[systemd-devel] systemd-nspawn at .service is unusable
Lennart Poettering
lennart at poettering.net
Fri Dec 5 05:25:16 PST 2014
On Fri, 05.12.14 16:58, Peter Lemenkov (lemenkov at gmail.com) wrote:
> Ok, now I've got something. Here is a a diff between good (1st,
> commandline) and bad (2nd, systemd service) sessions:
>
> * https://gist.github.com/lemenkov/ee70c42baedcb9b43189#file-sessions-diff
>
> More specifically I found these pieces interesting:
>
> * https://gist.github.com/lemenkov/ee70c42baedcb9b43189#file-sessions-diff-L253-L258
>
> Notice "open("/dev/urandom", O_RDONLY|O_NOCTTY|O_CLOEXEC) = -1 EACCES
> (Permission denied)" when started as systemd service:
>
> * https://gist.github.com/lemenkov/ee70c42baedcb9b43189#file-sessions-diff-L699-L700
>
> Notice "unlink("/run/systemd/journal/dev-log") = -1 EACCES
> (Permission denied)" followed by "bind(7, {sa_family=AF_LOCAL,
> sun_path="/run/systemd/journal/dev-log"}, 30) = -1 EADDRINUSE (Address
> already in use)".
>
> Looks like systemd-nspawn either doesn't mounts (bind mounts) a
> necessary devices or doesn't create them properly.
Hmm, do you have SELinux enabled and in enforcing mode?
nspawn mounts a tmpfs to /run, very early on, before invoking the
first binary, it should definitely be writable.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list