Mount error when running systemd-nspawn with --private-network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sa, 23.06.18 14:42, Nikolaus Rath (Nikolaus at rath.org) wrote:

> Hello,
> 
> When running systemd-nspawn with --private-network, I am getting mount
> errors:
> 
> # systemd-nspawn -M iofabric --as-pid2 --private-users=1379532800:65536 --register=no --private-network
> Spawning container iofabric on /var/lib/machines/iofabric.raw.
> Press ^] three times within 1s to kill container.
> Selected user namespace base 1379532800 and range 65536.
> Failed to mount n/a on /tmp/nspawn-root-2Ar2iL/sys/fs/selinux (MS_BIND ""): No such file or directory
> Failed to mount n/a on /tmp/nspawn-root-2Ar2iL/sys/fs/selinux (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND ""): Invalid argument
> 
> This is on a (host) system with SELinux disabled.
> 
> What do these errors mean?

Hmm, this suggests nspawn tries to mount selinuxfs into the container
even though the kernel doesn't actually support that. This is weird...

What#s the systemd version in use here?

Which distro is this? Is selinux compiled out of the kernel or just
disabled during runtime?

Lennart

-- 
Lennart Poettering, Red Hat
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux