[lxc-devel] Download template images default password

Michael H. Warfield mhw at WittsEnd.com
Thu Oct 30 15:58:03 UTC 2014


On Wed, 2014-10-29 at 19:51 +0900, TAMUKI Shoichi wrote:
> Hello,
> 
> From: Stephane Graber <stgraber at ubuntu.com>
> Subject: [lxc-devel] Download template images default password
> Date: Tue, 28 Oct 2014 10:56:50 -0400
> 
> > Just wanted to give a heads up to everyone that I'm now working on
> > changing all the download template generated images to stop shipping
> > with default user accounts and passwords.
> > 
> > That means that all the download images will now be much more similar.
> > No distro-specific user accounts and no root password (as in "!", not an
> > empty string). The post-create message will recommend using lxc-attach
> > or changing the password using chroot.

> Thank you for your work.  I am looking forward to that.

> There is one point that I would like the password treatment to have
> the same behavior between the following cases:

>   - using the distro-specific template with '-t' option to lxc-create
>   - using download template (for non-privileged users)

This is possible with some templates now (Fedora, CentOS) and will be
incorporated into a few others (SuSE and a few others) before long.
I've been very tardy in updating some submitted patches that needed to
be revised and resubmitted.  The very fact that we have two separate
bugzilla security bugs (one at Debian and one at Fedora) over this very
issue should be the pressure to fix the other templates.  I've
volunteered to do some of that, once we have some functions abstracted.

I'm not particularly opposed to having distro specific users (ubuntu,
fedora, etc) but all of them should be either locked or configurably
driven by templates (Fedora and CentOS) which allows for locking,
expiration, and rule based generation.  What Stéphane has done now is
great and I applaud that.  The download template is the one I was going
to steer clear of just because it's his baby and involved user space
containers which is outside of my normal realm.

> Regards,
> TAMUKI Shoichi

Expect some improvements in this area before too long.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20141030/262c0e3d/attachment.sig>


More information about the lxc-devel mailing list