<div dir="ltr"> <div class="gmail_quote"><div dir="ltr">On Thu, Jul 13, 2017 at 11:58 PM Reindl Harald <<a href="mailto:h.reindl@thelounge.net">h.reindl@thelounge.net</a>> wrote: </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Am 13.07.2017 um 23:40 schrieb arnaud gaboury: > (no HTML crapps) still HTML and no meaningful quoting to distinct your "i respond to myself" answer with your initial post - no idea what you expect by sending a bunch of mails with the same content within a few hours nor why you think it's a good idea to upgrade to F26 a dy after release if the system is important and you have no testing environment </blockquote><div> </div><div>I have been dealing for a while and worked hard on this issue. I don't need your sarcasm neither your advise on going or not Fedora 26. but best a few hints on how to solve my issues. </div><div> </div><div>Your answer is worthless. </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> additionally this is the upstzream mailing list and not the Fedora users-list nur the Fedora bugtracker - here you go: <a href="https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora</a> > OS= Fedora 26 > Linux container managed by machinectl > > % systemctl --version > systemd 233 > +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP > +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS > +KMOD +IDN default-hierarchy=hybrid > > % machinectl list > MACHINE CLASS SERVICE OS VERSION ADDRESSES > poppy container systemd-nspawn fedora 26 192.168.1.94... > > % machinectl show poppy > Name=poppy > Id=59b720b533834a4eafe07a62c2482266 > Timestamp=Wed 2017-07-12 22:07:15 CEST > TimestampMonotonic=6928076 > Service=systemd-nspawn > Unit=systemd-nspawn@poppy.service > Leader=648 > Class=container > RootDirectory=/var/lib/machines/poppy > State=running > > > ----------------------------------------------------------------------------------------------------- > > After upgrade from Fedora 25 to 26, some services are broken. > Below are some broken service status > > > % systemctl status user@1000.service > ● user@1000.service - User Manager for UID 1000 > Loaded: loaded (/usr/lib/systemd/system/user@.service; static; > vendor preset: disabled) > Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45 > CEST; 15h ago > Main PID: 257 (code=exited, status=237/KEYRING) > > Jul 12 22:09:45 <a href="http://thetradinghall.com" rel="noreferrer" target="_blank">thetradinghall.com</a> <<a href="http://thetradinghall.com" rel="noreferrer" target="_blank">http://thetradinghall.com</a>> > systemd[1]: Starting User Manager for UID 1000... > Jul 12 22:09:45 <a href="http://thetradinghall.com" rel="noreferrer" target="_blank">thetradinghall.com</a> <<a href="http://thetradinghall.com" rel="noreferrer" target="_blank">http://thetradinghall.com</a>> > systemd[257]: user@1000.service: Failed at step KEYRING spawning > /usr/lib/systemd/systemd: Permission denied > Jul 12 22:09:45 <a href="http://thetradinghall.com" rel="noreferrer" target="_blank">thetradinghall.com</a> <<a href="http://thetradinghall.com" rel="noreferrer" target="_blank">http://thetradinghall.com</a>> > systemd[1]: Failed to start User Manager for UID 1000. > Jul 12 22:09:45 <a href="http://thetradinghall.com" rel="noreferrer" target="_blank">thetradinghall.com</a> <<a href="http://thetradinghall.com" rel="noreferrer" target="_blank">http://thetradinghall.com</a>> > systemd[1]: user@1000.service: Unit entered failed state. > Jul 12 22:09:45 <a href="http://thetradinghall.com" rel="noreferrer" target="_blank">thetradinghall.com</a> <<a href="http://thetradinghall.com" rel="noreferrer" target="_blank">http://thetradinghall.com</a>> > systemd[1]: user@1000.service: Failed with result 'protocol'. > > > % systemctl status user.slice > ● user.slice - User and Session Slice > Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor > preset: disabled) > Active: active since Wed 2017-07-12 22:07:15 CEST; 15h ago > Docs: man:systemd.special(7) > CGroup: /user.slice > └─user-1000.slice > ├─session-c1.scope > │ ├─ 256 login -- poisonivy > │ ├─ 258 -zsh > │ ├─ 356 su > │ ├─ 357 zsh > │ ├─1553 systemctl status user.slice > │ └─1554 less > └─session-c2.scope > ├─449 login -- poisonivy > ├─450 -zsh > ├─494 su > ├─495 zsh > └─526 /usr/bin/python3 -O /usr/bin/ranger > > Jul 12 22:09:45 <a href="http://thetradinghall.com" rel="noreferrer" target="_blank">thetradinghall.com</a> <<a href="http://thetradinghall.com" rel="noreferrer" target="_blank">http://thetradinghall.com</a>> > systemd[1]: user.slice: Failed to set invocation ID on control group > /user.slice, ignoring: Operation not permitted > > % systemctl status opendkim.service > ● opendkim.service - DomainKeys Identified Mail (DKIM) Milter > Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled; > vendor preset: disabled) > Drop-In: /etc/systemd/system/opendkim.service.d > └─override.conf > Active: failed (Result: exit-code) since Thu 2017-07-13 11:33:25 > CEST; 2h 30min ago > Docs: man:opendkim(8) > man:opendkim.conf(5) > man:opendkim-genkey(8) > man:opendkim-genzone(8) > > > Jul 13 11:33:25 thetradinghall systemd[1]: Starting DomainKeys > Identified Mail (DKIM) Milter... > Jul 13 11:33:25 thetradinghall systemd[1243]: opendkim.service: Failed > at step KEYRING spawning /usr/sbin/opendkim: Permission denied > > *N.B:* I can manually start opendkim as root > > > I have no ideas why these new issues. The only hint is the following > one. Hope below command outputs may help: > > ------------------------------------------------------ > > # /usr/lib/systemd/systemd --user > Failed to create compat systemd cgroup > /user.slice/user-1000.slice/session-c1.scope/init.scope: Permission denied > Failed to attach 338 to compat systemd cgroup > /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or > directory > Failed to attach 247 to compat systemd cgroup > /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or > directory > Failed to attach 249 to compat systemd cgroup > /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or > directory > Failed to attach 305 to compat systemd cgroup > /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or > directory > Failed to attach 306 to compat systemd cgroup > /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or > directory > Failed to create compat systemd cgroup > /user.slice/user-1000.slice/session-c1.scope/dbus.socket: Permission denied > Failed to attach 342 to compat systemd cgroup > /user.slice/user-1000.slice/session-c1.scope/dbus.socket: No such file > or directory > Failed to create compat systemd cgroup > /user.slice/user-1000.slice/session-c1.scope/sys-class.mount: Permission > denied > > --------------------------------------------------- > > # ls -al /sys/fs/cgroup/ > total 0 > drwxr-xr-x 13 root root 340 Jul 13 22:52 ./ > drwxr-xr-x 4 root root 80 Jul 13 22:52 ../ > drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 blkio/ > drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 cpu,cpuacct/ > dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 cpuset/ > drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 devices/ > dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 freezer/ > drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 memory/ > dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 net_cls,net_prio/ > dr-xr-xr-x 2 nobody nobody 0 Jul 12 22:07 perf_event/ > drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 pids/ > drwxr-xr-x 2 nobody nobody 0 Jul 13 22:52 systemd/ > * > * > # chown root:root /sys/fs/cgroup/blkio > chown: changing ownership of '/sys/fs/cgroup/blkio': Operation not permitted > * > * > On host > # ls -al $POPPY/sys/ > total 0 > dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 0 Aug 16 2014 ./ > dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 236 Jul 13 14:21 ../ > > ----------------------------------------- > > On container, one dbus session running: > % myps dbus > dbus 35 1 0 22:52 ? 00:00:00 /usr/bin/dbus-daemon > --system --address=systemd: --nofork --nopidfile --systemd-activation > --syslog-only > > When on container I have 4 (when only 3 before). The one from vu-poppy > user (container) is new. > > % myps dbus > 195:dbus 582 1 1 Jul12 ? 00:21:57 /usr/bin/dbus-daemon > --system --address=systemd: --nofork --nopidfile --systemd-activation > 204:gabx 614 602 0 Jul12 ? 00:00:00 /usr/bin/dbus-daemon > --session --address=systemd: --nofork --nopidfile --systemd-activation > 251:gabx 1593 1588 0 Jul12 ? 00:00:00 /usr/bin/dbus-daemon > --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork > --print-address 3 > 333:vu-popp+ 16543 16502 0 22:52 ? 00:00:00 /usr/bin/dbus-daemon > --system --address=systemd: --nofork --nopidfile --systemd-activation > --syslog-only > ----------------------------------------------------------------------------------------------- > > I build my kernel with CONFIG_USER_NS=y since a while. I guess it is > this setting which cause the following trouble with UID/GID > > From host > root@hortensia ➤➤ ~aur # ls -al $POPPY/var/log/journal > total 0 > drwxr-xr-x+ 1 vu-poppy-0 systemd-journal 64 Oct 4 2016 ./ > drwxr-xr-x 1 vu-poppy-0 vg-poppy-0 1.3K Jul 12 20:20 ../ > drwxr-sr-x+ 1 root systemd-journal 7.8K Mar 11 15:25 > 59b720b533834a4eafe07a62c2482266/ > > From container: > root@thetradinghall ➤➤ dovecot/conf.d # ls -al /var/log/journal > total 0 > drwxr-xr-x+ 1 root nobody 64 Oct 4 2016 ./ > drwxr-xr-x 1 root root 1.3K Jul 12 20:20 ../ > drwxr-sr-x+ 1 nobody nobody 7.8K Mar 11 15:25 > 59b720b533834a4eafe07a62c2482266/ > > As you can see, on host, root:root is by default vu-poppy-0 vg-poppy-0 > On container, I am left with lots of files/folders owned by nobody. > > --------------------------- > When looking at the output of systemctl --failed, and verifying status, > I can observe a commun failure, like the one below: > > postgresql.service: Failed at step KEYRING spawning > /usr/libexec/postgresql-check-db-dir: Permission denied > > ----------------------------- > > When upgrading some package, I have again a permission issue. > > # dnf upgrade filesystem > ...................... > error: unpacking of archive failed on file /proc: cpio: chown > > # ls -al /proc/filesystems > ......... > -r--r--r-- 1 nobody nobody 0 Jul 13 14:22 /proc/filesystems > ..................... > # chown root:root /proc/filesystems > chown: changing ownership of '/proc/filesystems': Operation not permitted > ------------------------------------- > > Can anyone help me in debugging my system, as it starts to be difficult > to use the container. Thank you _______________________________________________ systemd-devel mailing list <a href="mailto:systemd-devel@lists.freedesktop.org" target="_blank">systemd-devel@lists.freedesktop.org</a> <a href="https://lists.freedesktop.org/mailman/listinfo/systemd-devel" rel="noreferrer" target="_blank">https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a> </blockquote></div></div>