systemd-resolved.service: Couldn't add UID/GID reference to unit, proceeding without: Device or resource busy

[ghost]

systemd version the issue has been seen with

239-7 in Debian unstable.

Used distribution

Debian unstable. I filed a bug report to the downstream as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904335,
and I was suggested there reporting to the upstream.

Expected behaviour you didn't see

We don't see systemd[1]: systemd-resolved.service: Couldn't add UID/GID reference to unit, proceeding without: Device or resource busy

Unexpected behaviour you saw

The static user systemd-resolve in /etc/passwd and DynamicUser=yes give the following journal log.

Jul 23 12:02:57 debian-unstable systemd[1]: systemd-resolved.service: Couldn't add UID/GID reference to unit, proceeding without: Device or resource busy

Changing DynamicUser=yes to DynamicUser=no fixes the problem.

To the down stream bug report, @mbiebl wrote:

DynamicUser also takes care of setting up the runtime directory. Not
sure if we can safely set that to false.
In any case, systemd should gracefully deal with the fact that a system
user has been allocated statically.

Steps to reproduce the problem
See above.

[filbranden]

DynamicUser also takes care of setting up the runtime directory. Not sure if we can safely set that to false.

This has since been fixed by #9586, which creates the users statically and sets permissions of the runtime directories accordingly, even though DynamicUser still ships as "yes" for these units...

It's safe to turn them off now, I'm doing that on Fedora due to another issue with SELinux compatibility...

Cheers,
Filipe

[ghost]

@filbranden Thank you very much for your quick advice!
@mbiebl Can I close this issue?

[mbiebl]

No, this issue is not fixed. With a statically allocated user this error message should not show up.

[filbranden]

@mbiebl So, one option would be to set DynamicUser=no on the downstream package... As long as you have #9586 backported, that should be a safe setting.

[mbiebl]

@filbranden why? Using DynamicUser=yes and a statically allocated system user is documented to work. It also turns on a couple of other flags (like PrivateTmp) which we actually want

[yuwata]

BTW, I have not seen this message. Is this shown only when selinux is enabled?

[ghost]

@yuwata For my case, selinux is disabled and apparmor is enabled, as it is recent debian default. Kernel is 4.17.0-1-amd64.

[yuwata]

@ryutaroh-matsumoto The message is shown even when AppArmor is disabled?

[ghost]

@yuwata I don't have access to the machine running Debian unstable as it is in my home. I will see and answer it, probably midnight today (Japanese time).

[mbiebl]

@yuwata I can reproduce the problem in a pristine Debian buster qemu VM. SELinux is not enabled, disabling AppArmor makes no difference

[mbiebl]

Interestingly, this only happens for resolved. timesyncd and networkd (which also have a statically allocated system user and DynamicUser=yes) don't show this error message.

[ghost]

@yuwata I observed the strange log. Firstly, the following is /etc/passwd. We see that the uid and the gid of systemd-resolve are different.

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-network:x:101:102:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin
systemd-resolve:x:102:103:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin
messagebus:x:103:107::/nonexistent:/usr/sbin/nologin
sshd:x:104:65534::/run/sshd:/usr/sbin/nologin
guest2:x:1000:1000:Guest2 Guest2,,,:/home/guest2:/bin/bash
systemd-coredump:x:998:998:systemd Core Dumper:/:/sbin/nologin
systemd-timesync:x:105:109:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin

The following is the output of journalctl -lu systemd-resolved.service with kernel command line apparmor=0 security=none systemd.log_level=debug. The uid and the gid are regarded as the same 102 two lines above systemd[1]: systemd-resolved.service: Couldn't add UID/GID reference to unit, proceeding without: Device or resource busy. BUT, at the 8th line, systemd recognized the correct uid and gid!

-- Logs begin at Wed 2018-07-25 19:40:19 UTC, end at Wed 2018-07-25 19:40:33 UTC. --
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Failed to set memory.swap.max: No such file or directory
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Passing 0 fds to service
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: About to execute: /lib/systemd/systemd-resolved
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Forked /lib/systemd/systemd-resolved as 289
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Changed dead -> start
Jul 25 19:40:20 debian-unstable systemd[1]: Starting Network Name Resolution...
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: User lookup succeeded: uid=102 gid=103
Jul 25 19:40:20 debian-unstable systemd[289]: /run/systemd/unit-root/dev is duplicate.
Jul 25 19:40:20 debian-unstable systemd[289]: /run/systemd/unit-root/dev is duplicate.
Jul 25 19:40:20 debian-unstable systemd[289]: /run/systemd/unit-root/home is duplicate.
Jul 25 19:40:20 debian-unstable systemd[289]: /run/systemd/unit-root/proc is duplicate.
Jul 25 19:40:20 debian-unstable systemd[289]: /run/systemd/unit-root/root is duplicate.
Jul 25 19:40:20 debian-unstable systemd[289]: /run/systemd/unit-root/run/user is duplicate.
Jul 25 19:40:20 debian-unstable systemd[289]: /run/systemd/unit-root/sys is duplicate.
Jul 25 19:40:20 debian-unstable systemd[289]: /run/systemd/unit-root/sys is duplicate.
Jul 25 19:40:20 debian-unstable systemd[289]: /run/systemd/unit-root/sys/fs/cgroup is duplicate.
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/dev
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to umount /run/systemd/unit-root/dev: Device or resource busy
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully unmounted /run/systemd/unit-root/dev/pts
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to umount /run/systemd/unit-root/dev: Device or resource busy
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully unmounted /run/systemd/unit-root/dev/shm
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to umount /run/systemd/unit-root/dev: Device or resource busy
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully unmounted /run/systemd/unit-root/dev/hugepages
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to umount /run/systemd/unit-root/dev: Device or resource busy
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully unmounted /run/systemd/unit-root/dev/mqueue
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully unmounted /run/systemd/unit-root/dev
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/home
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/inaccessible/dir to /run/systemd/unit-root/home
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/lib/modules
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/inaccessible/dir to /run/systemd/unit-root/lib/modules
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/acpi
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/unit-root/proc/acpi to /run/systemd/unit-root/proc/acpi
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/apm
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/asound
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/bus
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/unit-root/proc/bus to /run/systemd/unit-root/proc/bus
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/fs
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/unit-root/proc/fs to /run/systemd/unit-root/proc/fs
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/irq
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/unit-root/proc/irq to /run/systemd/unit-root/proc/irq
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/kallsyms
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/inaccessible/reg to /run/systemd/unit-root/proc/kallsyms
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/kcore
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/inaccessible/reg to /run/systemd/unit-root/proc/kcore
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/latency_stats
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/mtrr
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/unit-root/proc/mtrr to /run/systemd/unit-root/proc/mtrr
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/scsi
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/unit-root/proc/sys to /run/systemd/unit-root/proc/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/sysrq-trigger
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/unit-root/proc/sysrq-trigger to /run/systemd/unit-root/proc/sysrq-trigger
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/proc/timer_stats
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/root
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/inaccessible/dir to /run/systemd/unit-root/root
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/run/resolvconf
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/run/systemd/resolve
Jul 25 19:40:20 debian-unstable systemd[289]: Followed source symlinks /run/systemd/resolve → /run/systemd/resolve.
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/resolve to /run/systemd/unit-root/run/systemd/resolve
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/run/user
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/inaccessible/dir to /run/systemd/unit-root/run/user
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/sys/fs/bpf
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/sys/fs/cgroup
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/sys/fs/selinux
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/sys/kernel/debug
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/sys/kernel/tracing
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /run/systemd/unit-root/sys/kernel/tracing to /run/systemd/unit-root/sys/kernel/tracing
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/tmp
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /tmp/systemd-private-429c9a8a596b4199aad1b566cd3dc962-systemd-resolved.service-jxrKDL/tmp to /run/systemd/unit-root/tmp
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/usr/lib/modules
Jul 25 19:40:20 debian-unstable systemd[289]: Applying namespace mount on /run/systemd/unit-root/var/tmp
Jul 25 19:40:20 debian-unstable systemd[289]: Successfully mounted /var/tmp/systemd-private-429c9a8a596b4199aad1b566cd3dc962-systemd-resolved.service-xK1JEm/tmp to /run/systemd/unit-root/var/tmp
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/security, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/cgroup, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/pstore, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/bpf, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/debug, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/sys/fs/binfmt_misc, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev/pts, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev/shm, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev/mqueue, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev/hugepages, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/home, because blacklisted by /run/systemd/unit-root/home, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/lib/modules, because blacklisted by /run/systemd/unit-root/lib/modules, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/acpi, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/bus, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/fs, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/irq, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/kallsyms, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/kcore, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/mtrr, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/sys, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/sys/fs/binfmt_misc, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/sysrq-trigger, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/root, because blacklisted by /run/systemd/unit-root/root, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/run/systemd/resolve, because blacklisted by /run/systemd/unit-root/run/systemd/resolve, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/run/user, because blacklisted by /run/systemd/unit-root/run/user, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/tracing, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/tmp, because blacklisted by /run/systemd/unit-root/tmp, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/var/tmp, because blacklisted by /run/systemd/unit-root/var/tmp, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/run/lock read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/run read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/security, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/cgroup, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/pstore, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/bpf, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/debug, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/sys/fs/binfmt_misc, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev/pts, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev/shm, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev/mqueue, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/dev/hugepages, because blacklisted by /run/systemd/unit-root/dev, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/home, because blacklisted by /run/systemd/unit-root/home, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/lib/modules, because blacklisted by /run/systemd/unit-root/lib/modules, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/acpi, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/bus, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/fs, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/irq, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/kallsyms, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/kcore, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/mtrr, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/sys, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/sys/fs/binfmt_misc, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/proc/sysrq-trigger, because blacklisted by /run/systemd/unit-root/proc, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/root, because blacklisted by /run/systemd/unit-root/root, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/run/systemd/resolve, because blacklisted by /run/systemd/unit-root/run/systemd/resolve, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/run/user, because blacklisted by /run/systemd/unit-root/run/user, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/tracing, because blacklisted by /run/systemd/unit-root/sys, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/tmp, because blacklisted by /run/systemd/unit-root/tmp, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/var/tmp, because blacklisted by /run/systemd/unit-root/var/tmp, called for /run/systemd/unit-root
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/home read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/lib/modules read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/proc/acpi read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/proc/bus read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/proc/fs read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/proc/irq read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/proc/kallsyms read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/proc/kcore read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/proc/mtrr read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/proc/sys read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/proc/sysrq-trigger read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/root read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/run/user read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/cgroup, because blacklisted by /run/systemd/unit-root/sys/fs/cgroup, called for /run/systemd/unit-root/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/bpf, because blacklisted by /run/systemd/unit-root/sys/fs/bpf, called for /run/systemd/unit-root/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/debug, because blacklisted by /run/systemd/unit-root/sys/kernel/debug, called for /run/systemd/unit-root/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/tracing, because blacklisted by /run/systemd/unit-root/sys/kernel/tracing, called for /run/systemd/unit-root/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/sys/fs/pstore read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/sys/kernel/security read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/sys read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/cgroup, because blacklisted by /run/systemd/unit-root/sys/fs/cgroup, called for /run/systemd/unit-root/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/fs/bpf, because blacklisted by /run/systemd/unit-root/sys/fs/bpf, called for /run/systemd/unit-root/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/debug, because blacklisted by /run/systemd/unit-root/sys/kernel/debug, called for /run/systemd/unit-root/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Not remounting /run/systemd/unit-root/sys/kernel/tracing, because blacklisted by /run/systemd/unit-root/sys/kernel/tracing, called for /run/systemd/unit-root/sys
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/sys/fs/bpf read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/sys/fs/cgroup read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/sys/kernel/debug read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Remounted /run/systemd/unit-root/sys/kernel/tracing read-only.
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x32
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86-64
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x32
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86-64
Jul 25 19:40:19 debian-unstable systemd[289]: Operating on architecture: x86
Jul 25 19:40:19 debian-unstable systemd[289]: Operating on architecture: x32
Jul 25 19:40:19 debian-unstable systemd[289]: Operating on architecture: x86-64
Jul 25 19:40:19 debian-unstable systemd[289]: Restricting namespace to: .
Jul 25 19:40:19 debian-unstable systemd[289]: Operating on architecture: x86
Jul 25 19:40:19 debian-unstable systemd[289]: Blocking cgroup.
Jul 25 19:40:19 debian-unstable systemd[289]: Blocking ipc.
Jul 25 19:40:19 debian-unstable systemd[289]: Blocking net.
Jul 25 19:40:19 debian-unstable systemd[289]: Blocking mnt.
Jul 25 19:40:19 debian-unstable systemd[289]: Blocking pid.
Jul 25 19:40:19 debian-unstable systemd[289]: Blocking user.
Jul 25 19:40:19 debian-unstable systemd[289]: Blocking uts.
Jul 25 19:40:19 debian-unstable systemd[289]: Operating on architecture: x32
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking cgroup.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking ipc.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking net.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking mnt.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking pid.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking user.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking uts.
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86-64
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking cgroup.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking ipc.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking net.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking mnt.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking pid.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking user.
Jul 25 19:40:20 debian-unstable systemd[289]: Blocking uts.
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x32
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86-64
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x32
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86-64
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call pciconfig_iobase() / -10086, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call pciconfig_read() / -10087, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call pciconfig_write() / -10088, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call s390_pci_mmio_read() / -10197, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call s390_pci_mmio_write() / -10198, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x32
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call pciconfig_iobase() / -10086, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call pciconfig_read() / -10087, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call pciconfig_write() / -10088, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call s390_pci_mmio_read() / -10197, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call s390_pci_mmio_write() / -10198, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86-64
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call pciconfig_iobase() / -10086, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call pciconfig_read() / -10087, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call pciconfig_write() / -10088, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call s390_pci_mmio_read() / -10197, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call s390_pci_mmio_write() / -10198, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call epoll_wait_old() / 215, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call epoll_ctl_old() / 214, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call newfstatat() / 262, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call set_tls() / -10183, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x32
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call oldlstat() / -10035, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sendfile64() / -10043, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call ugetrlimit() / -10068, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fstatfs64() / -10012, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call stat64() / -10062, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getgroups32() / -10018, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call epoll_wait_old() / 215, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call _llseek() / -10026, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigaction() / -10054, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call readdir() / -10041, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setresgid32() / -10049, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigreturn() / -10058, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call epoll_ctl_old() / 214, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getegid32() / -10015, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call chown32() / -10004, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setuid32() / -10052, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call oldfstat() / -10034, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call oldolduname() / -10036, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call recv() / -110, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call ipc() / -10024, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call waitpid() / -10073, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigprocmask() / -10057, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call _newselect() / -10032, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call set_thread_area() / 205, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call lstat64() / -10028, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call olduname() / -10038, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call oldstat() / -10037, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call mmap2() / -10029, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call nice() / -10033, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setresuid32() / -10050, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fchown32() / -10008, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getgid32() / -10017, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call statfs64() / -10063, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setgid32() / -10046, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setfsgid32() / -10044, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setgroups32() / -10047, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getresgid32() / -10019, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call truncate64() / -10066, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fadvise64_64() / -10007, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigsuspend() / -10059, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call lchown32() / -10025, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setregid32() / -10048, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call socketcall() / -10060, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigpending() / -10056, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call signal() / -10055, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getresuid32() / -10020, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call send() / -109, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call set_tls() / -10183, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fcntl64() / -10009, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call geteuid32() / -10016, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setreuid32() / -10051, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getuid32() / -10021, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setfsuid32() / -10045, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fstat64() / -10010, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call ftruncate64() / -10014, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call get_thread_area() / 211, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fstatat64() / -10011, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Operating on architecture: x86-64
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call oldlstat() / -10035, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sendfile64() / -10043, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call ugetrlimit() / -10068, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fstatfs64() / -10012, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call stat64() / -10062, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getgroups32() / -10018, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call _llseek() / -10026, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigaction() / -10054, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call readdir() / -10041, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setresgid32() / -10049, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigreturn() / -10058, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getegid32() / -10015, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call chown32() / -10004, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setuid32() / -10052, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call oldfstat() / -10034, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call oldolduname() / -10036, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call recv() / -110, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call ipc() / -10024, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call waitpid() / -10073, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigprocmask() / -10057, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call _newselect() / -10032, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call lstat64() / -10028, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call olduname() / -10038, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call oldstat() / -10037, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call mmap2() / -10029, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call nice() / -10033, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setresuid32() / -10050, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fchown32() / -10008, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getgid32() / -10017, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call statfs64() / -10063, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setgid32() / -10046, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setfsgid32() / -10044, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setgroups32() / -10047, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getresgid32() / -10019, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call truncate64() / -10066, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fadvise64_64() / -10007, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigsuspend() / -10059, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call lchown32() / -10025, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setregid32() / -10048, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call socketcall() / -10060, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call sigpending() / -10056, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call signal() / -10055, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getresuid32() / -10020, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call send() / -109, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call set_tls() / -10183, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fcntl64() / -10009, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call geteuid32() / -10016, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setreuid32() / -10051, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call getuid32() / -10021, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call setfsuid32() / -10045, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fstat64() / -10010, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call ftruncate64() / -10014, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: Failed to add rule for system call fstatat64() / -10011, ignoring: Numerical argument out of domain
Jul 25 19:40:20 debian-unstable systemd[289]: systemd-resolved.service: Executing: /lib/systemd/systemd-resolved
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Positive Trust Anchors:
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Got notification message from PID 289 (WATCHDOG=1)
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Using system hostname 'debian-unstable'.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: New scope on link *, protocol dns, family *
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Found new link 2/ens3
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Found new link 1/lo
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: New scope on link ens3, protocol dns, family *
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: New scope on link ens3, protocol llmnr, family AF_INET
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Transaction 18805 for <debian-unstable IN ANY> scope llmnr on ens3/INET.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Delaying llmnr transaction for 39122us.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Bus bus-api-resolve: changing state UNSET → OPENING
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Bus bus-api-resolve: changing state OPENING → AUTHENTICATING
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Creating stub listener using UDP.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Switching to system DNS server 192.168.122.1.
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Got notification message from PID 289 (READY=1, STATUS=Processing requests...)
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Bus bus-api-resolve: changing state AUTHENTICATING → HELLO
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: About to execute: /bin/sh -c '[ ! -e /run/resolvconf/enable-updates ] || echo "nameserver 127.0.0.53" | /sbin/resolvconf -a systemd-resolved'
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello cookie=1 reply_cookie=0 signature=n/a error-name=n/a error-message=n/a
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Forked /bin/sh as 301
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RequestName cookie=2 reply_cookie=0 signature=su error-name=n/a error-message=n/a
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Changed start -> start-post
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=3 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.5 path=n/a interface=n/a member=n/a cookie=1 reply_cookie=1 signature=s error-name=n/a error-message=n/a
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Bus bus-api-resolve: changing state HELLO → RUNNING
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Got message type=signal sender=org.freedesktop.DBus.Local destination=n/a path=/org/freedesktop/DBus/Local interface=org.freedesktop.DBus.Local member=Connected cookie=4294967295 reply_cookie=0 signature=n/a error-name=n/a error-message=n/a
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Got message type=signal sender=org.freedesktop.DBus destination=:1.5 path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=2 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Got message type=signal sender=org.freedesktop.DBus destination=:1.5 path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=3 reply_cookie=0 signature=s error-name=n/a error-message=n/a
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.5 path=n/a interface=n/a member=n/a cookie=4 reply_cookie=2 signature=u error-name=n/a error-message=n/a
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Successfully acquired requested service name.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: request_name_destroy_callback n_ref=1
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: User lookup succeeded: uid=102 gid=102
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.5 path=n/a interface=n/a member=n/a cookie=5 reply_cookie=3 signature=n/a error-name=n/a error-message=n/a
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Couldn't add UID/GID reference to unit, proceeding without: Device or resource busy
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Match type='signal',sender='org.freedesktop.login1',path='/org/freedesktop/login1',interface='org.freedesktop.login1.Manager',member='PrepareForSleep' successfully installed.
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Child 301 belongs to systemd-resolved.service.
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Control process exited, code=exited status=0
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Got final SIGCHLD for state start-post.
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Changed start-post -> running
Jul 25 19:40:20 debian-unstable systemd[1]: systemd-resolved.service: Job systemd-resolved.service/start finished, result=done
Jul 25 19:40:20 debian-unstable systemd[1]: Started Network Name Resolution.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Timeout reached on transaction 18805.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Retrying transaction 18805.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Transaction 18805 for <debian-unstable IN ANY> scope llmnr on ens3/INET.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Sending query packet with id 18805 on interface 2/AF_INET.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Timeout reached on transaction 18805.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Retrying transaction 18805.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Transaction 18805 for <debian-unstable IN ANY> scope llmnr on ens3/INET.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Sending query packet with id 18805 on interface 2/AF_INET.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Timeout reached on transaction 18805.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Retrying transaction 18805.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Transaction 18805 for <debian-unstable IN ANY> scope llmnr on ens3/INET.
Jul 25 19:40:20 debian-unstable systemd-resolved[289]: Sending query packet with id 18805 on interface 2/AF_INET.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Timeout reached on transaction 18805.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Retrying transaction 18805.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Transaction 18805 for <debian-unstable IN ANY> on scope llmnr on ens3/INET now complete with <attempts-max-reached> from none (unsigned).
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Record debian-unstable IN A 192.168.122.132 successfully probed.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Freeing transaction 18805.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: New scope on link ens3, protocol llmnr, family AF_INET6
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Transaction 21111 for <debian-unstable IN ANY> scope llmnr on ens3/INET6.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Delaying llmnr transaction for 21150us.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Timeout reached on transaction 21111.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Retrying transaction 21111.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Transaction 21111 for <debian-unstable IN ANY> scope llmnr on ens3/INET6.
Jul 25 19:40:21 debian-unstable systemd-resolved[289]: Sending query packet with id 21111 on interface 2/AF_INET6.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Timeout reached on transaction 21111.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Retrying transaction 21111.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Transaction 21111 for <debian-unstable IN ANY> scope llmnr on ens3/INET6.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Sending query packet with id 21111 on interface 2/AF_INET6.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Timeout reached on transaction 21111.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Retrying transaction 21111.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Transaction 21111 for <debian-unstable IN ANY> scope llmnr on ens3/INET6.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Sending query packet with id 21111 on interface 2/AF_INET6.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Timeout reached on transaction 21111.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Retrying transaction 21111.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Transaction 21111 for <debian-unstable IN ANY> on scope llmnr on ens3/INET6 now complete with <attempts-max-reached> from none (unsigned).
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Record debian-unstable IN AAAA fe80::5054:ff:fec5:8516 successfully probed.
Jul 25 19:40:22 debian-unstable systemd-resolved[289]: Freeing transaction 21111.

[ghost]

/etc/nsswitch.conf of my debian unstable system is as follows:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat systemd
group:          compat systemd
shadow:         compat
gshadow:        files

hosts:          files resolve [!UNAVAIL=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

[filbranden]

I think the "Device or resource busy" (which translates from errno EBUSY) is coming from here.

But I haven't really digged down into the code to understand why it needs to retry too many times...

[ghost]

Changing the gid of systemd-resolve from 103 to 102, which is the same as its uid, solved this issue even with AppArmor enabled. Year! (But please do not close this issue :-)

[filbranden]

Yeah, there's definitely a bug in there... I was looking at the code but unsure what might be causing it. I'll try to reproduce it locally and add more traces to help do so.

Cheers,
Filipe

[yuwata]

Hmm... Still I cannot reproduce this. I've tried to create static systemd-resolve user and group with different UID/GID.

@ryutaroh-matsumoto Could you provide the unit file of systemd-resolved.service? I.e. please paste the result of systemctl cat systemd-resolved.service.

[filbranden]

My guess is to reproduce this you also need the GID matching the original UID to result in a valid group...

In @ryutaroh-matsumoto's example, GID 102 was allocated by systemd-network... So gid_is_valid() will accept it...

[yuwata]

@filbranden Hmm.

$ id systemd-resolve
uid=988(systemd-resolve) gid=981(systemd-resolve) groups=981(systemd-resolve)
$ cat /etc/group | grep 988
unbound:x:988:

But still I cannot reproduce this...

[ghost]

@yuwata yes, I will. But please wait for a while as I am not in my home now...
@mbiebl could you provide one as you can also reproduce this?

With the original passwd, systemd-resolve has uid 102 gid 103. The group has systemd-resolve as 103 and systemd-networkd as 102 as pointed out by @filbranden

[yuwata]

GID 102 was allocated by systemd-network... So gid_is_valid() will accept it...

gid_is_valid() just checks the value in a range, and not checks whether the group exists or not.

[filbranden]

Maybe try daemon-reload?

There's two log lines with systemd-resolved.service: User lookup succeeded: uid=102 gid=102 and only the second one has gid=102... Maybe it's going through a separate code path that triggers it? (There's one code path that assumes numeric ids and runs parse_uid...)

[yuwata]

Oh, finally, I reproduce this. Adding ExecStartPost= causes this.

[yuwata]

Hmm. So, the problem is that only UID is stored in the storage socket...

[yuwata]

Fix is waiting in #9720.