3.0 - unprivileged containers failed message (un)explained


#1

host Linux server 4.15.0-22-generic #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64 GNU/Linux

There are various failed messages observed when starting unprivileged containers and I am having a bit of trouble to comprehend those (whether they are just minor noise or having a major impact) and subsequent whether necessary to rectify.

container Unbuntu Bionic amd64

systemd 237 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to Ubuntu 18.04 LTS!

Set hostname to .
Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Failed to install release agent, ignoring: No such file or directory
File /lib/systemd/system/systemd-journald.service:36 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)
user.slice: Failed to reset devices.list: Operation not permitted
[UNSUPP] Starting of dev-getty.device not supported.
[DEPEND] Dependency failed for Serial Getty on getty.
serial-getty@getty.service: Job serial-getty@getty.service/start failed with result ‘dependency’.
system.slice: Failed to reset devices.list: Operation not permitted
system-container\x2dgetty.slice: Failed to reset devices.list: Operation not permitted
keyboard-setup.service: Failed to reset devices.list: Operation not permitted
systemd-modules-load.service: Failed to reset devices.list: Operation not permitted
system-serial\x2dgetty.slice: Failed to reset devices.list: Operation not permitted
systemd-tmpfiles-setup-dev.service: Failed to reset devices.list: Operation not permitted
systemd-journald.service: Failed to reset devices.list: Operation not permitted
sys-fs-fuse-connections.mount: Failed to reset devices.list: Operation not permitted
sys-kernel-config.mount: Failed to reset devices.list: Operation not permitted
systemd-sysctl.service: Failed to reset devices.list: Operation not permitted
sys-kernel-config.mount: Mount process exited, code=exited status=32
sys-kernel-config.mount: Failed with result ‘exit-code’.
[FAILED] Failed to mount Kernel Configuration File System.
See ‘systemctl status sys-kernel-config.mount’ for details.
[FAILED] Failed to start Hostname Service.


container Debian Stretch amd64

systemd 232 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to Debian GNU/Linux 9 (stretch)!

Set hostname to .
Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Failed to install release agent, ignoring: No such file or directory
system.slice: Failed to reset devices.list: Operation not permitted
system.slice: Failed to set invocation ID on control group /system.slice, ignoring: Operation not permitted
system-container\x2dgetty.slice: Failed to reset devices.list: Operation not permitted
system-container\x2dgetty.slice: Failed to set invocation ID on control group /system.slice/system-container\x2dgetty.slice, ignoring: Operation not permitted
systemd-remount-fs.service: Failed to reset devices.list: Operation not permitted
systemd-remount-fs.service: Failed to set invocation ID on control group /system.slice/systemd-remount-fs.service, ignoring: Operation not permitted
systemd-modules-load.service: Failed to reset devices.list: Operation not permitted
systemd-modules-load.service: Failed to set invocation ID on control group /system.slice/systemd-modules-load.service, ignoring: Operation not permitted
systemd-journald-audit.socket: Failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
systemd-journald-audit.socket: Unit entered failed state.
systemd-journald.service: Failed to reset devices.list: Operation not permitted
systemd-journald.service: Failed to set invocation ID on control group /system.slice/systemd-journald.service, ignoring: Operation not permitted
system-getty.slice: Failed to reset devices.list: Operation not permitted
system-getty.slice: Failed to set invocation ID on control group /system.slice/system-getty.slice, ignoring: Operation not permitted
sys-kernel-debug.mount: Failed to check directory /sys/kernel/debug: Permission denied
sys-kernel-debug.mount: Failed to reset devices.list: Operation not permitted
sys-kernel-debug.mount: Failed to set invocation ID on control group /system.slice/sys-kernel-debug.mount, ignoring: Operation not permitted
user.slice: Failed to reset devices.list: Operation not permitted
user.slice: Failed to set invocation ID on control group /user.slice, ignoring: Operation not permitted
dev-mqueue.mount: Failed to reset devices.list: Operation not permitted
dev-mqueue.mount: Failed to set invocation ID on control group /system.slice/dev-mqueue.mount, ignoring: Operation not permitted
systemd-tmpfiles-setup-dev.service: Failed to reset devices.list: Operation not permitted
systemd-tmpfiles-setup-dev.service: Failed to set invocation ID on control group /system.slice/systemd-tmpfiles-setup-dev.service, ignoring: Operation not permitted
proc-sys-net.mount: Failed to reset devices.list: Operation not permitted
dev-tty3.mount: Failed to reset devices.list: Operation not permitted
dev-tty1.mount: Failed to reset devices.list: Operation not permitted
sys-devices-virtual-net.mount: Failed to reset devices.list: Operation not permitted
proc-cpuinfo.mount: Failed to reset devices.list: Operation not permitted
proc-diskstats.mount: Failed to reset devices.list: Operation not permitted
dev-random.mount: Failed to reset devices.list: Operation not permitted
dev-zero.mount: Failed to reset devices.list: Operation not permitted
dev-null.mount: Failed to reset devices.list: Operation not permitted
dev-ptmx.mount: Failed to reset devices.list: Operation not permitted
dev-tty.mount: Failed to reset devices.list: Operation not permitted
proc-uptime.mount: Failed to reset devices.list: Operation not permitted
-.mount: Failed to reset devices.list: Operation not permitted
proc-swaps.mount: Failed to reset devices.list: Operation not permitted
proc-meminfo.mount: Failed to reset devices.list: Operation not permitted
proc-stat.mount: Failed to reset devices.list: Operation not permitted
dev-tty2.mount: Failed to reset devices.list: Operation not permitted
dev-urandom.mount: Failed to reset devices.list: Operation not permitted
dev-full.mount: Failed to reset devices.list: Operation not permitted
proc-sysrq\x2dtrigger.mount: Failed to reset devices.list: Operation not permitted
dev-tty4.mount: Failed to reset devices.list: Operation not permitted
sys-fs-fuse-connections.mount: Failed to reset devices.list: Operation not permitted
init.scope: Failed to reset devices.list: Operation not permitted
[FAILED] Failed to mount Debug File System.
[FAILED] Failed to mount Configuration File System.


container Centos 7 amd64

ssystemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to CentOS Linux 7 (Core)!

Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Failed to install release agent, ignoring: No such file or directory
MESSAGE=Failed to check directory /sys/kernel/debug: Permission denied
[FAILED] Failed to mount Debug File System.
[FAILED] Failed to mount Huge Pages File System.
[FAILED] Failed to start Remount Root and Kernel File Systems.
[FAILED] Failed to mount Configuration File System.


container Archlinux Current amd64

systemd 238 running in system mode. (+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN +PCRE2 default-hierarchy=hybrid)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to Arch Linux!

Set hostname to .
Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Failed to install release agent, ignoring: No such file or directory
File /usr/lib/systemd/system/systemd-journald.service:35 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
Failed to create listening socket: Operation not permitted
systemd-journald-audit.socket: Failed to listen on sockets: Operation not permitted
systemd-journald-audit.socket: Failed with result ‘resources’.
[FAILED] Failed to listen on Journal Audit Socket.
sys-kernel-debug.mount: Failed to check directory /sys/kernel/debug: Permission denied
system.slice: Failed to reset devices.list: Operation not permitted
sys-kernel-debug.mount: Failed to reset devices.list: Operation not permitted
systemd-remount-fs.service: Failed to reset devices.list: Operation not permitted
tmp.mount: Failed to reset devices.list: Operation not permitted
system-container\x2dgetty.slice: Failed to reset devices.list: Operation not permitted
systemd-journald.service: Failed to reset devices.list: Operation not permitted
system-getty.slice: Failed to reset devices.list: Operation not permitted
systemd-sysctl.service: Failed to reset devices.list: Operation not permitted
sys-kernel-config.mount: Failed to reset devices.list: Operation not permitted
user.slice: Failed to reset devices.list: Operation not permitted
dev-mqueue.mount: Failed to reset devices.list: Operation not permitted
lvm2-monitor.service: Failed to reset devices.list: Operation not permitted
sys-kernel-debug.mount: Mount process exited, code=exited status=32
sys-kernel-debug.mount: Failed with result ‘exit-code’.
[FAILED] Failed to mount Kernel Debug File System.
sys-kernel-config.mount: Mount process exited, code=exited status=32
sys-kernel-config.mount: Failed with result ‘exit-code’.
[FAILED] Failed to mount Kernel Configuration File System.
systemd-tmpfiles-setup-dev.service: Failed to reset devices.list: Operation not permitted
[FAILED] Failed to start Network Service.
[FAILED] Failed to start Network Name Resolution.


3.0 - network service failing on archlinux unprivileged container
(Christian Brauner) #2

They are all nothing to worry about as they are simply caused by kernel restrictions for the most part. However, some of them are simply caused by coding without user namespaces in mind and could be circumvented. I rectified a bunch of them in systemd over time and depending on what version you’re running they might disappear or not. Some of these operations will likely never be possible or at least further in the future.


(skies) #3

am running unprivileged container in OpenSuse i get the following error message on container boot up -F
Failed to mount Huge Pages File System See 'systemctl status dev-hugepages.mount' for details.
is this something safely can be ignored? what impacts it can have on the performance?