[lxc-users] Failed to reset devices.list (etc)

Christian Brauner christian at brauner.io
Sun Sep 9 13:40:04 UTC 2018


On Mon, Sep 10, 2018 at 01:30:42AM +1200, Richard Hector wrote:
> Hi all,
> 
> I have messages like this in the logs on several of my (lxc, not lxd)
> containers:
> 
> systemd[1]: phpsessionclean.service: Failed to reset devices.list:
> Operation not permitted
> 
> systemd[1]: run-user-1000.mount: Failed to reset devices.list: Operation
> not permitted
> 
> systemd[1]: apt-daily.service: Failed to reset devices.list: Operation
> not permitted
> 
> systemd[1]: Failed to reset devices.list on
> /system.slice/systemd-tmpfiles-clean.service: Operation not permitted
> 
> systemd[1]: Failed to reset devices.list on
> /system.slice/apt-daily.service: Operation not permitted
> 
> Host is debian stretch, guests are a mix of debian and ubuntu.
> 
> Searching the web finds various results of various ages; some claim to
> be fixed, others not.
> 
> Some claim it's an issue with unprivileged containers only, but AFAIK
> I'm using privileged containers only (how do I tell?)
> 
> What I can't find is:
> 
> What is devices.list, what specifically (in each case) wants to reset
> it, and why?
> 
> Can and should I stop it, and how?

No need to stop it. systemd will simply gracefully move one but report
an error. The devices.list regulates to what devices a privileged
container can have access to. The container not being able to mess with
it is very mucht wanted for security reasons. There's no way to stop it
from LXC's side. If you really care about this you could probably
disable all services that try to touch it. But it's really not needed.

Christian

> 
> There are some references to setting "PrivateNetwork=false" in the
> service file (for the phpsessionclean one, at least) - but that didn't
> seem to have any effect.
> 
> Any tips?
> 
> Thanks,
> Richard
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180909/b3e9b000/attachment.sig>


More information about the lxc-users mailing list