0

I have created an image meant to be running systemd services. A specific service named aksusbd is failing with status=4/NOPERMISSION at the initialization of the systemd running inside the container.

Podman commands:

# Build the image
sudo podman build . -t aksusbd -f Dockerfile
# Run the container
sudo podman run --net=host --systemd=true --privileged=true -it --device /dev/bus/usb:/dev/bus/usb aksusbd
# Attach to the container
sudo podman exec -it container_name bash

Container init:

[  OK  ] Started D-Bus System Message Bus.
         Starting Remove Stale Online ext4 Metadata Check Snapshots...
         Starting Dispatcher daemon for systemd-networkd...
         Starting Login Service...
         Starting Permit User Sessions...
[FAILED] Failed to start LSB: Sentinel LDK RTE.
See 'systemctl status aksusbd.service' for details.
[  OK  ] Finished Permit User Sessions.
[  OK  ] Finished Remove Stale Online ext4 Metadata Check Snapshots.

Container exec:

root@us-pc:/# systemctl status aksusbd
● aksusbd.service - LSB: Sentinel LDK RTE
     Loaded: loaded (/etc/init.d/aksusbd; generated)
     Active: failed (Result: exit-code) since Fri 2024-05-24 11:26:11 UTC; 2min 12s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 33 ExecStart=/etc/init.d/aksusbd start (code=exited, status=4)
        CPU: 3ms

May 24 11:26:11 us-pc systemd[1]: Starting LSB: Sentinel LDK RTE...
May 24 11:26:11 us-pc aksusbd[33]: With systemd you have to use systemctl
May 24 11:26:11 us-pc systemd[1]: aksusbd.service: Control process exited, code=exited, status=4/NOPERMISSION
May 24 11:26:11 us-pc systemd[1]: aksusbd.service: Failed with result 'exit-code'.
May 24 11:26:11 us-pc systemd[1]: Failed to start LSB: Sentinel LDK RTE.

Dockerfile:

FROM ubuntu:20.04

VOLUME ["/dev", "/var/hasplm"]


COPY . /tmp


RUN apt update -yq && apt install systemd init -y


RUN dpkg -i /tmp/aksusbd_8.23-1_amd64.deb


RUN apt clean && 

    rm -rf /tmp/*


CMD [ "/sbin/init" ]

On top of that I need to run it as sudo in order to see the systemd coming up normally without any more issues than the one described above even with privileged=true. This means having to build the image a sudo as well to be found in the local repository but also attaching as sudo as well. If you have any suggestions on this one they are welcome.

Note that I tried both Ubuntu 20.04 and 22.04.

Met
  • 101
  • 2

1 Answers1

0
Note that the systemd annotation text can be misleading.
For example status=4/NOPERMISSION seen in a journal log
merely indicates that the container command terminated
with error status code 4. It is unclear whether
the error was really caused by a permission issue.

quote from

https://github.com/eriksjolund/podman-exit-status-docs

(I wrote the document)

Erik Sjölund
  • 1,994