[systemd-devel] Mount error when running systemd-nspawn with --private-network
Lennart Poettering
mzerqung at 0pointer.de
Mon Jun 25 11:05:40 UTC 2018
On Sa, 23.06.18 14:42, Nikolaus Rath (Nikolaus at rath.org) wrote:
> Hello,
>
> When running systemd-nspawn with --private-network, I am getting mount
> errors:
>
> # systemd-nspawn -M iofabric --as-pid2 --private-users=1379532800:65536 --register=no --private-network
> Spawning container iofabric on /var/lib/machines/iofabric.raw.
> Press ^] three times within 1s to kill container.
> Selected user namespace base 1379532800 and range 65536.
> Failed to mount n/a on /tmp/nspawn-root-2Ar2iL/sys/fs/selinux (MS_BIND ""): No such file or directory
> Failed to mount n/a on /tmp/nspawn-root-2Ar2iL/sys/fs/selinux (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND ""): Invalid argument
>
> This is on a (host) system with SELinux disabled.
>
> What do these errors mean?
Hmm, this suggests nspawn tries to mount selinuxfs into the container
even though the kernel doesn't actually support that. This is weird...
What#s the systemd version in use here?
Which distro is this? Is selinux compiled out of the kernel or just
disabled during runtime?
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list