I've found at least two services that fail to start on my machine: apache (www-servers/apache) and mysqld (dev-db/mysql). This is a piece of `systemctl status` showing the error: apache2.service -> '/org/freedesktop/systemd1/unit/apache2_2eservice' apache2.service - The Apache HTTP Server Loaded: loaded (/usr/lib64/systemd/system/apache2.service; disabled) Active: failed (Result: exit-code) since Пт 2014-03-07 00:45:19 MSK; 3s ago Process: 2589 ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop (code=exited, status=226/NAMESPACE) Process: 2587 ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND (code=exited, status=226/NAMESPACE) Main PID: 2587 (code=exited, status=226/NAMESPACE) мар 07 00:45:19 snork systemd[1]: apache2.service: main process exited, code=exited, status=226/NAMESPACE мар 07 00:45:19 snork systemd[1]: About to execute: /usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop мар 07 00:45:19 snork systemd[1]: Forked /usr/sbin/apache2 as 2589 мар 07 00:45:19 snork systemd[1]: apache2.service changed running -> stop мар 07 00:45:19 snork systemd[2589]: Failed at step NAMESPACE spawning /usr/sbin/apache2: Operation not permitted мар 07 00:45:19 snork systemd[1]: Child 2589 belongs to apache2.service мар 07 00:45:19 snork systemd[1]: apache2.service: control process exited, code=exited status=226 мар 07 00:45:19 snork systemd[1]: apache2.service got final SIGCHLD for state stop мар 07 00:45:19 snork systemd[1]: apache2.service changed stop -> failed мар 07 00:45:19 snork systemd[1]: Unit apache2.service entered failed state. Error from mysqld is similar: Failed at step NAMESPACE spawning /usr/bin/mysqld_safe: Operation not permitted Both affected units have PrivateTmp=true. Changing it to PrivateTmp=false fixes the problem. Discussion at https://bugzilla.redhat.com/show_bug.cgi?id=835131 suggests it happens when /var/tmp is a symlink to /tmp. Indeed /var/tmp on my system is a symlink.
I'm using latest stable sys-apps/systemd-208-r2 Here is `emerge --info`: Portage 2.2.7 (default/linux/amd64/13.0/desktop/gnome/systemd, gcc-4.7.3, glibc-2.17, 3.10.17-gentoo x86_64) ================================================================= System uname: Linux-3.10.17-gentoo-x86_64-Intel-R-_Core-TM-2_Duo_CPU_P8600_@_2.40GHz-with-gentoo-2.2 KiB Mem: 4113608 total, 2333776 free KiB Swap: 4194284 total, 4194284 free Timestamp of tree: Mon, 03 Mar 2014 17:30:01 +0000 ld GNU ld (GNU Binutils) 2.23.2 app-shells/bash: 4.2_p45 dev-java/java-config: 2.1.12-r1 dev-lang/python: 2.7.5-r3, 3.3.3 dev-util/cmake: 2.8.11.2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.11.6, 1.13.4 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.7.3-r1 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.9 (virtual/os-headers) sys-libs/glibc: 2.17 Repositories: gentoo sunrise sublime-text portage-local Installed sets: @system ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.0/conf /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/sunrise /var/lib/layman/sublime-text /usr/local/portage" USE="X a52 aac acl acpi alsa amd64 bash-completion berkdb branding bzip2 cairo cdda cdr cli colord cracklib crypt cups cxx dbus dri dts dvd dvdr emboss encode evo exif fam firefox flac gdbm gif gnome gnome-keyring gstreamer gtk iconv introspection jpeg lcms libnotify libsecret mad mmx mmxext mng modules mp3 mp4 mpeg multilib nautilus ncurses nls nptl opengl openmp pam pango pcre pdf png policykit ppds pulseaudio qt3support readline sdl session socialweb spell sse sse2 sse3 ssl ssse3 startup-notification svg systemd tcpd tiff truetype udev udisks unicode upower usb vdpau wxwidgets x264 xcb xinerama xml xulrunner xv xvid zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="canon ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CURL_SSL="openssl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en ru ru_RU" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python3_3" PYTHON_TARGETS="python3_3 python2_7" RUBY_TARGETS="ruby20" SANE_BACKENDS="hp" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON
One more affected service: colord (x11-misc/colord)
I think this is more like an upstream issue and they will probably know more about how to fix it
And you will probably need to convince upstream to allow this setup: https://bugzilla.novell.com/show_bug.cgi?id=856798 Please report to https://bugs.freedesktop.org and post the link here to allow us to track the issue
(In reply to Pacho Ramos from comment #4) > And you will probably need to convince upstream to allow this setup: > https://bugzilla.novell.com/show_bug.cgi?id=856798 > I don't really see any rationale for not allowing /var/tmp to be a symlink anywhere in that bug, or anything it references. However, it seems like a lot of packages crash when there are symlinks in various paths - seems to be all the rage. I think even portage gets upset if your /var or /usr are symlinks. As a result my fstab is loaded with bind mounts...
(In reply to Richard Freeman from comment #5) > (In reply to Pacho Ramos from comment #4) > > And you will probably need to convince upstream to allow this setup: > > https://bugzilla.novell.com/show_bug.cgi?id=856798 > > > > I don't really see any rationale for not allowing /var/tmp to be a symlink > anywhere in that bug, or anything it references. FWIW, I have a bind-mount entry for /var/tmp in fstab now, to work around this problem. > However, it seems like a > lot of packages crash when there are symlinks in various paths - seems to be > all the rage. I think even portage gets upset if your /var or /usr are > symlinks. As a result my fstab is loaded with bind mounts... FWIW, portage is working fine with /usr -> . (so everything that would be in /usr ends up directly in /, it's my form of usr-merge) here. I have a bunch of other symlinks too (/home -> /h, /var/log -> /lg, /sbin -> /bin, various state-tracking subdirs in /var/<subdir> -> /h/var/<subdir> so / can stay read-only mounted, etc). Portage /works/ fine but will ordinarily log a warning on unmerge of existing packages (including unmerge of existing after update) that cross the symlink. However, that warning can be disabled by listing the symlink in UNINSTALL_IGNORE in make.conf. See the make.conf manpage. Here's my full list (/var/lib isn't a symlink itself but it has several subdirs that are): UNINSTALL_IGNORE=" ${UNINSTALL_IGNORE} /sbin /usr /usr/games /usr/lib/systemd /usr/sbin /usr/share/bash-completion/completions /var/bind /var/db/sudo /var/lib/systemd /var/log /var/lib /var/lock /var/run " Tho I do have a few bind-mounts in fstab, mostly for a chrooted named (FWIW there's a systemd related bug for that, with a simple service file fix), but also one for /var/tmp since systemd seems to require it. Anyway, I'd suggest this bug be resolved/upstream, as I don't believe it's likely gentoo's systemd will solve it on its own, nor do I really think it should. Meanwhile, bind-mounting /tmp on top of /var/tmp appears to be the upstream-approved workaround to what they characterize as a "just don't do that" problem of /var/tmp -> /tmp.