Hi Andrei, As indicated in the logs no SELINUX nor APPARMOR is enabled.
Best regards, Christopher Wong From: systemd-devel <systemd-devel-boun...@lists.freedesktop.org> on behalf of Andrei Borzenkov <arvidj...@gmail.com> Date: Saturday, 9 December 2023 at 07:13 To: systemd-devel@lists.freedesktop.org <systemd-devel@lists.freedesktop.org> Subject: Re: [systemd-devel] Manual start of user@<uid>.service failed with permission denied On 08.12.2023 23:53, Mantas Mikulėnas wrote: ... >> >> Dec 08 17:33:29 host systemd-user-runtime-dir[36278]: Will mount >> /run/user/1001 owned by 1001:118 >> >> Dec 08 17:33:29 host systemd-user-runtime-dir[36278]: Mounting tmpfs >> (tmpfs) on /run/user/1001 (MS_NOSUID|MS_NODEV >> "mode=0700,uid=1001,gid=118,size=99426304,nr_inodes=24274")... >> >> Dec 08 17:33:29 host systemd[1]: Finished User Runtime Directory >> /run/user/1001. >> >> Dec 08 17:33:29 host systemd[1]: Starting User Manager for UID 1001... >> >> Dec 08 17:33:29 host systemd[36280]: systemd 254.7-2-g9edc143 running in >> user mode for user 1001/ida. (-PAM -AUDIT -SELINUX -APPARMOR +IMA -SMACK >> +SECCOMP +GCRYPT +GNUTLS +OPENSSL -ACL +BLKID +CURL -ELFUTILS -FIDO2 -IDN2 >> -IDN -IPTC +KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT >> -QRENCODE -TPM2 +BZIP2 -LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP >> -SYSVINIT default-hierarchy=unified) >> >> Dec 08 17:33:29 host systemd[36280]: Failed to create >> '/run/user/1001/systemd/inaccessible', ignoring: Permission denied >> >> Dec 08 17:33:29 host systemd[36280]: Failed to create >> '/run/user/1001/systemd/inaccessible/reg', ignoring: Permission denied >> >> Dec 08 17:33:29 host systemd[36280]: Failed to create >> '/run/user/1001/systemd/inaccessible/dir', ignoring: Permission denied >> >> Dec 08 17:33:29 host systemd[36280]: Failed to create >> '/run/user/1001/systemd/inaccessible/fifo', ignoring: Permission denied >> >> Dec 08 17:33:29 host systemd[36280]: Failed to create >> '/run/user/1001/systemd/inaccessible/sock', ignoring: Permission denied >> >> Dec 08 17:33:29 host systemd[36280]: Failed to create >> '/run/user/1001/systemd/inaccessible/chr', ignoring: Permission denied >> >> Dec 08 17:33:29 host systemd[36280]: Failed to create >> '/run/user/1001/systemd/inaccessible/blk', ignoring: Permission denied >> > > What's the ownership of /run/user/1001 and /run/user/1001/systemd after all > of this? > > Are you rebooting between tests or just manually starting it? > > My current guess is that due to the earlier `systemctl set-environment`, > some *other* thing that's running as root inherited the /run/user/1001 path > and created root-owned directories there? That's the issue with setting > global environment, it needs to be unset afterwards... > "Permission denied" sounds like something LSM related (AppArmor, SELinux, ...)