Seems my centos 7.5 lxd guest container LEMP install has alot of operation not permitted
errors i.e. mariadb service not starting ?
uname -a
Linux centos75 4.15.0-22-generic #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
lxc exec centos75 -- systemctl --version
systemd 234
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN default-hierarchy=hybrid
lxc exec centos75 -- systemctl list-units --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● sys-kernel-config.mount loaded failed failed Kernel Configuration File System
● haveged.service loaded failed failed Entropy Daemon based on the HAVEGE algorithm
● mariadb.service loaded failed failed MariaDB 10.1.33 database server
● rngd.service loaded failed failed Hardware RNG Entropy Gatherer Daemon
● systemd-remount-fs.service loaded failed failed Remount Root and Kernel File Systems
● user@0.service loaded failed failed User Manager for UID 0
● systemd-journald-audit.socket loaded failed failed Journal Audit Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
7 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
Jun 05 08:16:39 centos75 systemd[1]: mariadb.service: Failed to reset devices.list: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: Failed to set devices.allow on /system.slice/mariadb.service: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: Failed to set devices.allow on /system.slice/mariadb.service: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: Failed to set devices.allow on /system.slice/mariadb.service: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: Failed to set devices.allow on /system.slice/mariadb.service: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: Failed to set devices.allow on /system.slice/mariadb.service: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: Failed to set devices.allow on /system.slice/mariadb.service: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: Failed to set devices.allow on /system.slice/mariadb.service: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: Failed to set devices.allow on /system.slice/mariadb.service: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: mariadb.service: Failed to set invocation ID on control group /system.slice/mariadb.service, ignoring: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: Starting MariaDB 10.1.33 database server...
-- Subject: Unit mariadb.service has begun start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mariadb.service has begun starting up.
Jun 05 08:16:39 centos75 systemd[1]: run-user-0.mount: Failed to reset devices.list: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1]: run-user-0.mount: Failed to set invocation ID on control group /system.slice/run-user-0.mount, ignoring: Operation not permitted
Jun 05 08:16:39 centos75 systemd[1836]: mariadb.service: Failed at step KEYRING spawning /bin/sh: Permission denied
-- Subject: Process /bin/sh could not be executed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- The process /bin/sh could not be executed and failed.
--
-- The error number returned by this process is 13.
Jun 05 08:16:39 centos75 systemd[1]: mariadb.service: Control process exited, code=exited status=237
Jun 05 08:16:39 centos75 systemd[1]: Failed to start MariaDB 10.1.33 database server.
-- Subject: Unit mariadb.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mariadb.service has failed.
--
-- The result is failed.
Jun 05 08:16:39 centos75 systemd[1]: mariadb.service: Unit entered failed state.
Jun 05 08:16:39 centos75 systemd[1]: mariadb.service: Failed with result 'exit-code'.
and
journalctl -xe --no-pager | grep 'Operation not permitted' | awk '{print $6,$7,$8,$9,$10,$11,$12,$13,$14,$15}' | sort | uniq
Failed to reset devices.list on /system.slice/console-getty.service: Operation not permitted
Failed to reset devices.list on /system.slice/crond.service: Operation not permitted
Failed to reset devices.list on /system.slice/csf.service: Operation not permitted
Failed to reset devices.list on /system.slice/dbus.service: Operation not permitted
Failed to reset devices.list on /system.slice/dev-full.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-fuse.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-lxd.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-.lxd\x2dmounts.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-mqueue.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-net-tun.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-null.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-ptmx.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-random.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-tty.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-urandom.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-zero.mount: Operation not permitted
Failed to reset devices.list on /system.slice/haveged.service: Operation not permitted
Failed to reset devices.list on /system.slice/ip6tables.service: Operation not permitted
Failed to reset devices.list on /system.slice/iptables.service: Operation not permitted
Failed to reset devices.list on /system.slice/lfd.service: Operation not permitted
Failed to reset devices.list on /system.slice/mariadb.service: Operation not permitted
Failed to reset devices.list on /system.slice/-.mount: Operation not permitted
Failed to reset devices.list on /system.slice/network.service: Operation not permitted
Failed to reset devices.list on /system.slice/nginx.service: Operation not permitted
Failed to reset devices.list on /system.slice/ntpd.service: Operation not permitted
Failed to reset devices.list on /system.slice: Operation not permitted
Failed to reset devices.list on /system.slice/postfix.service: Operation not permitted
Failed to reset devices.list on /system.slice/proc-cpuinfo.mount: Operation not permitted
Failed to reset devices.list on /system.slice/proc-diskstats.mount: Operation not permitted
Failed to reset devices.list on /system.slice/proc-meminfo.mount: Operation not permitted
Failed to reset devices.list on /system.slice/proc-stat.mount: Operation not permitted
Failed to reset devices.list on /system.slice/proc-swaps.mount: Operation not permitted
Failed to reset devices.list on /system.slice/proc-sys-fs-binfmt_misc.mount: Operation not permitted
Failed to reset devices.list on /system.slice/proc-uptime.mount: Operation not permitted
Failed to reset devices.list on /system.slice/pure-ftpd.service: Operation not permitted
Failed to reset devices.list on /system.slice/rhel-domainname.service: Operation not permitted
Failed to reset devices.list on /system.slice/rhel-readonly.service: Operation not permitted
Failed to reset devices.list on /system.slice/rsyslog.service: Operation not permitted
Failed to reset devices.list on /system.slice/run-user-0.mount: Operation not permitted
Failed to reset devices.list on /system.slice/sshd.service: Operation not permitted
Failed to reset devices.list on /system.slice/sys-fs-fuse-connections.mount: Operation not permitted
Failed to reset devices.list on /system.slice/sys-kernel-debug.mount: Operation not permitted
Failed to reset devices.list on /system.slice/sysstat.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-hwdb-update.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-journal-catalog-update.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-journald.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-journal-flush.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-localed.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-logind.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-random-seed.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-tmpfiles-setup-dev.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-tmpfiles-setup.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-udevd.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-udev-trigger.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-update-done.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-update-utmp.service: Operation not permitted
Failed to reset devices.list on /system.slice/systemd-user-sessions.service: Operation not permitted
Failed to reset devices.list on /system.slice/system-getty.slice: Operation not permitted
Failed to reset devices.list on /system.slice/tmp.mount: Operation not permitted
Failed to reset devices.list on /user.slice: Operation not permitted
Failed to set devices.allow on /system.slice/mariadb.service: Operation not permitted
Failed to set devices.allow on /system.slice/systemd-localed.service: Operation not permitted
pam_limits(crond:session): Could not set limit for 'nofile': Operation not permitted