On Thu, Sep 1, 2016 at 12:47 PM arnaud gaboury <arnaud.gabo...@gmail.com> wrote:
> I have been moving directories and files between my host and my container > many times since more than one year with no issues. Host is Archlinux and > container Fedora 24 (upgrade to 24 is quite recent: no more than 2 months). > > I moved a directory today from host to container and this let me, for the > first time, with a directory in the container owned by 65534:65534. > <The UID 65534 is commonly reserved for *nobody*, a user with no system > privileges, as opposed to an ordinary (i.e., *non-privileged*) user. This > UID is often used for individuals accessing the system remotely via FTP or > HTTP[0] > > From host, the directory is correctly seen as a root:root > > ---------------------------------------------- > # ls -al > /var/lib/machines/poppy/storage/tth-blog/pelican-themes/material-TTH/static > drwxr-xr-x 1 root root 58 Sep 1 12:10 css/ > ---------------------------------------------- > > I can't change owner/group ID from inside the container, which is of > course very annoying as my folders and their contents are unusable. > > > I didn't change anything in the way my container is mounted: > > $ cat /etc/fstab > ------------------------- > LABEL=poppy-root /var/lib/machines/poppy > btrfs rw,noatime,autodefrag,compress=lzo,ssd,subvol=rootvol > 0 0 > --------------------------------- > The container is started at boot time with systemd-nspawn@poppy.service > (poppy is the container name) > > > $ systemctl status systemd-nspawn@poppy.service > > ● systemd-nspawn@poppy.service - Container poppy > Loaded: loaded (/usr/lib/systemd/system/systemd-nspawn@.service; > enabled; vendor preset: dis > Active: active (running) since Mon 2016-08-29 00:09:08 CEST; 3 days ago > Docs: man:systemd-nspawn(1) > Main PID: 612 (systemd-nspawn) > Status: "Container running." > CGroup: /machine.slice/systemd-nspawn@poppy.service > ├─612 /usr/bin/systemd-nspawn --quiet --keep-unit --boot > --link-journal=try-guest -- > ├─init.scope > │ └─617 /usr/lib/systemd/... > ├─system.slice > │ ├─console-getty.service > │ │ └─991 /sbin/agetty --no... > │ ├─dbus.service > │ │ └─945 /usr/bin/dbus-dae... > │ ├─dovecot.service > │ │ ├─ 1016 /usr/sbin/dovecot > │ │ ├─ 1431 dovecot/lmtp > │ │ ├─ 1432 dovecot/anvil > │ │ ├─ 1433 dovecot/log > │ │ ├─ 1435 dovecot/config > │ │ ├─ 1436 dovecot/lmtp > │ │ ├─ 1437 dovecot/lmtp > │ │ ├─ 1438 dovecot/lmtp > │ │ ├─ 1439 dovecot/lmtp > │ │ ├─ 1440 dovecot/lmtp > │ │ ├─ 1441 dovecot/lmtp > │ │ ├─ 1442 dovecot/lmtp > │ │ ├─ 1443 dovecot/lmtp > │ │ ├─ 1444 dovecot/lmtp > │ │ ├─ 3222 dovecot/imap-login > │ │ ├─ 3226 dovecot/imap > │ │ ├─ 4129 dovecot/imap-login > │ │ ├─ 4167 dovecot/imap > │ │ ├─ 6412 dovecot/ssl-params > │ │ ├─14815 dovecot/imap-login > │ │ └─14819 dovecot/imap > │ ├─nginx.service > │ │ ├─1458 nginx: master pro... > │ │ ├─1459 nginx: worker proces > │ │ ├─1460 nginx: worker proces > │ │ ├─1461 nginx: worker proces > │ │ ├─1462 nginx: worker proces > │ │ ├─1463 nginx: worker proces > │ │ ├─1464 nginx: worker proces > │ │ ├─1465 nginx: worker proces > │ │ └─1466 nginx: worker proces > │ ├─opendkim.service > │ │ └─10182 /usr/sbin/opendki... > │ ├─php-fpm.service > │ │ ├─ 984 php-fpm: master p... > │ │ ├─1445 php-fpm: pool own... > │ │ ├─1446 php-fpm: pool own... > │ │ ├─1447 php-fpm: pool own... > │ │ ├─1448 php-fpm: pool own... > │ │ ├─1449 php-fpm: pool own... > │ │ ├─1450 php-fpm: pool www... > │ │ ├─1451 php-fpm: pool www... > │ │ ├─1452 php-fpm: pool www... > │ │ └─1454 php-fpm: pool www... > │ ├─polkit.service > │ │ └─10026 /usr/lib/polkit-1... > │ ├─postfix.service > │ │ ├─ 1096 /usr/libexec/post... > │ │ ├─ 1098 qmgr -l -t unix -u > │ │ ├─ 1817 tlsmgr -l -t unix -u > │ │ └─20925 pickup -l -t unix -u > │ ├─postgresql.service > │ │ ├─1009 /usr/bin/postgres... > │ │ ├─1049 postgres: checkpo... > │ │ ├─1050 postgres: writer ... > │ │ ├─1051 postgres: wal wri... > │ │ ├─1052 postgres: autovac... > │ │ └─1053 postgres: stats c... > │ ├─redis.service > │ │ └─976 /usr/bin/redis-se... > │ ├─saslauthd.service > │ │ ├─970 /usr/sbin/saslaut... > │ │ ├─971 /usr/sbin/saslaut... > │ │ ├─972 /usr/sbin/saslaut... > │ │ ├─973 /usr/sbin/saslaut... > │ │ └─974 /usr/sbin/saslaut... > │ ├─spamassassin.service > │ │ └─27341 /usr/bin/perl -T ... > │ ├─system-clamd.slice > │ │ └─clamd@amavisd.service > │ │ └─27332 /usr/sbin/clamd -... > │ ├─systemd-journald.service > │ │ └─904 /usr/lib/systemd/... > │ ├─systemd-logind.service > │ │ └─936 /usr/lib/systemd/... > │ ├─systemd-networkd.service > │ │ └─969 /usr/lib/systemd/... > │ ├─vsftpd.service > │ │ └─1430 /usr/sbin/vsftpd ... > │ └─xinetd.service > │ └─997 /usr/sbin/xinetd ... > └─user.slice > └─user-1000.slice > ├─session-c1.scope > │ ├─4974 login -- poisoniv... > │ └─4998 -zsh > ├─session-c2.scope > │ ├─ 6067 login -- poisoniv... > │ ├─ 6086 -zsh > │ └─24742 /usr/bin/python3 ... > └─user@1000.service > └─init.scope > ├─4991 /usr/lib/systemd/... > └─4993 (sd-pam) ... > > Aug 29 00:09:12 hortensia systemd-nspawn[612]: See 'systemctl status > amavisd.service' for details. > Aug 29 00:09:13 hortensia systemd-nspawn[612]: [ OK ] Stopped > Amavisd-new is an interface between MTA and content checkers.. > Aug 29 00:09:13 hortensia systemd-nspawn[612]: Starting > Amavisd-new is an interfac...een MTA and content checkers.... > Aug 29 00:09:14 hortensia systemd-nspawn[612]: [2B blob data] > Aug 29 00:09:14 hortensia systemd-nspawn[612]: Fedora 24 (Server Edition) > Aug 29 00:09:14 hortensia systemd-nspawn[612]: Kernel 4.7.2-1-hortensia on > an x86_64 (console) > Aug 29 00:09:14 hortensia systemd-nspawn[612]: [1B blob data] > Aug 29 00:09:14 hortensia systemd-nspawn[612]: Admin Console: > https://192.168.1.94:9090/ or https://[fe80::c7f:c3ff:fefb:25b1]:9090/ > Aug 29 00:09:14 hortensia systemd-nspawn[612]: [1B blob data] > Aug 29 08:29:20 hortensia systemd-nspawn[612]: thetradinghall login: > Generating systemd units for vsftpd > lines 65-122/122 (END) > > Please can someone help me to deal with this issue? > EDIT: $ls -al / dr-xr-xr-x 1 root root 242 Aug 28 13:47 ./ dr-xr-xr-x 1 root root 242 Aug 28 13:47 ../ dr-xr-xr-x 1 root root 0 Feb 3 2016 boot/ drwxrwxr-x 1 root root 62 Aug 26 19:59 db/ drwxr-xr-x 7 root root 440 Aug 29 00:09 dev/ drwxr-xr-x 1 root root 4.1K Aug 29 08:19 etc/ drwxr-xr-x 1 root root 76 Feb 3 2016 home/ drwxrwxrwx 1 root root 0 Aug 28 13:47 keybase/ drwxr-xr-x 1 root root 0 Feb 3 2016 media/ drwxr-xr-x 1 root root 0 Feb 3 2016 mnt/ drwxr-xr-x 1 root root 56 Aug 26 20:02 opt/ dr-xr-xr-x 412 65534 65534 0 Aug 29 00:09 proc/ dr-xr-x--- 1 root root 378 Aug 29 08:28 root/ drwxr-xr-x 21 root root 560 Aug 29 08:29 run/ drwxr-xr-x 1 65534 65534 6 Mar 3 17:43 share/ drwxr-xr-x 1 root root 0 Feb 3 2016 srv/ drwxrwxr-x 1 root wheel 230 Sep 1 12:11 storage/ drwxr-xr-x 9 root root 180 Aug 29 00:09 sys/ drwxrwxrwt 12 root root 240 Sep 1 12:51 tmp/ drwxr-xr-x 1 root root 100 Dec 14 2015 usr/ drwxr-xr-x 1 root root 194 Mar 19 18:29 var/ -rw-r--r-- 1 65534 65534 0 May 9 10:01 .autorelabel lrwxrwxrwx 1 root root 7 Feb 3 2016 bin -> usr/bin/ -rw-r--r-- 1 65534 65534 739 Jul 3 02:00 certbot.log lrwxrwxrwx 1 root root 7 Feb 3 2016 lib -> usr/lib/ lrwxrwxrwx 1 root root 9 Feb 3 2016 lib64 -> usr/lib64/ -rw-r--r-- 1 65534 65534 220 Jul 5 13:24 .pearrc -rw------- 1 65534 65534 1.0K May 15 2015 .rnd lrwxrwxrwx 1 65534 65534 8 Feb 3 2016 sbin -> usr/sbin/ ?? Doesn't sounds good all these 65534:65534. Any possibility there have been an intrusion in my container (it servers many web apps) ? > Thank you > > > [0]http://www.linfo.org/uid.html >
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
