[lxc-users] Username/Password for LXC container in fedora-20
Ajith Adapa
ajith.adapa at gmail.com
Fri Jun 6 03:52:20 UTC 2014
@Michael
Sorry seems I have shared wrong log in previous mail. As you can see I
have commented the line in all files under /ete/pam.d
# cd /etc/pam.d
# grep -rin pam_loginuid *
atd:8:#session required pam_loginuid.so
crond:8:#session required pam_loginuid.so
gdm-autologin:9:#session required pam_loginuid.so
gdm-fingerprint:10:#session required pam_loginuid.so
gdm-password:12:#session required pam_loginuid.so
gdm-pin:14:#session required pam_loginuid.so
gdm-smartcard:10:#session required pam_loginuid.so
login:10:#session required pam_loginuid.so
pluto:16:#session required pam_loginuid.so
remote:10:#session required pam_loginuid.so
sshd:10:#session required pam_loginuid.so
Regards,
Ajith
On Fri, Jun 6, 2014 at 9:07 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
> Hi Michael,
>
> I have updated Fedora-20 to latest kernel version.
>
> # uname -a
> Linux localhost.localdomain 3.14.4-200.fc20.x86_64 #1 SMP Tue May 13
> 13:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>
> and commented out the line in /etc/pam.d/sshd file
>
> # cat /etc/pam.d/sshd
> #%PAM-1.0
> auth required pam_sepermit.so
> auth substack password-auth
> auth include postlogin
> account required pam_nologin.so
> account include password-auth
> password include password-auth
> # pam_selinux.so close should be the first session rule
> session required pam_selinux.so close
> #session required pam_loginuid.so
> # pam_selinux.so open should only be followed by sessions to be
> executed in the user context
> session required pam_selinux.so open env_params
> session optional pam_keyinit.so force revoke
> session include password-auth
> session include postlogin
>
> But still face the same problem when I create and start a new LXC container.
>
> @Fajar
>
> I tried again creating new lxc container but havent seen any password
> in output log
>
> # lxc-create -n test -t fedora
>
> lxc-create: No config file specified, using the default config
> /etc/lxc/default.
> conf
> Host CPE ID from /etc/os-release: cpe:/o:fedoraproject:fedora:20
> Checking cache download in /var/cache/lxc/fedora/x86_64/20/rootfs ...
> Cache found. Updating...
> Loaded plugins: langpacks, refresh-packagekit
> Could not get metalink
> https://mirrors.fedoraproject.org/metalink?repo=updates-r
> eleased-f20&arch=x86_64 error was
> 14: curl#6 - "Could not resolve host: mirrors.fedoraproject.org"
> No packages marked for update
> Update finished
> Copy /var/cache/lxc/fedora/x86_64/20/rootfs to /var/lib/lxc/test/rootfs ...
> Copying rootfs to /var/lib/lxc/test/rootfs ...setting root passwd to root
> installing fedora-release package
> Package fedora-release-20-3.noarch already installed and latest version
> Nothing to do
> unlink: cannot unlink
> â/var/lib/lxc/test/rootfs/etc/systemd/system/default.targe
> tâ: No such file or directory
> container rootfs and config created
> 'fedora' template installed
> 'test' created
>
>
> # lxc-start -n test
> systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
> +IMA +SYSVINI T
> +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
> Detected virtualization 'lxc'.
>
> Welcome to Fedora 20 (Heisenbug)!
>
> Set hostname to <test.localdomain>.
> Initializing machine ID from KVM UUID.
> [ OK ] Reached target Remote File Systems.
> [ OK ] Created slice Root Slice.
> [ OK ] Created slice User and Session Slice.
> [ OK ] Created slice System Slice.
> [ OK ] Reached target Slices.
> [ OK ] Created slice system-getty.slice.
> [ OK ] Listening on /dev/initctl Compatibility Named Pipe.
> [ OK ] Listening on Delayed Shutdown Socket.
> Failed to open /dev/autofs: No such file or directory
> Failed to initialize automounter: No such file or directory
> [FAILED] Failed to set up automount Arbitrary Executable File...utomount Point.
> See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
> Unit proc-sys-fs-binfmt_misc.automount entered failed state.
> [ OK ] Listening on udev Kernel Socket.
> [ OK ] Listening on udev Control Socket.
> [ OK ] Reached target Encrypted Volumes.
> [ OK ] Listening on Journal Socket.
> Starting Apply Kernel Variables...
> Mounting Debug File System...
> Starting udev Coldplug all Devices...
> Mounting Huge Pages File System...
> Mounting POSIX Message Queue File System...
> Starting Create static device nodes in /dev...
> Mounting Configuration File System...
> Starting Journal Service...
> [ OK ] Started Journal Service.
> [ OK ] Reached target Paths.
> [ OK ] Reached target Swap.
> Starting Remount Root and Kernel File Systems...
> Mounting Temporary Directory...
> [ OK ] Started Create static device nodes in /dev.
> Starting udev Kernel Device Manager...
> [ OK ] Mounted POSIX Message Queue File System.
> [ OK ] Mounted Configuration File System.
> <30>systemd-udevd[20]: starting version 208
> [ OK ] Mounted Huge Pages File System.
> [ OK ] Mounted Debug File System.
> [ OK ] Mounted Temporary Directory.
> [ OK ] Started udev Coldplug all Devices.
> [ OK ] Started udev Kernel Device Manager.
> [ OK ] Started Remount Root and Kernel File Systems.
> [ OK ] Started Apply Kernel Variables.
> Starting Load/Save Random Seed...
> [ OK ] Reached target Local File Systems (Pre).
> Starting Configure read-only root support...
> [ OK ] Started Load/Save Random Seed.
> [ OK ] Reached target Sound Card.
> [ OK ] Started Configure read-only root support.
> [ OK ] Reached target Local File Systems.
> Starting Trigger Flushing of Journal to Persistent Storage...
> Starting Mark the need to relabel after reboot...
> Starting Create Volatile Files and Directories...
> [ OK ] Started Create Volatile Files and Directories.
> Starting Update UTMP about System Reboot/Shutdown...
> [ OK ] Started Mark the need to relabel after reboot.
> [ OK ] Started Update UTMP about System Reboot/Shutdown.
> [ OK ] Reached target System Initialization.
> [ OK ] Reached target Timers.
> [ OK ] Listening on D-Bus System Message Bus Socket.
> [ OK ] Reached target Sockets.
> [ OK ] Reached target Basic System.
> Starting System Logging Service...
> Starting Login Service...
> Starting D-Bus System Message Bus...
> [ OK ] Started D-Bus System Message Bus.
> <46>systemd-journald[17]: Received request to flush runtime journal from PID 1
> [ OK ] Started Trigger Flushing of Journal to Persistent Storage.
> Starting Permit User Sessions...
> [ OK ] Started Login Service.
> [ OK ] Started System Logging Service.
> [ OK ] Started Permit User Sessions.
> Starting Getty on tty3...
> [ OK ] Started Getty on tty3.
> Starting Getty on tty4...
> [ OK ] Started Getty on tty4.
> Starting Getty on tty2...
> [ OK ] Started Getty on tty2.
> Starting Getty on tty1...
> [ OK ] Started Getty on tty1.
> Starting Console Getty...
> [ OK ] Started Console Getty.
> [ OK ] Reached target Login Prompts.
> [ OK ] Reached target Multi-User System.
>
> Fedora release 20 (Heisenbug)
> Kernel 3.14.4-200.fc20.x86_64 on an x86_64 (console)
>
> test login:
>
> Regards,
> Ajith
>
>
> On Fri, Jun 6, 2014 at 6:18 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
>> Hi guys,
>>
>> Thanks for the replies. I will try to upgrade my Fedora-20 with latest
>> kernel and try the same.
>>
>>
>>
>> On Thu, Jun 5, 2014 at 7:51 PM, Michael H. Warfield <mhw at wittsend.com>
>> wrote:
>>>
>>> On Thu, 2014-06-05 at 17:56 +0530, Ajith Adapa wrote:
>>> > Hi,
>>> >
>>> > I have created an lxc container in feodra-20 with default config file
>>> > and default fedora template.
>>> >
>>> > lxc-create -n root -t fedora
>>> >
>>> > When i try to start the container i am greeted with username and
>>> > password prompt.What is the default username/password for
>>> > lxc-container in fedora-20 ?
>>> >
>>> >
>>> > Kernel Version
>>> > ============
>>>
>>> > Linux localhost.localdomain 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5
>>> > 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>> >
>>> > LXC-version
>>> > =============
>>> > [root at localhost ~]# lxc-version
>>> > lxc version: 0.9.0
>>>
>>> Ok... Stop right there. Seems to suddenly be a lot of people running
>>> into this problem all of a sudden. You're running on a combination of
>>> old kernel and old version of LXC that do not play nice together and,
>>> yes, that the early F20 kernel with the distro distributed version of
>>> LXC. We've been having an active discussion about this bug in several
>>> forums.
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1002914
>>>
>>> Please note comments #6 & #7
>>>
>>> -- 6
>>> I've noticed that this issue should be fixed in v3.13-rc1
>>>
>>> As mentioned in commit
>>>
>>>
>>> http://o.cs.uvic.ca:20810/perl/cid.pl?cid=83fa6bbe4c4541ae748b550b4ec391f8a0acfe94
>>>
>>> CONFIG_AUDIT_LOGINUID_IMMUTABLE=y was removed. Could you please retest it
>>> on the latest Fedora?
>>> --
>>>
>>> -- 7
>>> Hi,
>>> I have tried with the latest upgrades of F20 and the problem has been
>>> fixed.
>>> Thank you very much for the support!
>>>
>>> Regards,
>>> Enrique
>>> --
>>>
>>> So, you have 2 choices.
>>>
>>> 1) Update your F20 system to the latest kernel. My development server
>>> is currently running 3.14.4-200.fc20.x86_64 from Fedora Updates.
>>>
>>> 2) Go through the files in ${root_fs}/etc/pam.d and make the following
>>> changes:
>>>
>>> - session required pam_loginuid.so
>>> + # session required pam_loginuid.so
>>>
>>> Either of those will enable you to log in once again. If you don't to
>>> either, there is no combination of user name or password that will work,
>>> due to the error being generated out of pam_loginuid.so.
>>> >
>>> >
>>> > [root at localhost ~]# lxc-start -n root
>>> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
>>> > +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
>>> > Detected virtualization 'lxc'.
>>> >
>>> > Welcome to Fedora 20 (Heisenbug)!
>>> >
>>> > Set hostname to <root.localdomain>.
>>> > [ OK ] Reached target Remote File Systems.
>>> > [ OK ] Created slice Root Slice.
>>> > [ OK ] Created slice User and Session Slice.
>>> > [ OK ] Created slice System Slice.
>>> > [ OK ] Reached target Slices.
>>> > [ OK ] Created slice system-getty.slice.
>>> > [ OK ] Listening on /dev/initctl Compatibility Named Pipe.
>>> > [ OK ] Listening on Delayed Shutdown Socket.
>>> > Failed to open /dev/autofs: No such file or directory
>>> > Failed to initialize automounter: No such file or directory
>>> > [FAILED] Failed to set up automount Arbitrary Executable
>>> > File...utomount Point.
>>> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
>>> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
>>> > [ OK ] Listening on udev Kernel Socket.
>>> > [ OK ] Listening on udev Control Socket.
>>> > [ OK ] Reached target Encrypted Volumes.
>>> > [ OK ] Listening on Journal Socket.
>>> > Starting Apply Kernel Variables...
>>> > Mounting Debug File System...
>>> > Starting udev Coldplug all Devices...
>>> > Mounting Huge Pages File System...
>>> > Mounting POSIX Message Queue File System...
>>> > Mounting FUSE Control File System...
>>> > Starting Create static device nodes in /dev...
>>> > Mounting Configuration File System...
>>> > Starting Journal Service...
>>> > [ OK ] Started Journal Service.
>>> > [ OK ] Reached target Paths.
>>> > [ OK ] Reached target Swap.
>>> > Starting Remount Root and Kernel File Systems...
>>> > Mounting Temporary Directory...
>>> > [ OK ] Started Apply Kernel Variables.
>>> > [ OK ] Mounted Debug File System.
>>> > [ OK ] Mounted Huge Pages File System.
>>> > [ OK ] Mounted POSIX Message Queue File System.
>>> > [ OK ] Mounted FUSE Control File System.
>>> > [ OK ] Started Create static device nodes in /dev.
>>> > [ OK ] Mounted Configuration File System.
>>> > [ OK ] Started Remount Root and Kernel File Systems.
>>> > [ OK ] Mounted Temporary Directory.
>>> > Starting Load/Save Random Seed...
>>> > Starting Configure read-only root support...
>>> > Starting udev Kernel Device Manager...
>>> > [ OK ] Reached target Local File Systems (Pre).
>>> > <30>systemd-udevd[24]: starting version 208
>>> > [ OK ] Started Load/Save Random Seed.
>>> > [ OK ] Started udev Kernel Device Manager.
>>> > [ OK ] Started Configure read-only root support.
>>> > [ OK ] Reached target Local File Systems.
>>> > Starting Trigger Flushing of Journal to Persistent Storage...
>>> > Starting Create Volatile Files and Directories...
>>> > [ OK ] Started udev Coldplug all Devices.
>>> > [ OK ] Started Create Volatile Files and Directories.
>>> > Starting Update UTMP about System Reboot/Shutdown...
>>> > <46>systemd-journald[18]: Received request to flush runtime journal
>>> > from PID 1
>>> > [ OK ] Started Trigger Flushing of Journal to Persistent Storage.
>>> > [ OK ] Started Update UTMP about System Reboot/Shutdown.
>>> > [ OK ] Reached target System Initialization.
>>> > [ OK ] Reached target Timers.
>>> > [ OK ] Listening on D-Bus System Message Bus Socket.
>>> > [ OK ] Reached target Sockets.
>>> > [ OK ] Reached target Basic System.
>>> > Starting System Logging Service...
>>> > Starting Permit User Sessions...
>>> > Starting Login Service...
>>> > Starting D-Bus System Message Bus...
>>> > [ OK ] Started D-Bus System Message Bus.
>>> > [ OK ] Started Permit User Sessions.
>>> > Starting Getty on tty3...
>>> > [ OK ] Started Getty on tty3.
>>> > Starting Getty on tty4...
>>> > [ OK ] Started Getty on tty4.
>>> > Starting Getty on tty2...
>>> > [ OK ] Started Getty on tty2.
>>> > Starting Getty on tty1...
>>> > [ OK ] Started Getty on tty1.
>>> > Starting Console Getty...
>>> > [ OK ] Started Console Getty.
>>> > [ OK ] Reached target Login Prompts.
>>> > Starting Cleanup of Temporary Directories...
>>> > [ OK ] Started System Logging Service.
>>> > [ OK ] Started Cleanup of Temporary Directories.
>>> > [ OK ] Reached target Sound Card.
>>> > [ OK ] Started Login Service.
>>> > [ OK ] Reached target Multi-User System.
>>> >
>>> > Fedora release 20 (Heisenbug)
>>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
>>> >
>>> > root login: root
>>> > Password:
>>> > Last failed login: Thu Jun 5 08:37:20 UTC 2014 on console
>>> > There were 3 failed login attempts since the last successful login.
>>> >
>>> > Cannot make/remove an entry for the specified session
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>
>>> This is the smoking gun. This indicates precisely and exactly that you
>>> are running into the pam_loginuid.so conflict bug.
>>>
>>> > Fedora release 20 (Heisenbug)
>>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
>>> >
>>> > root login:
>>> >
>>> >
>>> >
>>> > Regards,
>>> > Ajith
>>>
>>> Regards,
>>> Mike
>>> --
>>> Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
>>> /\/\|=mhw=|\/\/ | (678) 463-0932 |
>>> http://www.wittsend.com/mhw/
>>> NIC whois: MHW9 | An optimist believes we live in the best of
>>> all
>>> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
>>>
>>>
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>>
More information about the lxc-users
mailing list