[systemd-devel] Systemd weird behavior after upgrade

arnaud gaboury arnaud.gaboury at gmail.com
Thu Jul 13 21:11:08 UTC 2017


On Thu, Jul 13, 2017 at 11:02 PM arnaud gaboury <arnaud.gaboury at gmail.com>
wrote:

> On Thu, Jul 13, 2017 at 2:27 PM arnaud gaboury <arnaud.gaboury at gmail.com>
> wrote:
>
>>
>> OS= Fedora 26
>> Linux container managed by machinectl
>>
>>  % systemctl --version
>> systemd 233
>> +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
>> +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>> default-hierarchy=hybrid
>>
>> % machinectl list
>> MACHINE CLASS     SERVICE        OS     VERSION ADDRESSES
>> poppy   container systemd-nspawn fedora 26      192.168.1.94...
>>
>> % machinectl show poppy
>> Name=poppy
>> Id=59b720b533834a4eafe07a62c2482266
>> Timestamp=Wed 2017-07-12 22:07:15 CEST
>> TimestampMonotonic=6928076
>> Service=systemd-nspawn
>> Unit=systemd-nspawn at poppy.service
>> Leader=648
>> Class=container
>> RootDirectory=/var/lib/machines/poppy
>> State=running
>>
>>
>>
>> -----------------------------------------------------------------------------------------------------
>>
>> After upgrade from Fedora 25 to 26, some services are broken.
>> Below are some broken service status
>>
>>
>> % systemctl status user at 1000.service
>>user at 1000.service - User Manager for UID 1000
>>    Loaded: loaded (/usr/lib/systemd/system/user at .service; static; vendor
>> preset: disabled)
>>    Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45 CEST;
>> 15h ago
>>  Main PID: 257 (code=exited, status=237/KEYRING)
>>
>> Jul 12 22:09:45 thetradinghall.com systemd[1]: Starting User Manager for
>> UID 1000...
>> Jul 12 22:09:45 thetradinghall.com systemd[257]: user at 1000.service:
>> Failed at step KEYRING spawning /usr/lib/systemd/systemd: Permission denied
>> Jul 12 22:09:45 thetradinghall.com systemd[1]: Failed to start User
>> Manager for UID 1000.
>> Jul 12 22:09:45 thetradinghall.com systemd[1]: user at 1000.service: Unit
>> entered failed state.
>> Jul 12 22:09:45 thetradinghall.com systemd[1]: user at 1000.service: Failed
>> with result 'protocol'.
>>
>> *EDIT 1 *On container
>
> # /usr/lib/systemd/systemd --user
> Failed to create compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: Permission denied
> Failed to attach 338 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to attach 247 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to attach 249 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to attach 305 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to attach 306 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to create compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/dbus.socket: Permission denied
> Failed to attach 342 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/dbus.socket: No such file or
> directory
> Failed to create compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/sys-class.mount: Permission
> denied
> .........................................
>
> *EDIT 2 *on container

# ls -al /sys/fs/cgroup/
total 0
drwxr-xr-x 13 root   root   340 Jul 13 22:52 ./
drwxr-xr-x  4 root   root    80 Jul 13 22:52 ../
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 blkio/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 cpu,cpuacct/
dr-xr-xr-x  2 nobody nobody   0 Jul 12 22:07 cpuset/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 devices/
dr-xr-xr-x  2 nobody nobody   0 Jul 12 22:07 freezer/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 memory/
dr-xr-xr-x  2 nobody nobody   0 Jul 12 22:07 net_cls,net_prio/
dr-xr-xr-x  2 nobody nobody   0 Jul 12 22:07 perf_event/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 pids/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 systemd/

# chown root:root /sys/fs/cgroup/blkio
chown: changing ownership of '/sys/fs/cgroup/blkio': Operation not permitted

It seems again this nobody:nobody is causing troubles

On host
# ls -al $POPPY/sys/
total 0
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0   0 Aug 16  2014 ./
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 236 Jul 13 14:21 ../


THT
>
>>
>> %  systemctl status user.slice
>> ● user.slice - User and Session Slice
>>    Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor
>> preset: disabled)
>>    Active: active since Wed 2017-07-12 22:07:15 CEST; 15h ago
>>      Docs: man:systemd.special(7)
>>    CGroup: /user.slice
>>            └─user-1000.slice
>>              ├─session-c1.scope
>>              │ ├─ 256 login -- poisonivy
>>              │ ├─ 258 -zsh
>>              │ ├─ 356 su
>>              │ ├─ 357 zsh
>>              │ ├─1553 systemctl status user.slice
>>              │ └─1554 less
>>              └─session-c2.scope
>>                ├─449 login -- poisonivy
>>                ├─450 -zsh
>>                ├─494 su
>>                ├─495 zsh
>>                └─526 /usr/bin/python3 -O /usr/bin/ranger
>>
>> Jul 12 22:09:45 thetradinghall.com systemd[1]: user.slice: Failed to set
>> invocation ID on control group /user.slice, ignoring: Operation not
>> permitted
>>
>> % systemctl status opendkim.service
>> ● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
>>    Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled;
>> vendor preset: disabled)
>>   Drop-In: /etc/systemd/system/opendkim.service.d
>>            └─override.conf
>>    Active: failed (Result: exit-code) since Thu 2017-07-13 11:33:25 CEST;
>> 2h 30min ago
>>      Docs: man:opendkim(8)
>>            man:opendkim.conf(5)
>>            man:opendkim-genkey(8)
>>            man:opendkim-genzone(8)
>>            man:opendkim-testadsp(8)
>>            man:opendkim-testkey
>>            http://www.opendkim.org/docs.html
>>
>> Jul 13 11:33:25 thetradinghall.com systemd[1]: Starting DomainKeys
>> Identified Mail (DKIM) Milter...
>> Jul 13 11:33:25 thetradinghall.com systemd[1243]: opendkim.service:
>> Failed at step KEYRING spawning /usr/sbin/opendkim: Permission denied
>>
>> *N.B:* I can manually start opendkim as root
>> ------------------------------------------------------
>>
>> I have no ideas why these new issues. The only hint is the following one.
>>
>> I build my kernel with CONFIG_USER_NS=y since a while. I guess it is this
>> setting which cause the following trouble with UID/GID
>>
>> From host
>> root at hortensia ➤➤ ~aur # ls -al $POPPY/var/log/journal
>> total 0
>> drwxr-xr-x+ 1 vu-poppy-0 systemd-journal   64 Oct  4  2016 ./
>> drwxr-xr-x  1 vu-poppy-0 vg-poppy-0      1.3K Jul 12 20:20 ../
>> drwxr-sr-x+ 1 root       systemd-journal 7.8K Mar 11 15:25
>> 59b720b533834a4eafe07a62c2482266/
>>
>> From container:
>> root at thetradinghall ➤➤ dovecot/conf.d # ls -al /var/log/journal
>> total 0
>> drwxr-xr-x+ 1 root   nobody   64 Oct  4  2016 ./
>> drwxr-xr-x  1 root   root   1.3K Jul 12 20:20 ../
>> drwxr-sr-x+ 1 nobody nobody 7.8K Mar 11 15:25
>> 59b720b533834a4eafe07a62c2482266/
>>
>> As you can see, on host, root:root is by default vu-poppy-0 vg-poppy-0
>> On container, I am left with lots of files/folders owned by nobody.
>>
>> ---------------------------
>> When looking at the output of systemctl --failed, and verifying status, I
>> can observe a commun failure, like the one below:
>>
>>  postgresql.service: Failed at step KEYRING spawning
>> /usr/libexec/postgresql-check-db-dir: Permission denied
>>
>> -----------------------------
>>
>> When upgrading some package, I have again a permission issue.
>>
>> # dnf upgrade filesystem
>> ......................
>> error: unpacking of archive failed on file /proc: cpio: chown
>>
>> # ls -al /proc/filesystems
>> .........
>> -r--r--r-- 1 nobody nobody 0 Jul 13 14:22 /proc/filesystems
>> .....................
>>  # chown root:root /proc/filesystems
>> chown: changing ownership of '/proc/filesystems': Operation not permitted
>> -------------------------------------
>>
>> Can anyone help me in debugging my system, as it starts to be difficult
>> to use the container. Thank you
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20170713/7c4e2ef7/attachment.html>


More information about the systemd-devel mailing list