On Tue, 03.03.15 14:22, Erik Johnson (e...@saltstack.com) wrote: > On Mon, Mar 02, 2015 at 11:01:44PM +0100, Lennart Poettering wrote: > >On Mon, 02.03.15 14:10, Erik Johnson (e...@saltstack.com) wrote: > > > >>On Mon, Mar 02, 2015 at 07:51:35PM +0100, Lennart Poettering wrote: > >>>On Mon, 02.03.15 11:06, Erik Johnson (e...@saltstack.com) wrote: > >>> > >>>>I'm getting a similar error to the one described in the following post > >>>>from a couple weeks ago: > >>>> > >>>>https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html > >>>> > >>>>I get an "access denied" error when running machinectl remove, even as > >>>>root. > >>> > >>>This was a bug in the dbus policy. It should be fixed with this commit: > >>> > >>>http://cgit.freedesktop.org/systemd/systemd/commit/src/machine/org.freedesktop.machine1.conf?id=72c3897f77a7352618ea76b880a6764f52d6327b > >>> > >>>Lennart > >>> > >>>-- > >>>Lennart Poettering, Red Hat > >> > >> > >>Thanks. I applied the patch, restarted dbus, and now I get the > >>following after a 20-30 second pause: > >> > >>Could not remove image: Activation of org.freedesktop.machine1 timed out > > > >dbus is not a service that cannot be restarted during normal > >operation. This is a well-known limitation of dbus. Reloading > >configuration should be sufficient. > > > >You probably need to reboot now to get back to a working system... > > > >Lennart > > > >-- > >Lennart Poettering, Red Hat > > > OK. After rebooting, it's still not working. Were the necessary changes > limited to that one commit?
Oh, umm, so there are actually more changes necessary: machined lacked the right caps to execute the deletion ioctl. Changing the CapabilityBoundingSet= line in systemd-machined to this should make this work: CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel