[Sorry for not answering to Lennart's answer directly - it somehow got lost so I have to copy/paste it from the archive.]
>> I set up two (hopefully) identical debian containers in nspawn for a single >> service (DNS) on a debian host. Today's "apt upgrade" now throws >> permissions problem on _one_ of the containers (ns4 fails, all others still >> work - ns3 should be identical but some service data): > Most likely something went wrong with the userns UID mapping... Not > sure what though... >> As you could see the few lines above, the groups in ns4 aren't correct for >> certain files/directories. But correcting them in the guest as well as the >> host fails: > Are you suggesting that doing this on the host has no effect at all? > That's seriously strange... Yes, that's the case - at least for the group ownership. And yes, I agree it's strange ;-) > When you ran this, was the container running? Yes, it is running: root@HOST:/var/lib/machines/ns4/var/cache/apt/archives# ls -l total 0 -rw-r----- 1 vu-ns4-0 vg-ns4-0 0 Apr 28 22:04 lock drwx------ 1 vu-ns4-104 root 5000 Aug 30 17:01 partial root@HOST:/var/lib/machines/ns4/var/cache/apt/archives# chgrp vg-ns4-0 _ partial root@HOST:/var/lib/machines/ns4/var/cache/apt/archives# echo $? 0 root@HOST:/var/lib/machines/ns4/var/cache/apt/archives# ls -l total 0 -rw-r----- 1 vu-ns4-0 vg-ns4-0 0 Apr 28 22:04 lock drwx------ 1 vu-ns4-104 root 5000 Aug 30 17:01 partial root@HOST:/var/lib/machines/ns4/var/cache/apt/archives# machinectl list MACHINE CLASS SERVICE OS VERSION ADDRESSES ns3 container systemd-nspawn debian 9 10.225.32.1... ns4 container systemd-nspawn debian 9 10.225.64.1... nsrec2 container systemd-nspawn debian 9 10.225.1.1... 3 machines listed. root@HOST:/var/lib/machines/ns4/var/cache/apt/archives# Thanks for having a look! _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel