[systemd-devel] Unable to remove images using machinectl

[Erik Johnson]

I'm getting a similar error to the one described in the following post
from a couple weeks ago:

https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html

I get an "access denied" error when running machinectl remove, even as
root.

For reference, /var/lib/machines is on a btrfs partition and I am
running systemd 219 on an Arch Linux host. I am, however, unexperienced
with btrfs and may have done something wrong. I did not manually create
any subvolumes.

I tried stopping systemd-machined and running it under strace to check
for permission errors as mentioned by Lennart in the reply to the thread
I referenced above. But to my surprise, when I attempted to remove the
container I did not get the same permission error and the container was
successfully removed. So, it occurs to me that the issue might have to
do with the options in the unit file. Below are the contents of the unit
file, with the commented lines at the beginning removed for brevity. Any
insight that can be offered would be appreciated.


[Unit]
Description=Virtual Machine and Container Registration Service
Documentation=man:systemd-machined.service(8)
Documentation=http://www.freedesktop.org/wiki/Software/systemd/machined
Wants=machine.slice
After=machine.slice

[Service]
ExecStart=/usr/lib/systemd/systemd-machined
BusName=org.freedesktop.machine1
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
WatchdogSec=1min
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
ProtectSystem=full
ProtectHome=yes


-- 

Erik Johnson | Senior Engineer

3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043
erik at saltstack.com | http://saltstack.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150302/f55d8fe3/attachment.sig>