On 10.01.2015 17:13, Serge Hallyn wrote: > Quoting Guido Jäkel ([email protected]): >> Hi Dev's, >> >> may anyone please help me to solve this issue? >> >> Guido >> >> On 04.01.2015 20:01, Guido Jäkel wrote on [lxc-user]: >>> My goal here is to set up a Ubuntu Desktop Container ... >>> [...] >>> After a a few tweaks, this already runs very well... >>> [...]> But now I stuck at an issue concerning the GUI versions of software >>> management: The apt commandline tools work, but the GUI program >>> update-manager shows the error message "You are not allowed to perform this >>> action" and fail to work. However, if i start it with 'gksudo >>> update-manager', there is no such message. >>> >>> In the same way, the software-manager or other GUI methods to >>> install/remove software is not working. May anybody please have a hint what >>> might be missing in the container setup or have to be tweaked inside? > > So you have ubuntu desktop running in a unprivileged container? Exactly how > are > you logging in - you have a tty on the host which runs x in the container? > vnc? > x2go? spice?
No, this my own Gentoo home server and the Ubuntu container is started by root.
It have direct access to the video card (because the host just use the console
for emergencies and is managed by ssh), the tty7 and the input dev's (keyboard
and mouse). Please refer to my first posting in lxc-user at 2015-01-04 for some
details.
Actually, this email is written inside the Ubuntu Container.
> I assume there's nothing in syslog or /var/log/audit/audit.log?
There is no /var/log/audit/ inside the container. I've appended the container's
syslog for a startup. The most noticable lines in /var/log/syslog are
Jan 11 10:50:04 celly gnome-session[1333]: WARNING: Could not get
session id for session. Check that logind is properly installed and pam_systemd
is getting used at login.
Jan 11 10:50:06 celly gnome-session[1333]: GLib-CRITICAL:
g_environ_setenv: assertion 'value != NULL' failed
I'm used to maintain Unix servers, but don't have any deeper understanding of
desktop mechanisms. But the keywords "gnome session" and "pam" sounds very
suspicious to me.
> Can you strace update-manager and grep -e "(EPERM|EACCES)" ?
Because of the lists atachement limit, I've send to trace to your private mail.
Slowed down by the strace, before the error alert box I see a message in the
dialog box that it's waiting for authorisation for some time. You meant 'grep
-E ...' for sure, I get
stat("/root/.synaptic/synaptic.conf", 0x7fff5d4b9aa0) = -1 EACCES
(Permission denied)
access("/var/cache/apt/", W_OK) = -1 EACCES (Permission denied)
open("/var/lib/update-manager/meta-release-lts",
O_WRONLY|O_CREAT|O_APPEND|O_CLOEXEC, 0666) = -1 EACCES (Permission denied)
open("/var/lib/dpkg/lock", O_RDWR|O_CREAT|O_NOFOLLOW, 0640) = -1 EACCES
(Permission denied)
access("/var/cache/apt/", W_OK) = -1 EACCES (Permission denied)
open("/var/lib/dpkg/lock", O_RDWR|O_CREAT|O_NOFOLLOW, 0640) = -1 EACCES
(Permission denied)
access("/var/cache/apt/", W_OK) = -1 EACCES (Permission denied)
but also the following looks suspect because the name of the container is
"celly" and the source of cloning is "nelly".
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path=@"/tmp/.X11-unix/X0"}, 20) = 0
getpeername(3, {sa_family=AF_LOCAL, sun_path=@"/tmp/.X11-unix/X0"},
[20]) = 0
-> uname({sys="Linux", node="celly", ...}) = 0
access("/home/gjaekel/.Xauthority", R_OK) = 0
open("/home/gjaekel/.Xauthority", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0600, st_size=250, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f81e051e000
-> read(4, "\1\0\0\5nelly\0\0011\0\22MIT-MAGIC-COOKIE-1"..., 4096) = 250
read(4, "", 4096) = 0
close(4)
Might the problem based on the fact, that i simply just copy to much files? I
take a snapshot of the rootfs from running system "nelly" using 'rsync -au
<src> <dst>' ...
greetings
Guido
syslog.startup.bz2
Description: application/bzip
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
