[systemd-devel] systemd-tmpfiles-setup.service inside LXC fails

[Lennart Poettering]

On Mi, 10.01.18 13:27, lejeczek (peljasz at yahoo.co.uk) wrote:

> hi everyone
> 
> I guess it fails as below due to container restrictions, I use/run it from
> libvirtd.
> I read on https://libvirt.org/drvlxc.html in "Filesystem mounts":
> "..
> /sys the host "sysfs" instance remounted read-only
> .."
> 
> $ systemctl status -l systemd-tmpfiles-setup.service
> ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
>    Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-setup.service;
> static; vendor preset: disabled)
>    Active: failed (Result: exit-code) since Wed 2018-01-10 13:05:45 UTC;
> 4min 48s ago
>      Docs: man:tmpfiles.d(5)
>            man:systemd-tmpfiles(8)
>   Process: 36 ExecStart=/usr/bin/systemd-tmpfiles --create --remove --boot
> --exclude-prefix=/dev (code=exited, status=1/FAILURE)
>  Main PID: 36 (code=exited, status=1/FAILURE)
> 
> Jan 10 13:05:45 lxc-ipa2-swir.priv.xx.xx.priv.xx.xx.x systemd[1]: Starting
> Create Volatile Files and Directories...
> Jan 10 13:05:45 lxc-ipa2-swir.priv.xx.xx.priv.xx.xx.x systemd-tmpfiles[36]:
> Failed to create file /sys/fs/selinux/checkreqprot: Read-only file system
> Jan 10 13:05:45 lxc-ipa2-swir.priv.xx.xx.priv.xx.xx.x systemd[1]:
> systemd-tmpfiles-setup.service: main process exited, code=exited,
> status=1/FAILURE
> Jan 10 13:05:45 lxc-ipa2-swir.priv.xx.xx.priv.xx.xx.x systemd[1]: Failed to
> start Create Volatile Files and Directories.
> Jan 10 13:05:45 lxc-ipa2-swir.priv.xx.xx.priv.xx.xx.x systemd[1]: Unit
> systemd-tmpfiles-setup.service entered failed state.
> Jan 10 13:05:45 lxc-ipa2-swir.priv.xx.xx.priv.xx.xx.x systemd[1]:
> systemd-tmpfiles-setup.service failed.
> 
> Would you know it can be fixed?

You can issue "ln -s /dev/null /etc/sysctl.d/selinux-policy.conf"
locally, to mask out the selinux tmpfiles.d snippet (which is shipped
in /usr/lib/tmpfiles.d/selinux-policy.conf) which trigger this.

Lennart

-- 
Lennart Poettering, Red Hat