Here is my environment: Linux kernel 4.11.3 with usernamespace set to YES % systemctl --version systemd 233 +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN default-hierarchy=hybrid
% machinectl list MACHINE CLASS SERVICE OS VERSION ADDRESSES poppy container systemd-nspawn fedora 26 192.168.1.94... % machinectl show poppy Name=poppy Id=59b720b533834a4eafe07a62c2482266 Timestamp=Wed 2017-07-12 22:07:15 CEST TimestampMonotonic=6928076 Service=systemd-nspawn Unit=systemd-nspawn@poppy.service Leader=648 Class=container RootDirectory=/var/lib/machines/poppy State=running Now first issue: ------------------ On container % systemctl status user@1000.service ● user@1000.service - User Manager for UID 1000 Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset: disabled) Active: failed (Result: protocol) since Wed 2017-07-19 01:59:29 CEST; 9h ago Main PID: 264 (code=exited, status=237/KEYRING) Jul 19 01:59:29 thetradinghall.com systemd[1]: Starting User Manager for UID 1000... Jul 19 01:59:29 thetradinghall.com systemd[264]: user@1000.service: Failed at step KEYRING spawning /usr/lib/systemd/systemd: Permission denied Jul 19 01:59:29 thetradinghall.com systemd[1]: Failed to start User Manager for UID 1000. Jul 19 01:59:29 thetradinghall.com systemd[1]: user@1000.service: Unit entered failed state. Jul 19 01:59:29 thetradinghall.com systemd[1]: user@1000.service: Failed with result 'protocol'. Everything looks OK when running systemd binary out from unit file: % ls -al /usr/lib/systemd/systemd -rwxr-xr-x 1 root root 1.2M Jun 27 23:49 /usr/lib/systemd/systemd* % /usr/lib/systemd/systemd --v systemd 233 +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN default-hierarchy=hybrid Can anyone give me some hints why the unit file screams Permission denied? Second issue: ----------------- on host : $ mkdir ~/share ; $ touch ~/share/toto on container: $ mkdir ~/share ; I start the container with unit file: % cat /etc/systemd/system/systemd-nspawn@.service.d/override.conf [Service] ExecStart= ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-bridge=br0 -U --settings=override --machine=%i --bind-ro=/home/gabx --bind=/home/gabx/share:/home/poisonivy/share Now on container: % ls -al share total 4.0K drwxr-xr-x 2 nobody nobody 4.0K Jul 19 01:59 ./ drwx------ 1 poisonivy poisonivy 786 Jul 19 01:46 ../ -rw-r--r-- 1 nobody nobody 0 Jul 19 01:59 toto Why this nobody ? I can see this behavior a lot on my container. Example: $ ls -al /proc ....................... -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 devices -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 diskstats -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 dma -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 execdomains -r--r--r-- 1 nobody nobody 0 Jul 19 11:47 fb ......................... When looking at these folders from host: # ls -al $POPPY/home/poisonivy/share total 0 drwxrwxr-x 1 vu-poppy-1000 vg-poppy-1000 0 Jul 19 01:46 ./ drwx------ 1 vu-poppy-1000 vg-poppy-1000 786 Jul 19 01:46 ../ Please note that file toto is not seen Same user:group for /proc This comes certainly from my username space being set in Kernel. How can I deal with nobody as I can't change it? poisonivy@thetradinghall ➤➤ ~ % chown poisonivy:poisonivy share chown: changing ownership of 'share': Operation not permitted Thank you for help/hints with these permissions issues. It starts to be difficult to run properly my container.
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel