From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DC8F290C1C for ; Mon, 5 Sep 2022 12:27:53 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CFE091B7F5 for ; Mon, 5 Sep 2022 12:27:53 +0200 (CEST) Received: from mail-yw1-x1135.google.com (mail-yw1-x1135.google.com [IPv6:2607:f8b0:4864:20::1135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Mon, 5 Sep 2022 12:27:52 +0200 (CEST) Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-3452214cec6so24123547b3.1 for ; Mon, 05 Sep 2022 03:27:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date; bh=5zu1SGVHC3h3Z0Ekd/c/se+clAu7WIQmiV4XZUhKSTA=; b=CaSwdhMMVILhwWYqq4TuCkfj3yNV689rTPVyzQEDA9IhxrHa30a/Mq3UR8xt7I3Rf0 tPmXBASzAuyVvc0dTuMwNecdGNepjrPnu9PPHZx5T10ZeuXO7Oa5B9GQlgb1roHI+vDP l8wEvoLupx9WzTUDnWaS4OZNsmMa/21tJyf6b7g+1xUEaKgCqghNFFhh4nNo8zkpr5aQ CEw4MepmWh50x51QNZE+rSJPl549g+U9m+DgSGufMyUBPyHT0vHh++59PIKABtSiCnjp 5/NCrtP5GqIN1S4bs3lO1jCC1KTZZjADq6QAM6NsGtq6OkIcsCBG6hOkWd7IrvxaOJB6 v+qA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date; bh=5zu1SGVHC3h3Z0Ekd/c/se+clAu7WIQmiV4XZUhKSTA=; b=5Sge+Mzw9C4qMeMo93eZN01D75MPFV2cjSI370aCz01igNXK+Xy7o80MtLljeXlgT+ saKxRZPEoX0Y7dW4cUDMij+zKL/m1ptGF9pj44oGVtZxr4/IMr5OF/6zXs7W+R9QPkZh SrwH5a/0Nc0+CeOq8QYBM2zLYT2zPv8ttApOMKqFRuO8Cxiz0tGswjMKMNBnuDnC+5+w NT1SIpeWZ/Mhy4qSHAmvO2nadKiAkGWNV3/bEbcjaoYrr6UgPPuNsauEZugptpreDOoo BEXjOqA9xeBVWJHr5hUqB+0JLKGj5mDBx5E+nhaMuIw9nOYqneQHZW5//WvRLnmp5yxj 24UA== X-Gm-Message-State: ACgBeo1OBElMAqSnOYQkFT8m9FKC+RCM9gRKqq0OyXAmWCyCkIBGDGeG dY2iCfcHLo4/vnGaYZm6R2Jdz8Ivtii5LaHwzA8v1fDhrgZN5w== X-Google-Smtp-Source: AA6agR5i+yAGtwvI6mu6fDQjHx3xyUYDU7Zv2NDLAhCNJdVUh2xsE6AaPrTprWRGE9XIpEVuB0UC6EEJ2+akqM9hhgs= X-Received: by 2002:a0d:f007:0:b0:333:d0d1:96a with SMTP id z7-20020a0df007000000b00333d0d1096amr38767612ywe.350.1662373664544; Mon, 05 Sep 2022 03:27:44 -0700 (PDT) MIME-Version: 1.0 From: Kalpesh Sejpal Date: Mon, 5 Sep 2022 15:57:32 +0530 Message-ID: To: pve-user@lists.proxmox.com X-SPAM-LEVEL: Spam detection results: 0 AWL 0.260 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HTML_MESSAGE 0.001 HTML included in message POISEN_SPAM_PILL_4 0.1 random spam to be learned in bayes RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-Mailman-Approved-At: Mon, 05 Sep 2022 15:13:20 +0200 Subject: [PVE-User] systemd-logind.service X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Sep 2022 10:27:53 -0000 Hi, It's better to enable features Flag nesting=1 for each LXC container with that error. Please, check security conserns before changing it. If you can't do that then another alternative it to mask systemd-logind service. Hopefully it can solve the problem. Regards, kalpesh sejpal On Mon, 5 Sep, 2022, 3:30 pm , wrote: > Send pve-user mailing list submissions to > pve-user@lists.proxmox.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user > or, via email, send a message with subject or body 'help' to > pve-user-request@lists.proxmox.com > > You can reach the person managing the list at > pve-user-owner@lists.proxmox.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of pve-user digest..." > > > Today's Topics: > > 1. systemd-logind.service (Piviul) > 2. systemd-logind.service (Piviul) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 2 Sep 2022 09:23:31 +0200 > From: Piviul > To: Proxmox VE user list > Subject: [PVE-User] systemd-logind.service > Message-ID: <02a31483-11f1-584a-eee1-76d138c57db2@riminilug.it> > Content-Type: text/plain; charset=UTF-8; format=flowed > > On a proxmox 6.4 environment, when a user log on to a specific LXC > container machine named unifi-controller, the logon time is very slow > and on the host logs I find: > > Sep 02 07:15:36 unifi-controller systemd[1978474]: > systemd-logind.service: Failed at step NAMESPACE spawning > /lib/systemd/systemd-logind: Permission denied > Sep 02 07:15:36 unifi-controller systemd[1978474]: > systemd-logind.service: Failed to set up mount namespacing: > /run/systemd/unit-root/proc: Permission denied > > Other LXC doesn't have any problems. Someone can help me to find the issue? > > Best regards > > Piviul > > > > > ------------------------------ > > Message: 2 > Date: Fri, 2 Sep 2022 10:26:17 +0200 > From: Piviul > To: Proxmox VE user list > Subject: [PVE-User] systemd-logind.service > Message-ID: <5f271b1a-1a38-9861-f390-afb80ad29de5@riminilug.it> > Content-Type: text/plain; charset=UTF-8; format=flowed > > I add that on the proxmox node I can find the following logs: > > Sep? 2 10:22:22 pve02 kernel: [6409941.290413] audit: type=1400 > audit(1662106942.591:968): apparmor="DENIED" operation="mount" > info="failed flags match" error=-13 profile="lxc-132_" > name="/run/systemd/unit-root/proc/" pid=3151975 comm="(d-logind)" > fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" > Sep? 2 10:22:22 pve02 kernel: [6409941.341352] audit: type=1400 > audit(1662106942.643:969): apparmor="DENIED" operation="mount" > info="failed flags match" error=-13 profile="lxc-132_" > name="/run/systemd/unit-root/proc/" pid=3151979 comm="(d-logind)" > fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" > Sep? 2 10:22:22 pve02 kernel: [6409941.391871] audit: type=1400 > audit(1662106942.691:970): apparmor="DENIED" operation="mount" > info="failed flags match" error=-13 profile="lxc-132_" > name="/run/systemd/unit-root/proc/" pid=3151983 comm="(d-logind)" > fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" > Sep? 2 10:22:22 pve02 kernel: [6409941.442322] audit: type=1400 > audit(1662106942.743:971): apparmor="DENIED" operation="mount" > info="failed flags match" error=-13 profile="lxc-132_" > name="/run/systemd/unit-root/proc/" pid=3151987 comm="(d-logind)" > fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" > Sep? 2 10:22:22 pve02 kernel: [6409941.466567] audit: type=1400 > audit(1662106942.767:972): apparmor="DENIED" operation="mount" > info="failed flags match" error=-13 profile="lxc-132_" > name="/run/systemd/unit-root/proc/" pid=3151991 comm="(d-logind)" > fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" > > Seems an apparmor problem... furthermore seems that old LXC doesn't > suffer of this problem but if I create a new LXC it does. > > Piviul > > ------------------------------ > > On a proxmox 6.4 environment, when a user log on to a specific LXC > container machine named unifi-controller, the logon time is very slow > and on the host logs I find: > > > Sep 02 07:15:36 unifi-controller systemd[1978474]: > systemd-logind.service: Failed at step NAMESPACE spawning > /lib/systemd/systemd-logind: Permission denied > Sep 02 07:15:36 unifi-controller systemd[1978474]: > systemd-logind.service: Failed to set up mount namespacing: > /run/systemd/unit-root/proc: Permission denied > > Other LXC doesn't have any problems. Someone can help me to find the issue? > > Best regards > Paul > > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________PvEe-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > ------------------------------ > > End ofPvEe-user Digest, Vol 174, Issue 1 > **************************************** > >