Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade
On 10/03/2017 05:19 PM, Mike Gilbert wrote: > On Tue, Oct 3, 2017 at 4:01 AM, arnaud gaboury >wrote: >> My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3 >> I can't fully upgrade my container as some files are owned by >> nobody:nobody and can't change to root. An example is filesystems. >> When upgrading, it returns error: < error: unpacking of archive >> failed on file /proc: cpio: chown > $ ls -a /proc: /proc/filesystems >> -r--r--r-- 1 nobody nobody 0 Oct 3 09:53 filesystems # chown >> root:root /proc/filesystems chown: changing ownership of >> '/proc/filesystems': Operation not permitted Same kind of error with >> a few other packages. Can someone please help me to find a solution? >> Thank you > I find it strange that a package upgrade would be trying to install > the /proc directory on a running system. That's a directory that > should only really be touched when performing an initial install; any > other time, /proc will be mounted already and packages should not > touch it. I would report this as a bug to Arch. If it is a bug, it shall be reported on Fedora, which is the OS running in the container, and not Arch which is the host. signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] systemd-nspawn/machinectl with LUKS/LVM
Hi, I'm trying to figure out the right way of using an LUKS-encrypted LV with systemd-nspawn. I've got an LV called "containername" which is LUKS-encrypted, and I start the container using: systemd-nspawn --boot --image=/dev/vg/containername it asks me for the LUKS passphrase, and it seems to work OK on the command line. However, just a few questions: 1) is there any advantage to using a single-partition GPT instead of no partition and a filesystem? 2) machinectl list-images doesn't detect the images in LVs; am I supposed to (auto)mount them in /var/lib/machines/ ? 3) how do I best enable this on boot? "machinectl enable" won't work since it doesn't know which image to use. Is there an example of a systemd unit file for an image-based nspawn container? Thanks, -- M ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade
On Tue, Oct 3, 2017 at 4:01 AM, arnaud gabourywrote: > My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3 > > I can't fully upgrade my container as some files are owned by > nobody:nobody and can't change to root. An example is filesystems. When > upgrading, it returns error: > < error: unpacking of archive failed on file /proc: cpio: chown > > $ ls -a /proc: > /proc/filesystems-r--r--r-- 1 nobody nobody 0 > Oct 3 09:53 filesystems > > # chown root:root /proc/filesystems > chown: changing ownership of '/proc/filesystems': Operation not permitted > > Same kind of error with a few other packages. > > Can someone please help me to find a solution? Thank you I find it strange that a package upgrade would be trying to install the /proc directory on a running system. That's a directory that should only really be touched when performing an initial install; any other time, /proc will be mounted already and packages should not touch it. I would report this as a bug to Arch. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade
On 10/03/2017 04:35 PM, Anthony Joseph Messina wrote: > On Tuesday, October 3, 2017 3:01:25 AM CDT arnaud gaboury wrote: >> My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3 >> I can't fully upgrade my container as some files are owned by >> nobody:nobody and can't change to root. An example is filesystems. >> When upgrading, it returns error: < error: unpacking of archive >> failed on file /proc: cpio: chown > $ ls -a /proc: /proc/filesystems >> -r--r--r-- 1 nobody nobody 0 Oct 3 09:53 filesystems # chown >> root:root /proc/filesystems chown: changing ownership of >> '/proc/filesystems': Operation not permitted Same kind of error with >> a few other packages. Can someone please help me to find a solution? >> Thank you > In my experience, certain packages need to be installed/upgraded from > outside the container to work around this. httpd is another one (if > using user namespacing) since it sets file attributes on /usr/sbin/httpd. httpd is indeed one the few package I can't upgrade. > On a Fedora host (and a Fedora container), I do something like dnf > --releasever=26 --nogpgcheck \ > --installroot=/var/lib/machines/mymachine --disablerepo='*' \ > --enablerepo=fedora --enablerepo=updates upgrade filesystem httpd I'm > think Arch will also have a command to install/update files in the > container from the outside. I will investigate this direction. Thank you for your hints. > > > ___ systemd-devel mailing > list systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel signature.asc Description: OpenPGP digital signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade
On Tuesday, October 3, 2017 3:01:25 AM CDT arnaud gaboury wrote: > My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3 > > I can't fully upgrade my container as some files are owned by > nobody:nobody and can't change to root. An example is filesystems. When > upgrading, it returns error: > < error: unpacking of archive failed on file /proc: cpio: chown > > $ ls -a /proc: > /proc/filesystems-r--r--r-- 1 nobody nobody 0 > Oct 3 09:53 filesystems > > # chown root:root /proc/filesystems > chown: changing ownership of '/proc/filesystems': Operation not permitted > > Same kind of error with a few other packages. > > Can someone please help me to find a solution? Thank you In my experience, certain packages need to be installed/upgraded from outside the container to work around this. httpd is another one (if using user namespacing) since it sets file attributes on /usr/sbin/httpd. On a Fedora host (and a Fedora container), I do something like dnf --releasever=26 --nogpgcheck \ --installroot=/var/lib/machines/mymachine --disablerepo='*' \ --enablerepo=fedora --enablerepo=updates upgrade filesystem httpd I'm think Arch will also have a command to install/update files in the container from the outside. -- Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery F9B6 560E 68EA 037D 8C3D D1C9 FF31 3BDB D9D8 99B6 signature.asc Description: This is a digitally signed message part. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] container /proc/filesystems owned by nobody:can't upgrade
My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3 I can't fully upgrade my container as some files are owned by nobody:nobody and can't change to root. An example is filesystems. When upgrading, it returns error: < error: unpacking of archive failed on file /proc: cpio: chown > $ ls -a /proc: /proc/filesystems -r--r--r-- 1 nobody nobody 0 Oct 3 09:53 filesystems # chown root:root /proc/filesystems chown: changing ownership of '/proc/filesystems': Operation not permitted Same kind of error with a few other packages. Can someone please help me to find a solution? Thank you ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel