[lxc-users] credentials for fedora container

Michael H. Warfield mhw at WittsEnd.com
Tue Dec 24 20:19:30 UTC 2013 

On Tue, 2013-12-24 at 21:27 +0200, Kevin Wilson wrote: 
> Hi,

> I had built lxc-0.9 from source RPM on Fedora 20.
> Then I created a container with
> lxc-create -t fedora -n fedoraCT

> It says:
> ....
> Copying rootfs to /usr/local/var/lib/lxc/fedoraCT/rootfs ...setting
> root passwd to root
> ...

> Then I try to run it by
>  lxc-start -n fedoraCT
> And I try to login with root/root and fail.
> Any ideas what are the credentials ?

Oh, just as a wild guess, you may have been bit by the pam_loginuid bug.
I'm not sure if the 0.9.0 version of the Fedora template included that
workaround or not.  I'm thinking that it did not.  If you check in
{container_rootfs}/var/log/messages and see something about "Cannot
make/remove an entry for the specified session" then that's what's
biting you.

https://bugzilla.redhat.com/show_bug.cgi?id=966807

Check the files sshd and login in {container_root}/etc/pam.d for a line
like this:

session    required     pam_loginuid.so

If this there and not commented out, comment the thing out.  Your
container should work.

If you pull the latest git (1.0.0-beta1) and build from that, you should
find the Fedora template will take care of that little problem now in
those two files.

I've still got some pending patches to also catch crond but also disable
that module by symlinking it to pam_permit.so and I'm just waiting for
the ack and push on those.  The module is broken in a container until
they gets some kernel patches upstream, it seems, plus some changes to
systemd, if I'm reading the comments correctly.

> Regards,
> Kevin

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20131224/aa0fd694/attachment.pgp>

More information about the lxc-users mailing list