On Fri, 05.12.14 16:58, Peter Lemenkov ([email protected]) wrote: > Ok, now I've got something. Here is a a diff between good (1st, > commandline) and bad (2nd, systemd service) sessions: > > * https://gist.github.com/lemenkov/ee70c42baedcb9b43189#file-sessions-diff > > More specifically I found these pieces interesting: > > * > https://gist.github.com/lemenkov/ee70c42baedcb9b43189#file-sessions-diff-L253-L258 > > Notice "open("/dev/urandom", O_RDONLY|O_NOCTTY|O_CLOEXEC) = -1 EACCES > (Permission denied)" when started as systemd service: > > * > https://gist.github.com/lemenkov/ee70c42baedcb9b43189#file-sessions-diff-L699-L700 > > Notice "unlink("/run/systemd/journal/dev-log") = -1 EACCES > (Permission denied)" followed by "bind(7, {sa_family=AF_LOCAL, > sun_path="/run/systemd/journal/dev-log"}, 30) = -1 EADDRINUSE (Address > already in use)". > > Looks like systemd-nspawn either doesn't mounts (bind mounts) a > necessary devices or doesn't create them properly.
Hmm, do you have SELinux enabled and in enforcing mode? nspawn mounts a tmpfs to /run, very early on, before invoking the first binary, it should definitely be writable. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
