Failed to reset devices.list on /lxc/

[SPQRInc]

Hello,

unfortunately I'm getting a lot of errors like these ones in my debian 8 LXC-container:

Failed to reset devices.list on /lxc/103/system.slice: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/system.slice/php5-fpm.service: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/user.slice: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/system.slice/psa-firewall.service: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/system.slice/-.mount: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/system.slice/proc-sys-net.mount: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/system.slice/proc-sysrq\x2dtrigger.mount: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/system.slice/sys-devices-virtual-net.mount: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/system.slice/proc-cpuinfo.mount: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/system.slice/proc-diskstats.mount: Permission denied
Dec 17 16:34:37 systemd[1]: Failed to reset devices.list on /lxc/103/system.slice/proc-meminfo.mount: Permission denied

Any idea how to solve this?

 

[hery]

Same here.

Nobody?

 

[Centaur]

Same here.

Nobody?

I'm sure it wont be long before someone with the know how is able to help as I'm getting a bunch of permission denied's too. There must be a solution though so I'll be patient.

 

[zenny]

I am getting the same error inside a debian-jessie lxc container in proxmox 4.4. Hasn't this been solved since last year? Any solution to this apreciated. Thanks.

1156:Mar 8 09:53:26 rproxy systemd[1]: Failed to reset devices.list on /system.slice/pound.service: Operation not permitted
1203:Mar 8 09:53:26 rproxy systemd[1]: Failed to reset devices.list on /system.slice/pound.service: Operation not permitted
1249:Mar 8 09:53:30 rproxy systemd[1]: Failed to reset devices.list on /system.slice/pound.service: Operation not permitted
1296:Mar 8 09:54:44 rproxy systemd[1]: Failed to reset devices.list on /system.slice/pound.service: Operation not permitted
1343:Mar 8 09:54:44 rproxy systemd[1]: Failed to reset devices.list on /system.slice/pound.service: Operation not permitted
1393:Mar 8 10:06:34 rproxy systemd[1]: Failed to reset devices.list on /system.slice/pound.service: Operation not permitted
1439:Mar 8 10:07:13 rproxy systemd[1]: Failed to reset devices.list on /system.slice/pound.service: Operation not permitted

 

[fabian]

that's not an error, it's just a warning/information. in this case it means that the container restriction works as intended

 

[zenny]

@fabian, but the pound does not seem to be running at all. BTW, my pound file looks like https://github.com/bmsleight/teletubbies-pound/blob/master/pound.cfg

root@rproxy:~# /etc/init.d/pound restart
[ ok ] Restarting pound (via systemctl): pound.service.


root@rproxy:~# /etc/init.d/pound status
● pound.service - LSB: reverse proxy and load balancer
Loaded: loaded (/etc/init.d/pound)
Active: active (exited) since Wed 2017-03-08 12:38:19 CET; 4s ago
Process: 167 ExecStop=/etc/init.d/pound stop (code=exited, status=0/SUCCESS)
Process: 176 ExecStart=/etc/init.d/pound start (code=exited, status=0/SUCCESS)

Mar 08 12:38:18 rproxy pound[176]: Starting reverse proxy and load balancer: poundstarting...
Mar 08 12:38:19 rproxy pound[176]: [37B blob data]
Mar 08 12:38:19 rproxy pound[176]: failed!
Mar 08 12:38:19 rproxy systemd[1]: Started LSB: reverse proxy and load balancer.


root@rproxy:~# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 120/sshd
tcp6 0 0 :::22 :::* LISTEN 120/sshd
root@rproxy:~# tail -f /var/log/syslog


Mar 8 12:34:54 rproxy systemd[1]: Starting Update UTMP about System Runlevel Changes...
Mar 8 12:34:54 rproxy systemd[1]: Started Update UTMP about System Runlevel Changes.
Mar 8 12:34:54 rproxy systemd[1]: Startup finished in 1.881s.
Mar 8 12:38:18 rproxy systemd[1]: Stopping LSB: reverse proxy and load balancer...
Mar 8 12:38:18 rproxy pound[167]: Stopping reverse proxy and load balancer: pound.
Mar 8 12:38:18 rproxy systemd[1]: Starting LSB: reverse proxy and load balancer...
Mar 8 12:38:18 rproxy pound[176]: Starting reverse proxy and load balancer: poundstarting...
Mar 8 12:38:19 rproxy pound[176]: �l� line 79: ListenHTTP premature EOF
Mar 8 12:38:19 rproxy pound[176]: failed!
Mar 8 12:38:19 rproxy systemd[1]: Started LSB: reverse proxy and load balancer.

 

[fabian]

Mar 8 12:38:19 rproxy pound[176]: �l� line 79: ListenHTTP premature EOF

a quick google search shows that that is an error message related to a malformed config file - should have nothing to do with PVE or containerization.

 

[zenny]

@fabian; the pound config is exceptionally simple that anything that comes out from outside be forwarded to the server behind. as follows.

## Minimal sample pound.cfg
##
## see pound(8) for details


######################################################################
## global options:

User        "www-data"
Group        "www-data"
#RootJail    "/chroot/pound"

## Logging: (goes to syslog by default)
##    0    no logging
##    1    normal
##    2    extended
##    3    Apache-style (common log format)
LogLevel    1

## check backend every X secs:
Alive        30

## use hardware-accelleration card supported by openssl(1):
#SSLEngine    "<hw>"

# poundctl control socket
Control "/var/run/pound/poundctl.socket"


######################################################################
## listen, redirect and ... to:

# Main listening ports
ListenHTTP
    Address 192.168.20.100
    Port    80
    Client  10

    xHTTP 2

Service
    HeadRequire "Host:.*.domain.tld.*"
    BackEnd
        Address 192.168.20.101
        Port    80
    End
End

However, I keep on getting:

Mar 8 11:47:33 rproxy systemd[1]: Failed to reset devices.list on /system.slice/pound.service: Operation not permitted

And this seems to be something to do with systemctl and lxc issue, I guess.

 

[fabian]

like I said - "Failed to reset devices.list" is just a warning, not an error. the log clearly states that "pound" encounters a "premature EOF", which is an error message emitted when parsing the config file fails. I don't even know this piece of software, but that is what is obvious from 1 minute of googling. I cannot help you further - you'll have to contact the pound people or consult its documentation to find the error.

 

[zenny]

@fabian, Thanks for your input.