[lxc-users] lxc-fedora template
Michael H. Warfield
mhw at WittsEnd.com
Wed Jun 4 18:23:48 UTC 2014
Further information:
On Wed, 2014-06-04 at 12:57 -0400, Michael H. Warfield wrote:
> Hello,
> On Thu, 2014-06-05 at 02:10 +1100, Dmitry Kolesov wrote:
> > Hello,
> >
> >
> > I created container from lxc-fedora template. My operation system is
> > Fedora 20.
> > The kernel is 3.14.0 x86_64.
> > When I start conteiner there is one fail message:
> > [FAILED] Failed to set up automount Arbitrary Executable
> > File...utomount Point.
> > All another messages are "OK".
> > But when I try to login into I have message: "Login incorrect".
> > I tryed to chroot into rootfs directory and I have changed root's
> > password.
> > But I always have this message: "Login incorrect".
> > SELinux is disabled in my main OS.
> > Could somebody help me to login into?
> Yeah, I can take a pretty good guess what the problem might be.
> First a few questions.
> 1) What is the host distro (I'm guessing Fedora or CentOS)?
> 2) What version of LXC are you running?
> 3) Was LXC installed/built from the distro or from recent tarball or
> from git? If from git, when?
> 4) Logging in on the lxc-start console, using lxc-console or using ssh?
5) Have you updated to the latest kernel update for F20? My dev system
is running 3.14.4-200.fc20.x86_64. Your kernel rev doesn't seem to be a
stock Fedora rev string so I'm maybe guessing you are not on Fedora
after all?
What you are running into is likely this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1002914
This is a kernel configuration issue. Note comment #6:
--
I've noticed that this issue should be fixed in v3.13-rc1
As mentioned in commit
http://o.cs.uvic.ca:20810/perl/cid.pl?cid=83fa6bbe4c4541ae748b550b4ec391f8a0acfe94
CONFIG_AUDIT_LOGINUID_IMMUTABLE=y was removed. Could you please retest it on the latest Fedora?
--
And #7:
--
Hi,
I have tried with the latest upgrades of F20 and the problem has been fixed.
Thank you very much for the support!
Regards,
Enrique
--
I'm deducing here that if "CONFIG_AUDIT_LOGINUID_IMMUTABLE=y" in the
kernel config, then you are going to run into this problem. Check that
config option for your kernel build. If that's a custom kernel, then
you can also get rid of that and be able to set the login uid in a
container (probably a good idea). If you are on Fedora, please update
to the latest stock build and retest, according to that bug report.
> So, now I'll take some WAGs (wild ass guesses) with little to go on. If
> you're running the distro stock version of LXC on a Fedora 20 host (most
> likely if you're building Fedora 20 containers) then you're probably
> running an out of date version of LXC. Latest version from Fedora 20
> Updates is 0.9.0 and I'm not overly surprised you're running into this
> problem. Even Fedora rawhide (to be Fedora 21) is only sporting 0.9.0,
> sigh... Nothing encouraging in Updates Testing either, so I guess
> someone needs to file a bugzilla request to rebase it.
>
> Check in your container ${root_fs}/etc/pam.d directory for files
> containing this line:
>
> session required pam_loginuid.so
>
> Most especially the files "login" and "sshd" but others as well.
>
> If that line exists and is not commented out (leading hash #), that's
> most likely your problem. You might have also seen an error about
> unable to set session something or another, it's been a while since I
> looked at it. That might have only shown up in the log files, I don't
> recall. Comment out that line in every file that has it.
>
> Around between Fedora 19 and Fedora 20, they introduced some changes
> regarding this whole "login uid" and pam_loginuid is no longer able to
> set a login uid when running in a container. I added code to the
> lxc-fedora template to comment out all those lines in the pam.d files.
> But, I think that went into the 1.0.0 release and was probably not in
> the 0.9.0 release. We're currently on release 1.0.3 with 1.0.4 on the
> near horizon.
>
> Once those lines are commented out, you should be able to log in.
> That's all assuming what I'm guessing you are running but it's
> consistent with what I would expect.
>
> I would also strongly recommend upgrading to 1.0.3 or 1.0.4 when it's
> out, if you're not already there. 1.0.4 is going to have some
> significant improvements to the bootup and autostart processes (which
> don't even exist in 0.9.0).
>
> > Regards,
> > Dmitry
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140604/5ffb9f0b/attachment.sig>
More information about the lxc-users
mailing list