[lxc-users] Error starting systemd-tmpfiles-setup.service in unprivileged container
Serge E. Hallyn
serge at hallyn.com
Tue Jan 10 17:19:36 UTC 2017
Quoting John (da_audiophile at yahoo.com):
> When I start my unprivileged container, systemd-tmpfiles-setup.service fails to start with the following errors per journalctl:
>
> Jan 09 14:16:20 playtime systemd[1]: systemd-tmpfiles-setup.service: Failed to reset devices.list: Operation not permitted
> Jan 09 14:16:20 playtime systemd[1]: systemd-tmpfiles-setup.service: Failed to set invocation ID on control group /system.slice/systemd-tmpfiles-setup.service, ignoring: Operation not permitted
> Jan 09 14:16:20 playtime systemd[1]: Starting Create Volatile Files and Directories...
> Jan 09 14:16:20 playtime systemd-tmpfiles[18]: Setting default ACL "u::rwx,g::r-x,g:adm:r-x,g:wheel:r-x,g:4294967295:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal failed: Invalid argument
Since this is an unprivileged container, 4294967295 probably is not mapped. So you're
not allowed to add an acl for it.
> Jan 09 14:16:20 playtime systemd-tmpfiles[18]: Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:wheel:r-x,g:4294967295:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal failed: Invalid argument
> Jan 09 14:16:20 playtime systemd-tmpfiles[18]: Setting default ACL "u::rwx,g::r-x,g:adm:r-x,g:wheel:r-x,g:4294967295:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal/838a973609414ab38d2bc4af2756cc27 failed: Invalid argument
> Jan 09 14:16:20 playtime systemd-tmpfiles[18]: Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:wheel:r-x,g:4294967295:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal/838a973609414ab38d2bc4af2756cc27 failed: Invalid argument
> Jan 09 14:16:20 playtime systemd[1]: systemd-tmpfiles-setup.service: Main process exited, code=exited, status=1/FAILURE
> Jan 09 14:16:20 playtime systemd[1]: Failed to start Create Volatile Files and Directories.
> Jan 09 14:16:20 playtime systemd[1]: systemd-tmpfiles-setup.service: Unit entered failed state.
> Jan 09 14:16:20 playtime systemd[1]: systemd-tmpfiles-setup.service: Failed with result 'exit-code'.
>
>
> Can you please review my config below and suggest what I am missing? Thank you!
>
> lxc.rootfs = /var/lib/lxc/playtime/rootfs
> lxc.utsname = playtime
> lxc.arch = x86_64
> lxc.include = /usr/share/lxc/config/archlinux.common.conf
> lxc.rootfs.backend = dir
>
> ## for namespaces
> lxc.include = /usr/share/lxc/config/archlinux.userns.conf
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
>
>
> ## network
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = br0
> lxc.network.name = eth0
> lxc.network.ipv4 = 192.168.1.105/24
> lxc.network.ipv4.gateway = 192.168.1.1
>
>
> ## mounts
> lxc.mount.entry = /dev/net dev/net none bind,create=dir
> lxc.mount.entry = tmpfs tmp tmpfs defaults
> lxc.mount.entry = /dev/dri dev/dri none bind,optional,create=dir
> lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=dir
> lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none bind,optional,create=dir
> lxc.mount.entry = /dev/video0 dev/video0 none bind,optional,create=file
>
> lxc.cgroup.devices.allow = c 10:200 rwm
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list