[lxc-devel] Oh CRAP! Another damn pam_loginuid.so gotcha...
Dwight Engen
dwight.engen at oracle.com
Tue Dec 17 22:27:48 UTC 2013
On Tue, 17 Dec 2013 16:59:49 -0500
"Michael H. Warfield" <mhw at WittsEnd.com> wrote:
> Dwight (and others),
>
> You may need to deal with this in the Oracle template as well...
>
> I just ran SMACK into another one of those session failures because of
> pam_loginuid.so. This time it was in cron jobs. I was setting up
> cron jobs in containers under users and none of them were running.
> Answer was obvious when I checked /var/log/cron...
>
> Dec 17 16:20:01 localhost crond[544]: (root) FAILED to open PAM
> security session (Cannot make/remove an entry for the specified
> session) Dec 17 16:30:01 localhost crond[545]: (root) FAILED to open
> PAM security session (Cannot make/remove an entry for the specified
> session) Dec 17 16:40:01 localhost crond[546]: (root) FAILED to open
> PAM security session (Cannot make/remove an entry for the specified
> session) Dec 17 16:50:01 localhost crond[547]: (root) FAILED to open
> PAM security session (Cannot make/remove an entry for the specified
> session)
>
> Damn it.
>
> One more spot where that's got to get fixed in the template to comment
> out pam_loginuid.so out of /etc/pam.d/crond now.
Ahh, yep, thanks, and good catch there Mike. I might take the route of
making pam_loginuid.so a link to pam_permit.so just in case there
are more of these lurking about. Also, then it would be only one place
to undo if the audit namespace turns out to solve the loginuid stuff.
> I'll submit patches for the CentOS and Fedora templates in a day or
> so. Sigh...
>
> Regards,
> Mike
More information about the lxc-devel
mailing list