Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade

2017-10-03 Thread arnaud gaboury 
On 10/03/2017 05:19 PM, Mike Gilbert wrote:
> On Tue, Oct 3, 2017 at 4:01 AM, arnaud gaboury
>  wrote:
>> My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3
>> I can't fully upgrade my container as some files are owned by
>> nobody:nobody and can't change to root. An example is filesystems.
>> When upgrading, it returns error: < error: unpacking of archive
>> failed on file /proc: cpio: chown > $ ls -a /proc: /proc/filesystems
>> -r--r--r-- 1 nobody nobody 0 Oct 3 09:53 filesystems # chown
>> root:root /proc/filesystems chown: changing ownership of
>> '/proc/filesystems': Operation not permitted Same kind of error with
>> a few other packages. Can someone please help me to find a solution?
>> Thank you
> I find it strange that a package upgrade would be trying to install
> the /proc directory on a running system. That's a directory that
> should only really be touched when performing an initial install; any
> other time, /proc will be mounted already and packages should not
> touch it. I would report this as a bug to Arch.
If it is a bug, it shall be reported on Fedora, which is the OS running
in the container, and not Arch which is the host.



signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd-nspawn/machinectl with LUKS/LVM

2017-10-03 Thread bugs-systemd 
Hi,

I'm trying to figure out the right way of using an LUKS-encrypted LV
with systemd-nspawn.

I've got an LV called "containername" which is LUKS-encrypted, and I
start the container using:

systemd-nspawn --boot --image=/dev/vg/containername

it asks me for the LUKS passphrase, and it seems to work OK on the
command line.

However, just a few questions:

1) is there any advantage to using a single-partition GPT instead of no
partition and a filesystem?

2) machinectl list-images doesn't detect the images in LVs; am I
supposed to (auto)mount them in /var/lib/machines/ ?

3) how do I best enable this on boot? "machinectl enable" won't work
since it doesn't know which image to use. Is there an example of a
systemd unit file for an image-based nspawn container?

Thanks,

-- M

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade

2017-10-03 Thread Mike Gilbert 
On Tue, Oct 3, 2017 at 4:01 AM, arnaud gaboury  wrote:
> My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3
>
> I can't fully upgrade my container as some files are owned by
> nobody:nobody and can't change to root. An example is filesystems. When
> upgrading, it returns error:
> < error: unpacking of archive failed on file /proc: cpio: chown >
> $ ls -a /proc:
> /proc/filesystems-r--r--r--   1 nobody  nobody 0
> Oct  3 09:53 filesystems
>
> # chown root:root /proc/filesystems
> chown: changing ownership of '/proc/filesystems': Operation not permitted
>
> Same kind of error with a few other packages.
>
> Can someone please help me to find a solution? Thank you

I find it strange that a package upgrade would be trying to install
the /proc directory on a running system. That's a directory that
should only really be touched when performing an initial install; any
other time, /proc will be mounted already and packages should not
touch it.

I would report this as a bug to Arch.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade

2017-10-03 Thread arnaud gaboury 
On 10/03/2017 04:35 PM, Anthony Joseph Messina wrote:
> On Tuesday, October 3, 2017 3:01:25 AM CDT arnaud gaboury wrote:
>> My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3
>> I can't fully upgrade my container as some files are owned by
>> nobody:nobody and can't change to root. An example is filesystems.
>> When upgrading, it returns error: < error: unpacking of archive
>> failed on file /proc: cpio: chown > $ ls -a /proc: /proc/filesystems
>> -r--r--r-- 1 nobody nobody 0 Oct 3 09:53 filesystems # chown
>> root:root /proc/filesystems chown: changing ownership of
>> '/proc/filesystems': Operation not permitted Same kind of error with
>> a few other packages. Can someone please help me to find a solution?
>> Thank you
> In my experience, certain packages need to be installed/upgraded from
> outside the container to work around this. httpd is another one (if
> using user namespacing) since it sets file attributes on /usr/sbin/httpd.
httpd is indeed one the few package I can't upgrade.
> On a Fedora host (and a Fedora container), I do something like dnf
> --releasever=26 --nogpgcheck \
> --installroot=/var/lib/machines/mymachine --disablerepo='*' \
> --enablerepo=fedora --enablerepo=updates upgrade filesystem httpd I'm
> think Arch will also have a command to install/update files in the
> container from the outside.

I will investigate this direction.
Thank you for your hints.
>
>
> ___ systemd-devel mailing
> list systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel


signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade

2017-10-03 Thread Anthony Joseph Messina 
On Tuesday, October 3, 2017 3:01:25 AM CDT arnaud gaboury wrote:
> My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3
> 
> I can't fully upgrade my container as some files are owned by
> nobody:nobody and can't change to root. An example is filesystems. When
> upgrading, it returns error:
> < error: unpacking of archive failed on file /proc: cpio: chown >
> $ ls -a /proc:
> /proc/filesystems-r--r--r--   1 nobody  nobody 0
> Oct  3 09:53 filesystems
> 
> # chown root:root /proc/filesystems
> chown: changing ownership of '/proc/filesystems': Operation not permitted
> 
> Same kind of error with a few other packages.
> 
> Can someone please help me to find a solution? Thank you

In my experience, certain packages need to be installed/upgraded from outside 
the container to work around this. httpd is another one (if using user 
namespacing) since it sets file attributes on /usr/sbin/httpd.

On a Fedora host (and a Fedora container), I do something like

dnf --releasever=26 --nogpgcheck \
 --installroot=/var/lib/machines/mymachine --disablerepo='*' \
 --enablerepo=fedora --enablerepo=updates upgrade filesystem httpd

I'm think Arch will also have a command to install/update files in the 
container from the outside.

-- 
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
F9B6 560E 68EA 037D 8C3D  D1C9 FF31 3BDB D9D8 99B6


signature.asc
Description: This is a digitally signed message part.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] container /proc/filesystems owned by nobody:can't upgrade

2017-10-03 Thread arnaud gaboury 
My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3

I can't fully upgrade my container as some files are owned by
nobody:nobody and can't change to root. An example is filesystems. When
upgrading, it returns error:
< error: unpacking of archive failed on file /proc: cpio: chown >
$ ls -a /proc:
/proc/filesystems    -r--r--r--   1 nobody  nobody 0
Oct  3 09:53 filesystems

# chown root:root /proc/filesystems
chown: changing ownership of '/proc/filesystems': Operation not permitted

Same kind of error with a few other packages.

Can someone please help me to find a solution? Thank you



___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel