vg-poppy-0
On container, I am left with lots of files/folders owned by nobody.
---------------------------
When looking at the output of systemctl --failed, and verifying status,
postgresql.service: Failed at step KEYRING spawning
/usr/libexec/postgresql-check-db-dir: Permission denied
-----------------------------
When upgrading some package, I have again a permission issue.
# dnf upgrade filesystem
......................
error: unpacking of archive failed on file /proc: cpio: chown
# ls -al /proc/filesystems
.........
-r--r--r-- 1 nobody nobody 0 Jul 13 14:22 /proc/filesystems
.....................
# chown root:root /proc/filesystems
chown: changing ownership of '/proc/filesystems': Operation not permitted
-------------------------------------
Can anyone help me in debugging my system, as it starts to be difficult
to use the container. Thank you
arnaud gaboury
2017-07-14 09:44:52 UTC
Reply
Permalink
Raw Message
Post by Reindl Harald
Post by arnaud gaboury
(no HTML crapps)
still HTML and no meaningful quoting to distinct your "i respond to
myself" answer with your initial post - no idea what you expect by
sending a bunch of mails with the same content within a few hours nor
why you think it's a good idea to upgrade to F26 a dy after release if
the system is important and you have no testing environment
I have been dealing for a while and worked hard on this issue. I don't need
your sarcasm neither your advise on going or not Fedora 26. but best a few
hints on how to solve my issues.

Your answer is worthless.
Post by Reindl Harald
additionally this is the upstzream mailing list and not the Fedora
https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora
Post by arnaud gaboury
OS= Fedora 26
Linux container managed by machinectl
% systemctl --version
systemd 233
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP
+LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS
+KMOD +IDN default-hierarchy=hybrid
% machinectl list
MACHINE CLASS SERVICE OS VERSION ADDRESSES
poppy container systemd-nspawn fedora 26 192.168.1.94...
% machinectl show poppy
Name=poppy
Id=59b720b533834a4eafe07a62c2482266
Timestamp=Wed 2017-07-12 22:07:15 CEST
TimestampMonotonic=6928076
Service=systemd-nspawn
Leader=648
Class=container
RootDirectory=/var/lib/machines/poppy
State=running
-----------------------------------------------------------------------------------------------------
Post by arnaud gaboury
After upgrade from Fedora 25 to 26, some services are broken.
Below are some broken service status
vendor preset: disabled)
Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45
CEST; 15h ago
Main PID: 257 (code=exited, status=237/KEYRING)
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
systemd[1]: Starting User Manager for UID 1000...
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
/usr/lib/systemd/systemd: Permission denied
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
systemd[1]: Failed to start User Manager for UID 1000.
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
% systemctl status user.slice
● user.slice - User and Session Slice
Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor
preset: disabled)
Active: active since Wed 2017-07-12 22:07:15 CEST; 15h ago
Docs: man:systemd.special(7)
CGroup: /user.slice
└─user-1000.slice
├─session-c1.scope
│ ├─ 256 login -- poisonivy
│ ├─ 258 -zsh
│ ├─ 356 su
│ ├─ 357 zsh
│ ├─1553 systemctl status user.slice
│ └─1554 less
└─session-c2.scope
├─449 login -- poisonivy
├─450 -zsh
├─494 su
├─495 zsh
└─526 /usr/bin/python3 -O /usr/bin/ranger
Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
systemd[1]: user.slice: Failed to set invocation ID on control group
/user.slice, ignoring: Operation not permitted
% systemctl status opendkim.service
● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled;
vendor preset: disabled)
Drop-In: /etc/systemd/system/opendkim.service.d
└─override.conf
Active: failed (Result: exit-code) since Thu 2017-07-13 11:33:25
CEST; 2h 30min ago
Docs: man:opendkim(8)
man:opendkim.conf(5)
man:opendkim-genkey(8)
man:opendkim-genzone(8)
Jul 13 11:33:25 thetradinghall systemd[1]: Starting DomainKeys
Identified Mail (DKIM) Milter...
Jul 13 11:33:25 thetradinghall systemd[1243]: opendkim.service: Failed
at step KEYRING spawning /usr/sbin/opendkim: Permission denied
*N.B:* I can manually start opendkim as root
I have no ideas why these new issues. The only hint is the following
------------------------------------------------------
# /usr/lib/systemd/systemd --user
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: Permission
denied
Post by arnaud gaboury
Failed to attach 338 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 247 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 249 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 305 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 306 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: Permission
denied
Post by arnaud gaboury
Failed to attach 342 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: No such file
or directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/sys-class.mount: Permission
denied
---------------------------------------------------
# ls -al /sys/fs/cgroup/
total 0
drwxr-xr-x 13 root root 340 Jul 13 22:52 ./
drwxr-xr-x 4 root root 80 Jul 13 22:52 ../
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 blkio/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 cpu,cpuacct/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 cpuset/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 devices/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 freezer/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 memory/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 net_cls,net_prio/
dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 perf_event/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 pids/
drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 systemd/
*
*
# chown root:root /sys/fs/cgroup/blkio
chown: changing ownership of '/sys/fs/cgroup/blkio': Operation not
permitted
Post by arnaud gaboury
*
*
On host
# ls -al $POPPY/sys/
total 0
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 0 Aug 16 2014 ./
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 236 Jul 13 14:21 ../
-----------------------------------------
% myps dbus
dbus 35 1 0 22:52 ? 00:00:00 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
--syslog-only
When on container I have 4 (when only 3 before). The one from vu-poppy
user (container) is new.
% myps dbus
195:dbus 582 1 1 Jul12 ? 00:21:57 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
204:gabx 614 602 0 Jul12 ? 00:00:00 /usr/bin/dbus-daemon
--session --address=systemd: --nofork --nopidfile --systemd-activation
251:gabx 1593 1588 0 Jul12 ? 00:00:00 /usr/bin/dbus-daemon
--config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork
--print-address 3
333:vu-popp+ 16543 16502 0 22:52 ? 00:00:00 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
--syslog-only
-----------------------------------------------------------------------------------------------
Post by arnaud gaboury
I build my kernel with CONFIG_USER_NS=y since a while. I guess it is
this setting which cause the following trouble with UID/GID
From host
total 0
drwxr-xr-x+ 1 vu-poppy-0 systemd-journal 64 Oct 4 2016 ./
drwxr-xr-x 1 vu-poppy-0 vg-poppy-0 1.3K Jul 12 20:20 ../
drwxr-sr-x+ 1 root systemd-journal 7.8K Mar 11 15:25
59b720b533834a4eafe07a62c2482266/
total 0
drwxr-xr-x+ 1 root nobody 64 Oct 4 2016 ./
drwxr-xr-x 1 root root 1.3K Jul 12 20:20 ../
drwxr-sr-x+ 1 nobody nobody 7.8K Mar 11 15:25
59b720b533834a4eafe07a62c2482266/
As you can see, on host, root:root is by default vu-poppy-0 vg-poppy-0
On container, I am left with lots of files/folders owned by nobody.
---------------------------
When looking at the output of systemctl --failed, and verifying status,
postgresql.service: Failed at step KEYRING spawning
/usr/libexec/postgresql-check-db-dir: Permission denied
-----------------------------
When upgrading some package, I have again a permission issue.
# dnf upgrade filesystem
......................
error: unpacking of archive failed on file /proc: cpio: chown
# ls -al /proc/filesystems
.........
-r--r--r-- 1 nobody nobody 0 Jul 13 14:22 /proc/filesystems
.....................
# chown root:root /proc/filesystems
chown: changing ownership of '/proc/filesystems': Operation not permitted
-------------------------------------
Can anyone help me in debugging my system, as it starts to be difficult
to use the container. Thank you
_______________________________________________
systemd-devel mailing list
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Loading...