[systemd-devel] Problem in understanding container permissions

Kai Bojens kb at kbojens.de
Wed Jul 3 10:24:04 UTC 2019 

Ubuntu 18.04, HWE kernel 4.18.0-25-generic, systemd 237-3ubuntu10.23

I have created a nspawn container with a minimal Ubuntu and booted the container
without any problems. There were no problems and I used the default settings.
Now I see some strange permission errors which I can't explain:

 Inside the container:

root at container:/var/log# ls -alt
total 356
-rw-r--r--  1 root   root    203203 Jul  3 09:17 dpkg.log
drwxr-xr-x  1 root   root        60 Jul  3 09:17 apt
-rw-r--r--  1 root   root      9046 Jul  2 15:04 alternatives.log
-rw-------  1 root   root      6784 Jul  2 15:04 tallylog
-rw-r--r--  1 root   root      3392 Jul  2 15:04 faillog
-rw-r-----  1 nobody nogroup  40658 Jul  2 10:14 syslog
-rw-rw-r--  1 nobody nogroup  16128 Jul  2 10:14 wtmp
-rw-r-----  1 nobody nogroup   6234 Jul  2 10:14 auth.log
-rw-rw-r--  1 nobody nogroup  30660 Jul  2 10:06 lastlog
-rw-rw----  1 nobody nogroup    384 Jul  1 14:02 btmp
drwxrwxr-x  1 nobody nogroup    182 Jul  1 14:02 .
drwxr-sr-x+ 1 nobody nogroup     64 Jul  1 14:02 journal
-rw-r--r--  1 root   root     60952 Jul  1 13:59 bootstrap.log
drwxr-xr-x  1 root   root        90 Jul  1 13:56 ..
root at container:/var/log# whoami
root
root at container:/var/log# tail syslog
tail: cannot open 'syslog' for reading: Permission denied


 Outside the container:

root at container:/var/lib/machines/xy-test/var/log# ls -alt
total 356
-rw-r--r--  1 198180864       198180864 203203 Jul  3 09:17 dpkg.log
drwxr-xr-x  1 198180864       198180864     60 Jul  3 09:17 apt
-rw-r--r--  1 198180864       198180864   9046 Jul  2 15:04 alternatives.log
-rw-------  1 198180864       198180864   6784 Jul  2 15:04 tallylog
-rw-r--r--  1 198180864       198180864   3392 Jul  2 15:04 faillog
-rw-r-----  1 syslog    adm              40658 Jul  2 10:14 syslog
-rw-rw-r--  1 root      utmp             16128 Jul  2 10:14 wtmp
-rw-r-----  1 syslog    adm               6234 Jul  2 10:14 auth.log
-rw-rw-r--  1 root      utmp             30660 Jul  2 10:06 lastlog
-rw-rw----  1 root      utmp               384 Jul  1 14:02 btmp
drwxrwxr-x  1 root      syslog             182 Jul  1 14:02 .
drwxr-sr-x+ 1 root      systemd-journal     64 Jul  1 14:02 journal
-rw-r--r--  1 198180864       198180864  60952 Jul  1 13:59 bootstrap.log
drwxr-xr-x  1 198180864       198180864     90 Jul  1 13:56 ..

I have not touched any of these files from outside of the container. Is there
anything obvious I have failed to see? Why would the ownership of these file
change?

More information about the systemd-devel mailing list