Description of problem: No user slice created when non root user logs in to minimal install of F29 - running in VM. Version-Release number of selected component (if applicable): F29 How reproducible: Every time Steps to Reproduce: 1. login 2. check systemd-cgls Actual results: Non-root login (no user slice) --- $ systemd-cgls Control group /: -.slice ├─init.scope │ └─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 33 └─system.slice ├─systemd-udevd.service │ └─477 /usr/lib/systemd/systemd-udevd ├─nfs-mountd.service │ └─757 /usr/sbin/rpc.mountd ├─vgauthd.service │ └─548 /usr/bin/VGAuthService -s ├─polkit.service │ └─632 /usr/lib/polkit-1/polkitd --no-debug ├─chronyd.service │ └─557 /usr/sbin/chronyd ├─auditd.service │ └─529 /sbin/auditd ├─systemd-journald.service │ └─445 /usr/lib/systemd/systemd-journald ├─sshd.service │ ├─603 /usr/sbin/sshd -D -oCiphers=aes256-gcm,chacha20-poly1305,aes256-ctr,aes256-cbc,aes128-gcm@opens> │ ├─803 sshd: me [priv] │ ├─805 sshd: me@pts/0 │ ├─806 -bash │ ├─832 systemd-cgls │ └─833 less ├─NetworkManager.service │ ├─584 /usr/sbin/NetworkManager --no-daemon │ └─733 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-ens33.pid -lf /var/lib/NetworkManager/dhclie> ├─rpc-statd.service │ └─751 /usr/sbin/rpc.statd ├─gssproxy.service │ └─776 /usr/sbin/gssproxy -D ├─firewalld.service │ └─560 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid ├─vmtoolsd.service │ └─553 /usr/bin/vmtoolsd ├─rpcbind.service │ └─524 /usr/bin/rpcbind -w -f ├─sssd.service │ ├─550 /usr/sbin/sssd -i --logger=files │ ├─577 /usr/libexec/sssd/sssd_be --domain implicit_files --uid 0 --gid 0 --logger=files │ └─583 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files ├─nfs-idmapd.service │ └─528 /usr/sbin/rpc.idmapd ├─lvm2-lvmetad.service │ └─469 /usr/sbin/lvmetad -f -t 3600 ├─ypbind.service │ └─573 /usr/sbin/ypbind -n ├─dbus.service │ └─552 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only ├─system-getty.slice │ └─getty │ └─801 /sbin/agetty -o -p -- \u --noclear tty1 linux └─systemd-logind.service └─792 /usr/lib/systemd/systemd-logind $ id uid=500(me) gid=100(users) groups=100(users),1000(pi) $ --- Root login, creates user slice for root. --- # systemd-cgls Control group /: -.slice ├─user.slice │ └─user-0.slice │ ├─session-2.scope │ │ ├─835 sshd: root [priv] │ │ ├─844 sshd: root@pts/0 │ │ ├─845 -bash │ │ ├─866 systemd-cgls │ │ └─867 less │ └─user │ └─init.scope │ ├─838 /usr/lib/systemd/systemd --user │ └─839 (sd-pam) ├─init.scope │ └─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 33 └─system.slice ... Expected results: User slice to be available - this is results from VM host running F28 $ systemd-cgls Control group /: -.slice ├─user.slice │ └─user-500.slice │ ├─user │ │ ├─gvfs-goa-volume-monitor.service │ │ │ └─2387 /usr/libexec/gvfs-goa-volume-monitor │ │ ├─pulseaudio.service │ │ │ └─2338 /usr/bin/pulseaudio --daemonize=no │ │ ├─gvfs-daemon.service │ │ │ ├─2124 /usr/libexec/gvfsd │ │ │ ├─2129 /usr/libexec/gvfsd-fuse /run/user/500/gvfs -f -o big_writes │ │ │ └─2577 /usr/libexec/gvfsd-trash --spawner :1.5 /org/gtk/gvfs/exec_spaw/0 │ │ ├─gvfs-udisks2-volume-monitor.service │ │ │ └─2330 /usr/libexec/gvfs-udisks2-volume-monitor │ │ ├─init.scope │ │ │ ├─2040 /usr/lib/systemd/systemd --user │ │ │ └─2041 (sd-pam) │ │ ├─gvfs-gphoto2-volume-monitor.service │ │ │ └─2379 /usr/libexec/gvfs-gphoto2-volume-monitor │ │ ├─at-spi-dbus-bus.service │ │ │ ├─2219 /usr/libexec/at-spi-bus-launcher │ │ │ ├─2224 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 │ │ │ └─2226 /usr/libexec/at-spi2-registryd --use-gnome-session │ │ ├─gvfs-metadata.service │ │ │ └─2587 /usr/libexec/gvfsd-metadata │ │ ├─dbus.service │ │ │ ├─2058 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only │ │ │ ├─2121 /usr/libexec/imsettings-daemon │ │ │ ├─2302 /usr/libexec/dconf-service │ │ │ ├─2391 /usr/libexec/goa-daemon │ │ │ ├─2398 /usr/libexec/goa-identity-service │ │ │ └─2901 /usr/libexec/gconfd-2 │ │ ├─gvfs-mtp-volume-monitor.service │ │ │ └─2383 /usr/libexec/gvfs-mtp-volume-monitor │ │ └─gvfs-afc-volume-monitor.service │ │ └─2374 /usr/libexec/gvfs-afc-volume-monitor │ └─session-2.scope │ ├─2027 lightdm --session-child 12 19 │ ├─2046 cinnamon-session - Additional info: F29 has no local users created - user credentials on via NIS served from the F28 machine.
This might be caused by changes to the systemd-logind.service RestrictAddressFamilies default in F29. I created an override and it now works for me. # /etc/systemd/system/systemd-logind.service.d/nss_nis.conf [Service] IPAddressAllow=any RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 If this works for you then the fix belongs in nss_nis
(In reply to James Szinger from comment #1) > This might be caused by changes to the systemd-logind.service > RestrictAddressFamilies default in F29. I created an override and it now > works for me. > > # /etc/systemd/system/systemd-logind.service.d/nss_nis.conf > [Service] > IPAddressAllow=any > RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 > > If this works for you then the fix belongs in nss_nis Perfect. Yes, this fixes the issue for me: user slice now exists.
nss_nis-3.0-8.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-08d9ec5bd1
nss_nis-3.0-8.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-08d9ec5bd1
Ack. That's not very pretty, but I think it's the appropriate solution in this case.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #6) > Ack. That's not very pretty, but I think it's the appropriate solution in > this case. This solution was proposed by systemd [1-2]. [1] https://github.com/systemd/systemd/pull/9076/commits/a161a3c0083b8d0a8129c2dd9b502ea0b1d924c1 [2] https://github.com/systemd/systemd/issues/9072
nss_nis-3.0-8.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.