[lxc-devel] Oh CRAP! Another damn pam_loginuid.so gotcha...

Michael H. Warfield mhw at WittsEnd.com
Tue Dec 17 23:08:48 UTC 2013 

On Tue, 2013-12-17 at 17:27 -0500, Dwight Engen wrote: 
> On Tue, 17 Dec 2013 16:59:49 -0500
> "Michael H. Warfield" <mhw at WittsEnd.com> wrote:

> > Dwight (and others),
> > 
> > You may need to deal with this in the Oracle template as well...
> > 
> > I just ran SMACK into another one of those session failures because of
> > pam_loginuid.so.  This time it was in cron jobs.  I was setting up
> > cron jobs in containers under users and none of them were running.
> > Answer was obvious when I checked /var/log/cron...
> > 
> > Dec 17 16:20:01 localhost crond[544]: (root) FAILED to open PAM
> > security session (Cannot make/remove an entry for the specified
> > session) Dec 17 16:30:01 localhost crond[545]: (root) FAILED to open
> > PAM security session (Cannot make/remove an entry for the specified
> > session) Dec 17 16:40:01 localhost crond[546]: (root) FAILED to open
> > PAM security session (Cannot make/remove an entry for the specified
> > session) Dec 17 16:50:01 localhost crond[547]: (root) FAILED to open
> > PAM security session (Cannot make/remove an entry for the specified
> > session)
> > 
> > Damn it.
> > 
> > One more spot where that's got to get fixed in the template to comment
> > out pam_loginuid.so out of /etc/pam.d/crond now.

> Ahh, yep, thanks, and good catch there Mike. I might take the route of
> making pam_loginuid.so a link to pam_permit.so just in case there
> are more of these lurking about. Also, then it would be only one place
> to undo if the audit namespace turns out to solve the loginuid stuff.

Damn, that's a nice idea.  Let's make that so.

> > I'll submit patches for the CentOS and Fedora templates in a day or
> > so. Sigh...
> > 
> > Regards,
> > Mike

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131217/ae2b960e/attachment.pgp>

More information about the lxc-devel mailing list