Re: [systemd-devel] Unable to remove images using machinectl
Excerpts from Lennart Poettering's message of 2015-03-03 11:40:54 +0100: On Tue, 03.03.15 07:11, Peter Paule (systemd-de...@fedux.org) wrote: Excerpts from Erik Johnson's message of 2015-03-02 14:10:06 -0700: Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: @Erik Did you use the aur package or did you compile systemd and install it using make? Do you have experience rolling back to the normal package provided by arch? To fix the bus policy it is sufficient to copy that one file in. The policy XML file is not processed any further it's installed as is into the system. I'm just asking because I thought about installing systemd on my arch, but as it is my machine which I use very frequently I don't want to crash it. :-) @Lennart Is is difficult to get rid of a systemd package installed from git? Well if you built systemd with ./autogen.sh c make -j6 sudo make install then you should be able to simply install the original package from your distro again and it should replace everything again. Thanks :-) ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
On Tue, 03.03.15 14:22, Erik Johnson (e...@saltstack.com) wrote: On Mon, Mar 02, 2015 at 11:01:44PM +0100, Lennart Poettering wrote: On Mon, 02.03.15 14:10, Erik Johnson (e...@saltstack.com) wrote: On Mon, Mar 02, 2015 at 07:51:35PM +0100, Lennart Poettering wrote: On Mon, 02.03.15 11:06, Erik Johnson (e...@saltstack.com) wrote: I'm getting a similar error to the one described in the following post from a couple weeks ago: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html I get an access denied error when running machinectl remove, even as root. This was a bug in the dbus policy. It should be fixed with this commit: http://cgit.freedesktop.org/systemd/systemd/commit/src/machine/org.freedesktop.machine1.conf?id=72c3897f77a7352618ea76b880a6764f52d6327b Lennart -- Lennart Poettering, Red Hat Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: Could not remove image: Activation of org.freedesktop.machine1 timed out dbus is not a service that cannot be restarted during normal operation. This is a well-known limitation of dbus. Reloading configuration should be sufficient. You probably need to reboot now to get back to a working system... Lennart -- Lennart Poettering, Red Hat OK. After rebooting, it's still not working. Were the necessary changes limited to that one commit? Oh, umm, so there are actually more changes necessary: machined lacked the right caps to execute the deletion ioctl. Changing the CapabilityBoundingSet= line in systemd-machined to this should make this work: CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
On Mon, Mar 02, 2015 at 11:01:44PM +0100, Lennart Poettering wrote: On Mon, 02.03.15 14:10, Erik Johnson (e...@saltstack.com) wrote: On Mon, Mar 02, 2015 at 07:51:35PM +0100, Lennart Poettering wrote: On Mon, 02.03.15 11:06, Erik Johnson (e...@saltstack.com) wrote: I'm getting a similar error to the one described in the following post from a couple weeks ago: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html I get an access denied error when running machinectl remove, even as root. This was a bug in the dbus policy. It should be fixed with this commit: http://cgit.freedesktop.org/systemd/systemd/commit/src/machine/org.freedesktop.machine1.conf?id=72c3897f77a7352618ea76b880a6764f52d6327b Lennart -- Lennart Poettering, Red Hat Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: Could not remove image: Activation of org.freedesktop.machine1 timed out dbus is not a service that cannot be restarted during normal operation. This is a well-known limitation of dbus. Reloading configuration should be sufficient. You probably need to reboot now to get back to a working system... Lennart -- Lennart Poettering, Red Hat OK. After rebooting, it's still not working. Were the necessary changes limited to that one commit? I'm demoing nspawn at SaltConf tomorrow (http://eventmobi.com/saltconf15/agenda/94463/505550), and if necessary I can just run machined in the foreground. Continuing to troubleshoot this isn't really that necessary. -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgpaDsThEmc0j.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
On Tue, 03.03.15 07:11, Peter Paule (systemd-de...@fedux.org) wrote: Excerpts from Erik Johnson's message of 2015-03-02 14:10:06 -0700: Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: @Erik Did you use the aur package or did you compile systemd and install it using make? Do you have experience rolling back to the normal package provided by arch? To fix the bus policy it is sufficient to copy that one file in. The policy XML file is not processed any further it's installed as is into the system. I'm just asking because I thought about installing systemd on my arch, but as it is my machine which I use very frequently I don't want to crash it. :-) @Lennart Is is difficult to get rid of a systemd package installed from git? Well if you built systemd with ./autogen.sh c make -j6 sudo make install then you should be able to simply install the original package from your distro again and it should replace everything again. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
On Mon, 02.03.15 14:10, Erik Johnson (e...@saltstack.com) wrote: On Mon, Mar 02, 2015 at 07:51:35PM +0100, Lennart Poettering wrote: On Mon, 02.03.15 11:06, Erik Johnson (e...@saltstack.com) wrote: I'm getting a similar error to the one described in the following post from a couple weeks ago: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html I get an access denied error when running machinectl remove, even as root. This was a bug in the dbus policy. It should be fixed with this commit: http://cgit.freedesktop.org/systemd/systemd/commit/src/machine/org.freedesktop.machine1.conf?id=72c3897f77a7352618ea76b880a6764f52d6327b Lennart -- Lennart Poettering, Red Hat Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: Could not remove image: Activation of org.freedesktop.machine1 timed out dbus is not a service that cannot be restarted during normal operation. This is a well-known limitation of dbus. Reloading configuration should be sufficient. You probably need to reboot now to get back to a working system... Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
On Mon, Mar 02, 2015 at 07:51:35PM +0100, Lennart Poettering wrote: On Mon, 02.03.15 11:06, Erik Johnson (e...@saltstack.com) wrote: I'm getting a similar error to the one described in the following post from a couple weeks ago: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html I get an access denied error when running machinectl remove, even as root. This was a bug in the dbus policy. It should be fixed with this commit: http://cgit.freedesktop.org/systemd/systemd/commit/src/machine/org.freedesktop.machine1.conf?id=72c3897f77a7352618ea76b880a6764f52d6327b Lennart -- Lennart Poettering, Red Hat Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: Could not remove image: Activation of org.freedesktop.machine1 timed out -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgpw42om1BjH5.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
Excerpts from Erik Johnson's message of 2015-03-02 14:10:06 -0700: Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: @Erik Did you use the aur package or did you compile systemd and install it using make? Do you have experience rolling back to the normal package provided by arch? I'm just asking because I thought about installing systemd on my arch, but as it is my machine which I use very frequently I don't want to crash it. :-) @Lennart Is is difficult to get rid of a systemd package installed from git? ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
On Tue, Mar 03, 2015 at 07:11:18AM +0100, Peter Paule wrote: Excerpts from Erik Johnson's message of 2015-03-02 14:10:06 -0700: Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: @Erik Did you use the aur package or did you compile systemd and install it using make? Do you have experience rolling back to the normal package provided by arch? I'm just asking because I thought about installing systemd on my arch, but as it is my machine which I use very frequently I don't want to crash it. :-) The patch was to the dbus policy, it did not require a recompile. You can always boot to an Arch snapshot ISO, mount your partitions under /mnt, and do an arch-chroot /mnt, then install a previous systemd from /var/cache/pacman/pkg. @Lennart Is is difficult to get rid of a systemd package installed from git? -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgpssCM2ZTpWb.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
On Mon, 02.03.15 11:06, Erik Johnson (e...@saltstack.com) wrote: I'm getting a similar error to the one described in the following post from a couple weeks ago: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html I get an access denied error when running machinectl remove, even as root. This was a bug in the dbus policy. It should be fixed with this commit: http://cgit.freedesktop.org/systemd/systemd/commit/src/machine/org.freedesktop.machine1.conf?id=72c3897f77a7352618ea76b880a6764f52d6327b Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Unable to remove images using machinectl
I'm getting a similar error to the one described in the following post from a couple weeks ago: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html I get an access denied error when running machinectl remove, even as root. For reference, /var/lib/machines is on a btrfs partition and I am running systemd 219 on an Arch Linux host. I am, however, unexperienced with btrfs and may have done something wrong. I did not manually create any subvolumes. I tried stopping systemd-machined and running it under strace to check for permission errors as mentioned by Lennart in the reply to the thread I referenced above. But to my surprise, when I attempted to remove the container I did not get the same permission error and the container was successfully removed. So, it occurs to me that the issue might have to do with the options in the unit file. Below are the contents of the unit file, with the commented lines at the beginning removed for brevity. Any insight that can be offered would be appreciated. [Unit] Description=Virtual Machine and Container Registration Service Documentation=man:systemd-machined.service(8) Documentation=http://www.freedesktop.org/wiki/Software/systemd/machined Wants=machine.slice After=machine.slice [Service] ExecStart=/usr/lib/systemd/systemd-machined BusName=org.freedesktop.machine1 CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH WatchdogSec=1min PrivateTmp=yes PrivateDevices=yes PrivateNetwork=yes ProtectSystem=full ProtectHome=yes -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgp0FuM9AKBoY.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
