Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)
On Sun, Aug 07, 2022 at 02:44:05PM +0200, Michael Biebl wrote: > On Sun, 2 Jan 2022 16:12:16 +0100 Tobias Frost wrote: > > On Sun, Jan 02, 2022 at 03:24:57PM +0100, Michael Biebl wrote: > > > > Control: tags -1 + moreinfo unreproducible > > > > On 02.01.22 14:52, Tobias Frost wrote: > > > > > Please let me know if there are additional details I could supply. > > > > > > > Can you provide steps how to reproduce the issue? > > > > > More details how the container is constructed, which fs is used etc. might > > > help as well. > > > > When I find a way to reproduce, I'll let you know. > > > > > Any news here? Sorry, no news. Probably best is to close that bug, (ENOTIME from my side to investigate further) -- tobi
Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)
On Sun, 2 Jan 2022 16:12:16 +0100 Tobias Frost wrote: On Sun, Jan 02, 2022 at 03:24:57PM +0100, Michael Biebl wrote: > > Control: tags -1 + moreinfo unreproducible > > On 02.01.22 14:52, Tobias Frost wrote: > > > Please let me know if there are additional details I could supply. > > > > > Can you provide steps how to reproduce the issue? > More details how the container is constructed, which fs is used etc. might > help as well. When I find a way to reproduce, I'll let you know. Any news here? OpenPGP_signature Description: OpenPGP digital signature
Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)
On Sun, 2 Jan 2022 21:38:01 +0100 Tobias Frost wrote: Albeith, I cannot set ACLs in /var/log/journal: setfacl --modify="u:unifi:rw" test.txt setfacl: test.txt: Malformed access ACL `user::rw-,user:unifi:rw-,group::r-x,group:adm:r-x,group:4294967295:r-x,mask::rwx,other::r--': Duplicate entries at entry 5 Interesting. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778656 comes to mind here, but that should be fixed and cleaned up. But tbh, I don't see the duplicate here... I wonder whether this is might be a libacl or kernel bug. See also https://lists.gnu.org/archive/html/acl-devel/2018-10/msg0.html I've CCed guillem, maybe he has an idea. Regards, Michael OpenPGP_signature Description: OpenPGP digital signature
Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)
On Sun, Jan 02, 2022 at 04:31:01PM +0100, Michael Biebl wrote: > On 02.01.22 16:12, Tobias Frost wrote: > > > Filesystem ia an ext4 on a lvm, backed by a raid1. > > Does the file system support xattr and acl? I guess so, but ACLs are nothing I use normally, so I cant tell if I use them correctly... root@thecus:/var/log/journal# touch test.txt root@thecus:/var/log/journal# setfattr -n user.test -v "xattr test string" test.txt root@thecus:/var/log/journal# getfattr test.txt # file: test.txt user.test root@thecus:/var/log/journal# getfacl test.txt # file: test.txt # owner: root # group: systemd-journal user::rw- group::r-x #effective:r-- group:adm:r-x #effective:r-- group:4294967295:r-x#effective:r-- mask::r-- other::r-- Albeith, I cannot set ACLs in /var/log/journal: setfacl --modify="u:unifi:rw" test.txt setfacl: test.txt: Malformed access ACL `user::rw-,user:unifi:rw-,group::r-x,group:adm:r-x,group:4294967295:r-x,mask::rwx,other::r--': Duplicate entries at entry 5 Same command in /var/log works: root@thecus:/var/log# touch test.txt ; setfacl --modify="u:unifi:rw" test.txt root@thecus:/var/log# getfacl test.txt # file: test.txt # owner: root # group: root user::rw- user:unifi:rw- group::r-- mask::rw- other::r-- root@thecus:/var/log# root@thecus:/var/log# ls -lad journal/ drwxr-sr-x+ 3 root systemd-journal 4096 Jan 2 21:33 journal/ root@thecus:/var/log# getfacl journal/ # file: journal/ # owner: root # group: systemd-journal # flags: -s- user::rwx group::r-x group:adm:r-x group:4294967295:r-x mask::r-x other::r-x default:user::rwx default:group::r-x default:group:adm:r-x default:group:4294967295:r-x default:mask::r-x default:other::r-x root@thecus:/var/log# mount | grep journal root@thecus:/var/log#
Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)
On 02.01.22 16:12, Tobias Frost wrote: Filesystem ia an ext4 on a lvm, backed by a raid1. Does the file system support xattr and acl? OpenPGP_signature Description: OpenPGP digital signature
Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)
On Sun, Jan 02, 2022 at 03:24:57PM +0100, Michael Biebl wrote: > > Control: tags -1 + moreinfo unreproducible > > On 02.01.22 14:52, Tobias Frost wrote: > > > Please let me know if there are additional details I could supply. > > > > > Can you provide steps how to reproduce the issue? > More details how the container is constructed, which fs is used etc. might > help as well. When I find a way to reproduce, I'll let you know. I ran into it by "apt upgrade" after changing sources.list from buster to bullseye. The container created with debootstrap, possibly a stretch release at that debootstrap time (IIRC). Filesystem ia an ext4 on a lvm, backed by a raid1. > What does > SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --create --prefix /var/log/journal > say? thecus:/home/tobi# machinectl shell ubiquiti Connected to machine ubiquiti. Press ^] three times within 1s to exit session. root@thecus:~# SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --create --prefix /var/log/journal Looking for configuration files in (higher priority first): /etc/tmpfiles.d /run/tmpfiles.d /usr/local/lib/tmpfiles.d /usr/lib/tmpfiles.d /lib/tmpfiles.d SELinux enabled state cached to: disabled Skipping overridden file '/usr/lib/tmpfiles.d/screen-cleanup.conf'. Reading config file "/usr/lib/tmpfiles.d/dbus.conf"… Entry "/var/lib/dbus" does not match any include prefix, skipping. Entry "/var/lib/dbus/machine-id" does not match any include prefix, skipping. Reading config file "/usr/lib/tmpfiles.d/debian.conf"… Entry "/run/shm" does not match any include prefix, skipping. Entry "/run/sendsigs.omit.d" does not match any include prefix, skipping. Entry "/etc/mtab" does not match any include prefix, skipping. Reading config file "/usr/lib/tmpfiles.d/home.conf"… Entry "/home" does not match any include prefix, skipping. Entry "/srv" does not match any include prefix, skipping. Reading config file "/usr/lib/tmpfiles.d/journal-nocow.conf"… Entry "/var/log/journal" matches include prefix "/var/log/journal". Entry "/var/log/journal/0168a64537e84260bcb1172567dbc16e" matches include prefix "/var/log/journal". Entry "/var/log/journal/remote" matches include prefix "/var/log/journal". Reading config file "/usr/lib/tmpfiles.d/legacy.conf"… Entry "/var/lock" does not match any include prefix, skipping. Entry "/run/lock/subsys" does not match any include prefix, skipping. /usr/lib/tmpfiles.d/legacy.conf:24: Ignoring entry r! "/forcefsck" because --boot is not specified. /usr/lib/tmpfiles.d/legacy.conf:25: Ignoring entry r! "/fastboot" because --boot is not specified. /usr/lib/tmpfiles.d/legacy.conf:26: Ignoring entry r! "/forcequotacheck" because --boot is not specified. Reading config file "/usr/lib/tmpfiles.d/passwd.conf"… /usr/lib/tmpfiles.d/passwd.conf:3: Ignoring entry r! "/etc/gshadow.lock" because --boot is not specified. /usr/lib/tmpfiles.d/passwd.conf:4: Ignoring entry r! "/etc/shadow.lock" because --boot is not specified. /usr/lib/tmpfiles.d/passwd.conf:5: Ignoring entry r! "/etc/passwd.lock" because --boot is not specified. /usr/lib/tmpfiles.d/passwd.conf:6: Ignoring entry r! "/etc/group.lock" because --boot is not specified. /usr/lib/tmpfiles.d/passwd.conf:7: Ignoring entry r! "/etc/subuid.lock" because --boot is not specified. /usr/lib/tmpfiles.d/passwd.conf:8: Ignoring entry r! "/etc/subgid.lock" because --boot is not specified. Reading config file "/etc/tmpfiles.d/screen-cleanup.conf"… Entry "/run/screen" does not match any include prefix, skipping. Reading config file "/usr/lib/tmpfiles.d/systemd-nologin.conf"… /usr/lib/tmpfiles.d/systemd-nologin.conf:11: Ignoring entry F! "/run/nologin" because --boot is not specified. Reading config file "/usr/lib/tmpfiles.d/systemd-pstore.conf"… Entry "/var/lib/systemd/pstore" does not match any include prefix, skipping. Reading config file "/usr/lib/tmpfiles.d/systemd-tmp.conf"… Entry "/tmp/systemd-private-7ca11069754049cab705a4d6f1b76e98-*" does not match any include prefix, skipping. Entry "/tmp/systemd-private-7ca11069754049cab705a4d6f1b76e98-*/tmp" does not match any include prefix, skipping. Entry "/var/tmp/systemd-private-7ca11069754049cab705a4d6f1b76e98-*" does not match any include prefix, skipping. Entry "/var/tmp/systemd-private-7ca11069754049cab705a4d6f1b76e98-*/tmp" does not match any include prefix, skipping. /usr/lib/tmpfiles.d/systemd-tmp.conf:17: Ignoring entry R! "/tmp/systemd-private-*" because --boot is not specified. /usr/lib/tmpfiles.d/systemd-tmp.conf:18: Ignoring entry R! "/var/tmp/systemd-private-*" because --boot is not specified. Entry "/var/lib/systemd/coredump/.#core*.7ca11069754049cab705a4d6f1b76e98*" does not match any include prefix, skipping. /usr/lib/tmpfiles.d/systemd-tmp.conf:23: Ignoring entry r! "/var/lib/systemd/coredump/.#*" because --boot is not specified. Reading config file "/usr/lib/tmpfiles.d/systemd.conf"… Entry "/run/user" does not match any include prefix, skipping.
Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)
Control: tags -1 + moreinfo unreproducible On 02.01.22 14:52, Tobias Frost wrote: Please let me know if there are additional details I could supply. Can you provide steps how to reproduce the issue? More details how the container is constructed, which fs is used etc. might help as well. What does SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --create --prefix /var/log/journal say? OpenPGP_signature Description: OpenPGP digital signature
Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)
Some more debugging into it: Adding a set -x to postinst: + [ configure = triggered ] + [ -z 241-7~deb10u8 ] + dpkg --compare-versions 241-7~deb10u8 lt 245.4-4~ + systemctl enable systemd-pstore.service + [ -z 241-7~deb10u8 ] + [ -z 241-7~deb10u8 ] + [ -z 241-7~deb10u8 ] + systemd-machine-id-setup + addgroup --quiet --system systemd-journal + adduser --quiet --system --group --no-create-home --home /run/systemd --gecos systemd Network Management systemd-network + adduser --quiet --system --group --no-create-home --home /run/systemd --gecos systemd Resolver systemd-resolve + dpkg --compare-versions 241-7~deb10u8 lt 244.1-2~ + mkdir -p /var/log/journal + mountpoint -q /proc + systemd-tmpfiles --create --prefix /var/log/journal Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal failed: Invalid argument Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal/0168a64537e84260bcb1172567dbc16e failed: Invalid argument Setting access ACL "u::rw-,g::r-x,g:adm:r--,g:4294967295:r-x,m::r--,o::---" on /var/log/journal/0168a64537e84260bcb1172567dbc16e/system.journal failed: Invalid argument /proc is mounted in my container. (I've made locally "systemd-tmpfiles --create --prefix /var/log/journal" a NOP to be able to proceed with the update. For the ones finding this bug report, the file to edit: /var/lib/dpkg/info/systemd.postinst) -- tobi
Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)
Package: systemd Version: 247.3-6 Severity: normal Dear Maintainer, In a systemd-nspawn container, upgrading from Debian 10 to Debian 11 fails with: Setting up systemd (247.3-6) ... Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal failed: Invalid argument Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:4294967295:r-x,m::r-x,o::r-x" on /var/log/journal/0168a64537e84260bcb1172567dbc16e failed: Invalid argument Setting access ACL "u::rw-,g::r-x,g:adm:r--,g:4294967295:r-x,m::r--,o::---" on /var/log/journal/0168a64537e84260bcb1172567dbc16e/system.journal failed: Invalid argument dpkg: error processing package systemd (--configure): installed systemd package post-installation script subprocess returned error exit status 73 The Version before was: 241-7~deb10u8 Please let me know if there are additional details I could supply. -- tobi