Lennart Poettering <lenn...@poettering.net> schrieb: > On Mon, 15.12.14 22:42, Kai Krakow (hurikha...@gmail.com) wrote: > >> Hello! >> >> I'm seeing the following errors in systemd's journal: >> >> Dez 15 22:33:57 jupiter systemd[1515]: pam_limits(systemd-user:session): >> Could not set limit for 'memlock': Operation not permitted >> Dez 15 22:33:57 jupiter systemd[1515]: pam_limits(systemd-user:session): >> Could not set limit for 'nice': Operation not permitted >> Dez 15 22:33:57 jupiter systemd[1515]: pam_limits(systemd-user:session): >> Could not set limit for 'rtprio': Operation not permitted >> Dez 15 22:33:57 jupiter systemd[1515]: PAM audit_log_acct_message() >> failed: Operation not permitted >> Dez 15 22:33:57 jupiter systemd[1515]: Failed at step PAM spawning >> /usr/lib/systemd/systemd: Operation not permitted >> >> Is it meaningless? Do I have to worry? Or which configuration do I miss? > > Hmm, this is certainly weird. It indicates some issue with your PAM > setup maybe? Do you have SELinux enabled? Is this in some container or so?
This is a Gentoo box, plain hardware. My pam configuration looks right. When I run "systemd --user" manually through strace, I see missing permissions on cgroups. But I almost guess this is intended if running from an already existing user session. I don't use SELinux or similar security policies, just plain Linux security policy as it is default in Gentoo. But strangely systemd gives me on boot: systemd 218 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK -SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN) I don't know why smack is enabled... It's not in my kernel and isn't set as a feature to compile in the ebuild. But I'm not sure if it would make a difference for this problem. I suppose for the same reason, rtkit-daemon cannot give RT priority to itself... $ journalctl -b -p err -- Logs begin at So 2014-05-25 21:33:33 CEST, end at Di 2015-02-10 08:35:24 CET. -- Feb 08 19:42:24 jupiter bluetoothd[714]: Sap driver initialization failed. Feb 08 19:42:24 jupiter bluetoothd[714]: sap-server: Operation not permitted (1) Feb 08 19:42:26 jupiter systemd[843]: pam_limits(systemd-user:session): Could not set limit for 'memlock': Operation not permitted Feb 08 19:42:26 jupiter systemd[843]: pam_limits(systemd-user:session): Could not set limit for 'rtprio': Operation not permitted Feb 08 19:42:26 jupiter systemd[843]: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted Feb 08 19:42:41 jupiter rtkit-daemon[1636]: Failed to make ourselves RT: Operation not permitted Feb 08 19:42:41 jupiter rtkit-daemon[1636]: Failed to make ourselves RT: Operation not permitted Feb 08 19:42:41 jupiter rtkit-daemon[1636]: Failed to make ourselves RT: Operation not permitted Feb 08 19:42:41 jupiter rtkit-daemon[1636]: Failed to make ourselves RT: Operation not permitted Feb 08 19:42:41 jupiter rtkit-daemon[1636]: Failed to make ourselves RT: Operation not permitted [...many iterations of the same message...] Maybe my kernel config is wrong although I'm pretty sure I set all the recommended options. If you point me to which kernel options come into play here, I'd be happy to dump those and/or try again with another set of options. My pam config is plain Gentoo with the recommended systemd settings (which are default since many iterations of the ebuild package): $ cat /etc/pam.d/systemd-user # This file is part of systemd. # # Used by systemd --user instances. account include system-auth session include system-auth $ cat /etc/pam.d/system-auth ## lines reindented for readability auth required pam_env.so auth sufficient pam_ssh.so auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so session optional pam_ssh.so session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_permit.so -session optional pam_systemd.so Thanks for investigating... -- Replies to list only preferred. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel