* [PVE-User] systemd-logind.service
@ 2022-09-05 10:27 Kalpesh Sejpal
2022-09-08 9:58 ` Piviul
0 siblings, 1 reply; 5+ messages in thread
From: Kalpesh Sejpal @ 2022-09-05 10:27 UTC (permalink / raw)
To: pve-user
Hi,
It's better to enable features Flag nesting=1 for each LXC container with
that error.
Please, check security conserns before changing it.
If you can't do that then another alternative it to mask systemd-logind
service.
Hopefully it can solve the problem.
Regards,
kalpesh sejpal
On Mon, 5 Sep, 2022, 3:30 pm , <pve-user-request@lists.proxmox.com> wrote:
> Send pve-user mailing list submissions to
> pve-user@lists.proxmox.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> or, via email, send a message with subject or body 'help' to
> pve-user-request@lists.proxmox.com
>
> You can reach the person managing the list at
> pve-user-owner@lists.proxmox.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of pve-user digest..."
>
>
> Today's Topics:
>
> 1. systemd-logind.service (Piviul)
> 2. systemd-logind.service (Piviul)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 2 Sep 2022 09:23:31 +0200
> From: Piviul <piviul@riminilug.it>
> To: Proxmox VE user list <pve-user@lists.proxmox.com>
> Subject: [PVE-User] systemd-logind.service
> Message-ID: <02a31483-11f1-584a-eee1-76d138c57db2@riminilug.it>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> On a proxmox 6.4 environment, when a user log on to a specific LXC
> container machine named unifi-controller, the logon time is very slow
> and on the host logs I find:
>
> Sep 02 07:15:36 unifi-controller systemd[1978474]:
> systemd-logind.service: Failed at step NAMESPACE spawning
> /lib/systemd/systemd-logind: Permission denied
> Sep 02 07:15:36 unifi-controller systemd[1978474]:
> systemd-logind.service: Failed to set up mount namespacing:
> /run/systemd/unit-root/proc: Permission denied
>
> Other LXC doesn't have any problems. Someone can help me to find the issue?
>
> Best regards
>
> Piviul
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 2 Sep 2022 10:26:17 +0200
> From: Piviul <piviul@riminilug.it>
> To: Proxmox VE user list <pve-user@lists.proxmox.com>
> Subject: [PVE-User] systemd-logind.service
> Message-ID: <5f271b1a-1a38-9861-f390-afb80ad29de5@riminilug.it>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> I add that on the proxmox node I can find the following logs:
>
> Sep? 2 10:22:22 pve02 kernel: [6409941.290413] audit: type=1400
> audit(1662106942.591:968): apparmor="DENIED" operation="mount"
> info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
> name="/run/systemd/unit-root/proc/" pid=3151975 comm="(d-logind)"
> fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
> Sep? 2 10:22:22 pve02 kernel: [6409941.341352] audit: type=1400
> audit(1662106942.643:969): apparmor="DENIED" operation="mount"
> info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
> name="/run/systemd/unit-root/proc/" pid=3151979 comm="(d-logind)"
> fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
> Sep? 2 10:22:22 pve02 kernel: [6409941.391871] audit: type=1400
> audit(1662106942.691:970): apparmor="DENIED" operation="mount"
> info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
> name="/run/systemd/unit-root/proc/" pid=3151983 comm="(d-logind)"
> fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
> Sep? 2 10:22:22 pve02 kernel: [6409941.442322] audit: type=1400
> audit(1662106942.743:971): apparmor="DENIED" operation="mount"
> info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
> name="/run/systemd/unit-root/proc/" pid=3151987 comm="(d-logind)"
> fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
> Sep? 2 10:22:22 pve02 kernel: [6409941.466567] audit: type=1400
> audit(1662106942.767:972): apparmor="DENIED" operation="mount"
> info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
> name="/run/systemd/unit-root/proc/" pid=3151991 comm="(d-logind)"
> fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
>
> Seems an apparmor problem... furthermore seems that old LXC doesn't
> suffer of this problem but if I create a new LXC it does.
>
> Piviul
>
> ------------------------------
>
> On a proxmox 6.4 environment, when a user log on to a specific LXC
> container machine named unifi-controller, the logon time is very slow
> and on the host logs I find:
>
>
> Sep 02 07:15:36 unifi-controller systemd[1978474]:
> systemd-logind.service: Failed at step NAMESPACE spawning
> /lib/systemd/systemd-logind: Permission denied
> Sep 02 07:15:36 unifi-controller systemd[1978474]:
> systemd-logind.service: Failed to set up mount namespacing:
> /run/systemd/unit-root/proc: Permission denied
>
> Other LXC doesn't have any problems. Someone can help me to find the issue?
>
> Best regards
> Paul
>
>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________PvEe-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
>
> ------------------------------
>
> End ofPvEe-user Digest, Vol 174, Issue 1
> ****************************************
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PVE-User] systemd-logind.service
2022-09-05 10:27 [PVE-User] systemd-logind.service Kalpesh Sejpal
@ 2022-09-08 9:58 ` Piviul
0 siblings, 0 replies; 5+ messages in thread
From: Piviul @ 2022-09-08 9:58 UTC (permalink / raw)
To: pve-user
On 05/09/22 12:27, Kalpesh Sejpal wrote:
> Hi,
>
> It's better to enable features Flag nesting=1 for each LXC container with
> that error.
>
> Please, check security conserns before changing it.
>
> If you can't do that then another alternative it to mask systemd-logind
> service.
Hi Kalpesh, thank you very much. In effect both solution seems to work.
There are security risk to set nesting flag on unprivileged container?
Piviul
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PVE-User] systemd-logind.service
[not found] ` <mailman.49.1662383601.354.pve-user@lists.proxmox.com>
@ 2022-09-07 4:33 ` Piviul
0 siblings, 0 replies; 5+ messages in thread
From: Piviul @ 2022-09-07 4:33 UTC (permalink / raw)
To: pve-user
Il 05/09/22 10:26, Arjen via pve-user ha scritto:
> Maybe this forum thread and this specific post (by the Proxmox staff) can help:
> https://forum.proxmox.com/threads/lxc-container-upgrade-to-bullseye-slow-login-and-apparmor-errors.93064/#post-409018
>
> kind regards, Arjen
Thank you very much Arjen, systemctl mask systemd-logind solve the problem.
Thank you very much indeed!
Best regards
Piviul
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PVE-User] systemd-logind.service
@ 2022-09-02 8:26 Piviul
0 siblings, 0 replies; 5+ messages in thread
From: Piviul @ 2022-09-02 8:26 UTC (permalink / raw)
To: Proxmox VE user list
I add that on the proxmox node I can find the following logs:
Sep 2 10:22:22 pve02 kernel: [6409941.290413] audit: type=1400
audit(1662106942.591:968): apparmor="DENIED" operation="mount"
info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
name="/run/systemd/unit-root/proc/" pid=3151975 comm="(d-logind)"
fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
Sep 2 10:22:22 pve02 kernel: [6409941.341352] audit: type=1400
audit(1662106942.643:969): apparmor="DENIED" operation="mount"
info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
name="/run/systemd/unit-root/proc/" pid=3151979 comm="(d-logind)"
fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
Sep 2 10:22:22 pve02 kernel: [6409941.391871] audit: type=1400
audit(1662106942.691:970): apparmor="DENIED" operation="mount"
info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
name="/run/systemd/unit-root/proc/" pid=3151983 comm="(d-logind)"
fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
Sep 2 10:22:22 pve02 kernel: [6409941.442322] audit: type=1400
audit(1662106942.743:971): apparmor="DENIED" operation="mount"
info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
name="/run/systemd/unit-root/proc/" pid=3151987 comm="(d-logind)"
fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
Sep 2 10:22:22 pve02 kernel: [6409941.466567] audit: type=1400
audit(1662106942.767:972): apparmor="DENIED" operation="mount"
info="failed flags match" error=-13 profile="lxc-132_</var/lib/lxc>"
name="/run/systemd/unit-root/proc/" pid=3151991 comm="(d-logind)"
fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec"
Seems an apparmor problem... furthermore seems that old LXC doesn't
suffer of this problem but if I create a new LXC it does.
Piviul
------------------------------
On a proxmox 6.4 environment, when a user log on to a specific LXC
container machine named unifi-controller, the logon time is very slow
and on the host logs I find:
Sep 02 07:15:36 unifi-controller systemd[1978474]:
systemd-logind.service: Failed at step NAMESPACE spawning
/lib/systemd/systemd-logind: Permission denied
Sep 02 07:15:36 unifi-controller systemd[1978474]:
systemd-logind.service: Failed to set up mount namespacing:
/run/systemd/unit-root/proc: Permission denied
Other LXC doesn't have any problems. Someone can help me to find the issue?
Best regards
Piviul
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PVE-User] systemd-logind.service
@ 2022-09-02 7:23 Piviul
[not found] ` <mailman.49.1662383601.354.pve-user@lists.proxmox.com>
0 siblings, 1 reply; 5+ messages in thread
From: Piviul @ 2022-09-02 7:23 UTC (permalink / raw)
To: Proxmox VE user list
On a proxmox 6.4 environment, when a user log on to a specific LXC
container machine named unifi-controller, the logon time is very slow
and on the host logs I find:
Sep 02 07:15:36 unifi-controller systemd[1978474]:
systemd-logind.service: Failed at step NAMESPACE spawning
/lib/systemd/systemd-logind: Permission denied
Sep 02 07:15:36 unifi-controller systemd[1978474]:
systemd-logind.service: Failed to set up mount namespacing:
/run/systemd/unit-root/proc: Permission denied
Other LXC doesn't have any problems. Someone can help me to find the issue?
Best regards
Piviul
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-09-08 10:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-05 10:27 [PVE-User] systemd-logind.service Kalpesh Sejpal
2022-09-08 9:58 ` Piviul
-- strict thread matches above, loose matches on Subject: below --
2022-09-02 8:26 Piviul
2022-09-02 7:23 Piviul
[not found] ` <mailman.49.1662383601.354.pve-user@lists.proxmox.com>
2022-09-07 4:33 ` Piviul
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.