[systemd-devel] Permission/updating problems; different behaviour of two identical nspawn containers

[Lennart Poettering]

On Mi, 30.08.17 17:24, Olaf the Lost Viking (olaf.the.lost.viking at gmail.com) wrote:

> Hi ML,
> 
> 
> currently I am seeing differences between two, what I consider identical, 
> nspawn-containers which prevents me to update one of them. (Lots of) details 
> are at the end of the mail.
> 
> I set up two (hopefully) identical debian containers in nspawn for a single 
> service (DNS) on a debian host. Today's "apt upgrade" now throws permissions 
> problem on _one_ of the containers (ns4 fails, all others still work - ns3 
> should be identical but some service data):

Most likely something went wrong with the userns UID mapping... Not
sure what though...

> As you could see the few lines above, the groups in ns4 aren't correct for 
> certain files/directories. But correcting them in the guest as well as the 
> host fails:
> 
>   root at ns4:/var/cache/apt/archives# ls -l
>   total 0
>   -rw-r----- 1 root root       0 Apr 28 22:04 lock
>   drwx------ 1 _apt nogroup 5000 Aug 30 17:01 partial
>   root at ns4:/var/cache/apt/archives# chgrp root partial/
>   chgrp: changing group of 'partial/': Operation not permitted
>   root at ns4:/var/cache/apt/archives#
> 
>   root at HOST:/var/lib/machines/ns4/var/cache/apt/archives# ls -l
>   total 0
>   -rw-r----- 1 vu-ns4-0   vg-ns4-0    0 Apr 28 22:04 lock
>   drwx------ 1 vu-ns4-104 root     5000 Aug 30 17:01 partial
>   root at HOST:/var/lib/machines/ns4/var/cache/apt/archives# chgrp vg-ns4-0 
> _ partial/
>   root at HOST:/var/lib/machines/ns4/var/cache/apt/archives# ls -l
>   total 0
>   -rw-r----- 1 vu-ns4-0   vg-ns4-0    0 Apr 28 22:04 lock
>   drwx------ 1 vu-ns4-104 root     5000 Aug 30 17:01 partial
>   root at HOST:/var/lib/machines/ns4/var/cache/apt/archives#

Are you suggesting that doing this on the host has no effect at all?
That's seriously strange...

When you ran this, was the container running?

Lennart

-- 
Lennart Poettering, Red Hat