[systemd-devel] machinectl clone -- access denied
Johannes Ernst
johannes.ernst at gmail.com
Mon Jun 22 16:20:32 PDT 2015
I can import-tar, list-images, image-status, start, rename, and remove, but
> sudo machinectl clone depot depot2
Could not clone image: Access denied
Am I doing this wrong?
This is systemd 221-1 on Arch.
$ sudo machinectl list-images
NAME TYPE RO USAGE CREATED MODIFIED
depot subvolume no 888.2M Mon 2015-06-22 23:02:38 UTC n/a
1 images listed.
$ sudo machinectl show-image depot
Name=depot
Path=/var/lib/machines/depot
Type=subvolume
ReadOnly=no
CreationTimestamp=Mon 2015-06-22 23:02:38 UTC
Usage=937963520
Limit=18446744073709551615
UsageExclusive=937963520
LimitExclusive=18446744073709551615
[root at localhost]# strace machinectl clone depot depot2
execve("/usr/bin/machinectl", ["machinectl", "clone", "depot", "depot2"], [/* 19 vars */]) = 0
brk(0) = 0x7f274af00000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=113959, ...}) = 0
mmap(NULL, 113959, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f274a264000
close(3) = 0
open("/usr/lib/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220!\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=31672, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f274a263000
mmap(NULL, 2128856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2749e57000
mprotect(0x7f2749e5e000, 2093056, PROT_NONE) = 0
mmap(0x7f274a05d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f274a05d000
close(3) = 0
open("/usr/lib/liblzma.so.5", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2001\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=154288, ...}) = 0
mmap(NULL, 2249360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2749c31000
mprotect(0x7f2749c56000, 2093056, PROT_NONE) = 0
mmap(0x7f2749e55000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24000) = 0x7f2749e55000
close(3) = 0
open("/usr/lib/liblz4.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300$\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=71968, ...}) = 0
mmap(NULL, 2167144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2749a1f000
mprotect(0x7f2749a30000, 2093056, PROT_NONE) = 0
mmap(0x7f2749c2f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10000) = 0x7f2749c2f000
close(3) = 0
open("/usr/lib/libgcrypt.so.20", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\221\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=919976, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f274a262000
mmap(NULL, 3016352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f274973e000
mprotect(0x7f2749815000, 2097152, PROT_NONE) = 0
mmap(0x7f2749a15000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd7000) = 0x7f2749a15000
close(3) = 0
open("/usr/lib/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320`\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=142832, ...}) = 0
mmap(NULL, 2213040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2749521000
mprotect(0x7f2749539000, 2093056, PROT_NONE) = 0
mmap(0x7f2749738000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f2749738000
mmap(0x7f274973a000, 13488, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f274973a000
close(3) = 0
open("/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\10\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1979984, ...}) = 0
mmap(NULL, 3807760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f274917f000
mprotect(0x7f2749318000, 2093056, PROT_NONE) = 0
mmap(0x7f2749517000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x198000) = 0x7f2749517000
mmap(0x7f274951d000, 14864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f274951d000
close(3) = 0
open("/usr/lib/libgpg-error.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20)\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=76320, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f274a261000
mmap(NULL, 2171480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2748f6c000
mprotect(0x7f2748f7e000, 2093056, PROT_NONE) = 0
mmap(0x7f274917d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x7f274917d000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f274a260000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f274a25e000
arch_prctl(ARCH_SET_FS, 0x7f274a25e780) = 0
mprotect(0x7f2749517000, 16384, PROT_READ) = 0
mprotect(0x7f274917d000, 4096, PROT_READ) = 0
mprotect(0x7f2749738000, 4096, PROT_READ) = 0
mprotect(0x7f2749a15000, 4096, PROT_READ) = 0
mprotect(0x7f2749c2f000, 4096, PROT_READ) = 0
mprotect(0x7f2749e55000, 4096, PROT_READ) = 0
mprotect(0x7f274a05d000, 4096, PROT_READ) = 0
mprotect(0x7f274a2f3000, 16384, PROT_READ) = 0
mprotect(0x7f274a280000, 4096, PROT_READ) = 0
munmap(0x7f274a264000, 113959) = 0
set_tid_address(0x7f274a25ea50) = 976
set_robust_list(0x7f274a25ea60, 24) = 0
rt_sigaction(SIGRTMIN, {0x7f2749526bb0, [], SA_RESTORER|SA_SIGINFO, 0x7f2749531660}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f2749526c40, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f2749531660}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(0) = 0x7f274af00000
brk(0x7f274af21000) = 0x7f274af21000
open("/proc/self/stat", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f274a27f000
read(3, "976 (machinectl) R 974 974 660 3"..., 1024) = 339
close(3) = 0
munmap(0x7f274a27f000, 4096) = 0
open("/sys/fs/kdbus/0-system/bus", O_RDWR|O_NOCTTY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
getsockopt(3, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = 0
getsockopt(3, SOL_SOCKET, SO_SNDBUF, [212992], [4]) = 0
setsockopt(3, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = 0
connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/dbus/system_bus_socket"}, 33) = 0
getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
getsockopt(3, SOL_SOCKET, SO_PEERSEC, 0x7f274af00880, 0x7ffdfc36a480) = -1 ENOPROTOOPT (Protocol not available)
fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
getsockopt(3, SOL_SOCKET, SO_ACCEPTCONN, [0], [4]) = 0
getsockname(3, {sa_family=AF_LOCAL, NULL}, [2]) = 0
geteuid() = 0
sendmsg(3, {msg_name(0)=NULL, msg_iov(3)=[{"\0AUTH EXTERNAL ", 15}, {"30", 2}, {"\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", 28}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 45
gettid() = 976
getrandom("\f~\333\37\261\232\273\3\33d\354D\0\0344\352", 16, GRND_NONBLOCK) = 16
gettid() = 976
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
pipe2([4, 5], 0) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f274a25ea50) = 977
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
close(5) = 0
ppoll([{fd=4, events=POLLHUP}], 1, NULL, NULL, 8) = 1 ([{fd=4, revents=POLLHUP}])
close(4) = 0
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"OK edf9fa9bf59429016a0a143355889"..., 256}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 52
sendmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\1\0\1\0\0\0\0\1\0\0\0m\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 128}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 128
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\2\1\1\n\0\0\0\1\0\0\0=\0\0\0\6\1s\0\5\0\0\0", 24}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{":1.65\0\0\0\5\1u\0\1\0\0\0\10\1g\0\1s\0\0\7\1s\0\24\0\0\0"..., 66}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 66
sendmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"l\1\4\1\34\0\0\0\2\0\0\0\241\0\0\0\1\1o\0\31\0\0\0/org/fre"..., 184}, {"\5\0\0\0depot\0\0\0\6\0\0\0depot2\0\0\0\0\0\0", 28}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 212
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1\n\0\0\0\2\0\0\0\215\0\0\0\1\1o\0\25\0\0\0", 24}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"/org/freedesktop/DBus\0\0\0\2\1s\0\24\0\0\0"..., 146}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 146
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\3\1\1\34\0\0\0%\0\0\0^\0\0\0\5\1u\0\2\0\0\0", 24}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"\6\1s\0\5\0\0\0:1.65\0\0\0\4\1s\0'\0\0\0org.free"..., 116}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 116
writev(2, [{"Could not clone image: Access de"..., 36}, {"\n", 1}], 2Could not clone image: Access denied
) = 37
kill(977, SIGTERM) = 0
kill(977, SIGCONT) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=977, si_uid=0, si_status=SIGTERM, si_utime=0, si_stime=0} ---
waitid(P_PID, 977, {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=977, si_uid=0, si_status=SIGTERM, si_utime=0, si_stime=0}, WEXITED, NULL) = 0
close(3) = 0
exit_group(1) = ?
+++ exited with 1 +++
More information about the systemd-devel
mailing list