From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 6FC5B907B6 for ; Fri, 2 Sep 2022 11:03:48 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6DA662DD08 for ; Fri, 2 Sep 2022 11:03:48 +0200 (CEST) Received: from 2.mo583.mail-out.ovh.net (2.mo583.mail-out.ovh.net [178.33.109.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 2 Sep 2022 11:03:47 +0200 (CEST) Received: from player168.ha.ovh.net (unknown [10.109.156.142]) by mo583.mail-out.ovh.net (Postfix) with ESMTP id 188FB25264 for ; Fri, 2 Sep 2022 08:26:18 +0000 (UTC) Received: from riminilug.it (unknown [82.134.223.122]) (Authenticated sender: piviul@riminilug.it) by player168.ha.ovh.net (Postfix) with ESMTPSA id A0B072E19EC7D for ; Fri, 2 Sep 2022 08:26:18 +0000 (UTC) Authentication-Results: garm.ovh; auth=pass (GARM-98R002c2807881-285b-447d-9c12-4dc9ab21cd73, 1E519A3335214AAC8D526EF215567458DADA6C3E) smtp.auth=piviul@riminilug.it X-OVh-ClientIp: 82.134.223.122 Message-ID: <5f271b1a-1a38-9861-f390-afb80ad29de5@riminilug.it> Date: Fri, 2 Sep 2022 10:26:17 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.1.2 From: Piviul To: Proxmox VE user list Content-Language: it Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Ovh-Tracer-Id: 13702764816527755681 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvfedrvdeltddgtdehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkfffgggfhffuvfgtgfesthekredttdefjeenucfhrhhomheprfhivhhiuhhluceophhivhhiuhhlsehrihhmihhnihhluhhgrdhitheqnecuggftrfgrthhtvghrnhepfedugfejuedtkeeljedvhedtieevgeelhedtheelhffgffettdefiefggfetveetnecukfhppedtrddtrddtrddtpdekvddrudefgedrvddvfedruddvvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhhtpdhhvghlohepphhlrgihvghrudeikedrhhgrrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpehpihhvihhulhesrhhimhhinhhilhhughdrihhtpdhnsggprhgtphhtthhopedupdhrtghpthhtohepphhvvgdquhhsvghrsehlihhsthhsrdhprhhogihmohigrdgtohhmpdfovfetjfhoshhtpehmohehkeef X-SPAM-LEVEL: Spam detection results: 0 AWL -0.002 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust RCVD_IN_MSPIKE_H3 0.001 Good reputation (+3) RCVD_IN_MSPIKE_WL 0.001 Mailspike good senders SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - X-Mailman-Approved-At: Mon, 05 Sep 2022 10:21:00 +0200 Subject: [PVE-User] systemd-logind.service X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2022 09:03:48 -0000 I add that on the proxmox node I can find the following logs: Sep  2 10:22:22 pve02 kernel: [6409941.290413] audit: type=1400 audit(1662106942.591:968): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-132_" name="/run/systemd/unit-root/proc/" pid=3151975 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" Sep  2 10:22:22 pve02 kernel: [6409941.341352] audit: type=1400 audit(1662106942.643:969): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-132_" name="/run/systemd/unit-root/proc/" pid=3151979 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" Sep  2 10:22:22 pve02 kernel: [6409941.391871] audit: type=1400 audit(1662106942.691:970): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-132_" name="/run/systemd/unit-root/proc/" pid=3151983 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" Sep  2 10:22:22 pve02 kernel: [6409941.442322] audit: type=1400 audit(1662106942.743:971): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-132_" name="/run/systemd/unit-root/proc/" pid=3151987 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" Sep  2 10:22:22 pve02 kernel: [6409941.466567] audit: type=1400 audit(1662106942.767:972): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-132_" name="/run/systemd/unit-root/proc/" pid=3151991 comm="(d-logind)" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" Seems an apparmor problem... furthermore seems that old LXC doesn't suffer of this problem but if I create a new LXC it does. Piviul ------------------------------ On a proxmox 6.4 environment, when a user log on to a specific LXC container machine named unifi-controller, the logon time is very slow and on the host logs I find: Sep 02 07:15:36 unifi-controller systemd[1978474]: systemd-logind.service: Failed at step NAMESPACE spawning /lib/systemd/systemd-logind: Permission denied Sep 02 07:15:36 unifi-controller systemd[1978474]: systemd-logind.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied Other LXC doesn't have any problems. Someone can help me to find the issue? Best regards Piviul