[lxc-users] lxc-fedora template

Michael H. Warfield mhw at WittsEnd.com
Wed Jun 4 16:57:09 UTC 2014


Hello,

On Thu, 2014-06-05 at 02:10 +1100, Dmitry Kolesov wrote:
> Hello,
> 
> 
> I created container from lxc-fedora template. My operation system is
> Fedora 20.
> The kernel is 3.14.0 x86_64. 
> When I start conteiner there is one fail message: 
>  [FAILED] Failed to set up automount Arbitrary Executable
> File...utomount Point.
> All another messages are "OK".
> But when I try to login into I have message: "Login incorrect".
> I tryed to chroot into rootfs directory and I have changed root's
> password.
> But I always have this message: "Login incorrect".
> SELinux is disabled in my main OS.
> Could somebody help me to login into?

Yeah, I can take a pretty good guess what the problem might be.

First a few questions.

1) What is the host distro (I'm guessing Fedora or CentOS)?

2) What version of LXC are you running?

3) Was LXC installed/built from the distro or from recent tarball or
from git?  If from git, when?

4) Logging in on the lxc-start console, using lxc-console or using ssh?

So, now I'll take some WAGs (wild ass guesses) with little to go on.  If
you're running the distro stock version of LXC on a Fedora 20 host (most
likely if you're building Fedora 20 containers) then you're probably
running an out of date version of LXC.  Latest version from Fedora 20
Updates is 0.9.0 and I'm not overly surprised you're running into this
problem.  Even Fedora rawhide (to be Fedora 21) is only sporting 0.9.0,
sigh...  Nothing encouraging in Updates Testing either, so I guess
someone needs to file a bugzilla request to rebase it.

Check in your container ${root_fs}/etc/pam.d directory for files
containing this line:

session    required     pam_loginuid.so

Most especially the files "login" and "sshd" but others as well.

If that line exists and is not commented out (leading hash #), that's
most likely your problem.  You might have also seen an error about
unable to set session something or another, it's been a while since I
looked at it.  That might have only shown up in the log files, I don't
recall.  Comment out that line in every file that has it.

Around between Fedora 19 and Fedora 20, they introduced some changes
regarding this whole "login uid" and pam_loginuid is no longer able to
set a login uid when running in a container.  I added code to the
lxc-fedora template to comment out all those lines in the pam.d files.
But, I think that went into the 1.0.0 release and was probably not in
the 0.9.0 release.  We're currently on release 1.0.3 with 1.0.4 on the
near horizon.

Once those lines are commented out, you should be able to log in.
That's all assuming what I'm guessing you are running but it's
consistent with what I would expect.

I would also strongly recommend upgrading to 1.0.3 or 1.0.4 when it's
out, if you're not already there.  1.0.4 is going to have some
significant improvements to the bootup and autostart processes (which
don't even exist in 0.9.0).

> Regards,
> Dmitry
> 
Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140604/18651c7c/attachment.sig>


More information about the lxc-users mailing list