I've just installed a Fedora 39 system and joined it to my IPA domain.
I've found that when an IPA user connects with SSH, they can't launch
podman rootless containers, nor can they create scope units.
Local users are unaffected, hence I thought I'd post here in the hope
that someone else can reproduce the error and/or can suggest additional
troubleshooting steps.
Here's what systemd logs when I try run 'systemd-run --user --scope echo
hello':
Nov 15 08:52:15 systemd[6789]: run-r340eeb2a10484700937e131eaa242301.scope:
Couldn't move process 127204 to requested cgroup
'/user.slice/user-1673000001.slice/user@1673000001.service/app.slice/run-r340eeb2a10484700937e131eaa242301.scope'
(directly or via the system bus): Input/output error
Nov 15 08:52:15 systemd[6789]: run-r340eeb2a10484700937e131eaa242301.scope:
Failed to add PIDs to scope's control group: Permission denied
Nov 15 08:52:15 systemd[6789]: run-r340eeb2a10484700937e131eaa242301.scope:
Failed with result 'resources'.
Nov 15 08:52:15 systemd[6789]: Failed to start
run-r340eeb2a10484700937e131eaa242301.scope - /usr/bin/echo hello.
Full details are at
<https://bugzilla.redhat.com/show_bug.cgi?id=2249514>.
--
Sam Morris <https://robots.org.uk/>
PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
