[lxc-users] Username/Password for LXC container in fedora-20

Michael H. Warfield mhw at WittsEnd.com
Fri Jun 6 13:44:35 UTC 2014


On Fri, 2014-06-06 at 09:22 +0530, Ajith Adapa wrote:
> @Michael

> Sorry seems I have shared wrong log in previous mail. As you can see I
> have commented the line in all files under /ete/pam.d

> # cd /etc/pam.d
> # grep -rin pam_loginuid *
> atd:8:#session    required    pam_loginuid.so
> crond:8:#session    required   pam_loginuid.so
> gdm-autologin:9:#session    required    pam_loginuid.so
> gdm-fingerprint:10:#session     required      pam_loginuid.so
> gdm-password:12:#session     required      pam_loginuid.so
> gdm-pin:14:#session     required      pam_loginuid.so
> gdm-smartcard:10:#session     required      pam_loginuid.so
> login:10:#session    required     pam_loginuid.so
> pluto:16:#session required pam_loginuid.so
> remote:10:#session    required     pam_loginuid.so
> sshd:10:#session    required     pam_loginuid.so

Is that in your host /etc/pam.d or in your container
${rootfs}/etc/pam.d ?

From your previous message, I would say to look in:

Looks like the former.  It has to be done in the container, not in the
host.  You should NOT do this in the host root file system.

/var/lib/lxc/test/rootfs/etc/pam.d/*

> Regards,
> Ajith

Regards,
Mike

> 
> On Fri, Jun 6, 2014 at 9:07 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
> > Hi Michael,
> >
> > I have updated Fedora-20 to latest kernel version.
> >
> > # uname -a
> > Linux localhost.localdomain 3.14.4-200.fc20.x86_64 #1 SMP Tue May 13
> > 13:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
> >
> > and commented out the line in /etc/pam.d/sshd file
> >
> > # cat /etc/pam.d/sshd
> > #%PAM-1.0
> > auth       required     pam_sepermit.so
> > auth       substack     password-auth
> > auth       include      postlogin
> > account    required     pam_nologin.so
> > account    include      password-auth
> > password   include      password-auth
> > # pam_selinux.so close should be the first session rule
> > session    required     pam_selinux.so close
> > #session    required     pam_loginuid.so
> > # pam_selinux.so open should only be followed by sessions to be
> > executed in the user context
> > session    required     pam_selinux.so open env_params
> > session    optional     pam_keyinit.so force revoke
> > session    include      password-auth
> > session    include      postlogin
> >
> > But still face the same problem when I create and start a new LXC container.
> >
> > @Fajar
> >
> > I tried again creating new lxc container but havent seen any password
> > in output log
> >
> > # lxc-create -n test -t fedora
> >
> > lxc-create: No config file specified, using the default config
> > /etc/lxc/default.
> > conf
> > Host CPE ID from /etc/os-release: cpe:/o:fedoraproject:fedora:20
> > Checking cache download in /var/cache/lxc/fedora/x86_64/20/rootfs ...
> > Cache found. Updating...
> > Loaded plugins: langpacks, refresh-packagekit
> > Could not get metalink
> > https://mirrors.fedoraproject.org/metalink?repo=updates-r
> >                                      eleased-f20&arch=x86_64 error was
> > 14: curl#6 - "Could not resolve host: mirrors.fedoraproject.org"
> > No packages marked for update
> > Update finished
> > Copy /var/cache/lxc/fedora/x86_64/20/rootfs to /var/lib/lxc/test/rootfs ...
> > Copying rootfs to /var/lib/lxc/test/rootfs ...setting root passwd to root
> > installing fedora-release package
> > Package fedora-release-20-3.noarch already installed and latest version
> > Nothing to do
> > unlink: cannot unlink
> > â/var/lib/lxc/test/rootfs/etc/systemd/system/default.targe
> >                                       tâ: No such file or directory
> > container rootfs and config created
> > 'fedora' template installed
> > 'test' created
> >
> >
> > # lxc-start -n test
> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
> > +IMA +SYSVINI                                                   T
> > +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
> > Detected virtualization 'lxc'.
> >
> > Welcome to Fedora 20 (Heisenbug)!
> >
> > Set hostname to <test.localdomain>.
> > Initializing machine ID from KVM UUID.
> > [  OK  ] Reached target Remote File Systems.
> > [  OK  ] Created slice Root Slice.
> > [  OK  ] Created slice User and Session Slice.
> > [  OK  ] Created slice System Slice.
> > [  OK  ] Reached target Slices.
> > [  OK  ] Created slice system-getty.slice.
> > [  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
> > [  OK  ] Listening on Delayed Shutdown Socket.
> > Failed to open /dev/autofs: No such file or directory
> > Failed to initialize automounter: No such file or directory
> > [FAILED] Failed to set up automount Arbitrary Executable File...utomount Point.
> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
> > [  OK  ] Listening on udev Kernel Socket.
> > [  OK  ] Listening on udev Control Socket.
> > [  OK  ] Reached target Encrypted Volumes.
> > [  OK  ] Listening on Journal Socket.
> >          Starting Apply Kernel Variables...
> >          Mounting Debug File System...
> >          Starting udev Coldplug all Devices...
> >          Mounting Huge Pages File System...
> >          Mounting POSIX Message Queue File System...
> >          Starting Create static device nodes in /dev...
> >          Mounting Configuration File System...
> >          Starting Journal Service...
> > [  OK  ] Started Journal Service.
> > [  OK  ] Reached target Paths.
> > [  OK  ] Reached target Swap.
> >          Starting Remount Root and Kernel File Systems...
> >          Mounting Temporary Directory...
> > [  OK  ] Started Create static device nodes in /dev.
> >          Starting udev Kernel Device Manager...
> > [  OK  ] Mounted POSIX Message Queue File System.
> > [  OK  ] Mounted Configuration File System.
> > <30>systemd-udevd[20]: starting version 208
> > [  OK  ] Mounted Huge Pages File System.
> > [  OK  ] Mounted Debug File System.
> > [  OK  ] Mounted Temporary Directory.
> > [  OK  ] Started udev Coldplug all Devices.
> > [  OK  ] Started udev Kernel Device Manager.
> > [  OK  ] Started Remount Root and Kernel File Systems.
> > [  OK  ] Started Apply Kernel Variables.
> >          Starting Load/Save Random Seed...
> > [  OK  ] Reached target Local File Systems (Pre).
> >          Starting Configure read-only root support...
> > [  OK  ] Started Load/Save Random Seed.
> > [  OK  ] Reached target Sound Card.
> > [  OK  ] Started Configure read-only root support.
> > [  OK  ] Reached target Local File Systems.
> >          Starting Trigger Flushing of Journal to Persistent Storage...
> >          Starting Mark the need to relabel after reboot...
> >          Starting Create Volatile Files and Directories...
> > [  OK  ] Started Create Volatile Files and Directories.
> >          Starting Update UTMP about System Reboot/Shutdown...
> > [  OK  ] Started Mark the need to relabel after reboot.
> > [  OK  ] Started Update UTMP about System Reboot/Shutdown.
> > [  OK  ] Reached target System Initialization.
> > [  OK  ] Reached target Timers.
> > [  OK  ] Listening on D-Bus System Message Bus Socket.
> > [  OK  ] Reached target Sockets.
> > [  OK  ] Reached target Basic System.
> >          Starting System Logging Service...
> >          Starting Login Service...
> >          Starting D-Bus System Message Bus...
> > [  OK  ] Started D-Bus System Message Bus.
> > <46>systemd-journald[17]: Received request to flush runtime journal from PID 1
> > [  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
> >          Starting Permit User Sessions...
> > [  OK  ] Started Login Service.
> > [  OK  ] Started System Logging Service.
> > [  OK  ] Started Permit User Sessions.
> >          Starting Getty on tty3...
> > [  OK  ] Started Getty on tty3.
> >          Starting Getty on tty4...
> > [  OK  ] Started Getty on tty4.
> >          Starting Getty on tty2...
> > [  OK  ] Started Getty on tty2.
> >          Starting Getty on tty1...
> > [  OK  ] Started Getty on tty1.
> >          Starting Console Getty...
> > [  OK  ] Started Console Getty.
> > [  OK  ] Reached target Login Prompts.
> > [  OK  ] Reached target Multi-User System.
> >
> > Fedora release 20 (Heisenbug)
> > Kernel 3.14.4-200.fc20.x86_64 on an x86_64 (console)
> >
> > test login:
> >
> > Regards,
> > Ajith
> >
> >
> > On Fri, Jun 6, 2014 at 6:18 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
> >> Hi guys,
> >>
> >> Thanks for the replies. I will try to upgrade my Fedora-20 with latest
> >> kernel and try the same.
> >>
> >>
> >>
> >> On Thu, Jun 5, 2014 at 7:51 PM, Michael H. Warfield <mhw at wittsend.com>
> >> wrote:
> >>>
> >>> On Thu, 2014-06-05 at 17:56 +0530, Ajith Adapa wrote:
> >>> > Hi,
> >>> >
> >>> > I have created an lxc container in feodra-20 with default config file
> >>> > and default fedora template.
> >>> >
> >>> > lxc-create -n root -t fedora
> >>> >
> >>> > When i try to start the container i am greeted with username and
> >>> > password prompt.What is the default username/password for
> >>> > lxc-container in fedora-20 ?
> >>> >
> >>> >
> >>> > Kernel Version
> >>> > ============
> >>>
> >>> > Linux localhost.localdomain 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5
> >>> > 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
> >>>
> >>> >
> >>> > LXC-version
> >>> > =============
> >>> > [root at localhost ~]# lxc-version
> >>> > lxc version: 0.9.0
> >>>
> >>> Ok...  Stop right there.  Seems to suddenly be a lot of people running
> >>> into this problem all of a sudden.  You're running on a combination of
> >>> old kernel and old version of LXC that do not play nice together and,
> >>> yes, that the early F20 kernel with the distro distributed version of
> >>> LXC.  We've been having an active discussion about this bug in several
> >>> forums.
> >>>
> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1002914
> >>>
> >>> Please note comments #6 & #7
> >>>
> >>> -- 6
> >>> I've noticed that this issue should be fixed in v3.13-rc1
> >>>
> >>> As mentioned in commit
> >>>
> >>>
> >>> http://o.cs.uvic.ca:20810/perl/cid.pl?cid=83fa6bbe4c4541ae748b550b4ec391f8a0acfe94
> >>>
> >>> CONFIG_AUDIT_LOGINUID_IMMUTABLE=y was removed. Could you please retest it
> >>> on the latest Fedora?
> >>> --
> >>>
> >>> -- 7
> >>> Hi,
> >>>  I have tried with the latest upgrades of F20 and the problem has been
> >>> fixed.
> >>>  Thank you very much for the support!
> >>>
> >>>  Regards,
> >>>  Enrique
> >>> --
> >>>
> >>> So, you have 2 choices.
> >>>
> >>> 1) Update your F20 system to the latest kernel.  My development server
> >>> is currently running 3.14.4-200.fc20.x86_64 from Fedora Updates.
> >>>
> >>> 2) Go through the files in ${root_fs}/etc/pam.d and make the following
> >>> changes:
> >>>
> >>> - session    required     pam_loginuid.so
> >>> + # session    required     pam_loginuid.so
> >>>
> >>> Either of those will enable you to log in once again.  If you don't to
> >>> either, there is no combination of user name or password that will work,
> >>> due to the error being generated out of pam_loginuid.so.
> >>> >
> >>> >
> >>> > [root at localhost ~]# lxc-start -n root
> >>> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
> >>> > +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
> >>> > Detected virtualization 'lxc'.
> >>> >
> >>> > Welcome to Fedora 20 (Heisenbug)!
> >>> >
> >>> > Set hostname to <root.localdomain>.
> >>> > [  OK  ] Reached target Remote File Systems.
> >>> > [  OK  ] Created slice Root Slice.
> >>> > [  OK  ] Created slice User and Session Slice.
> >>> > [  OK  ] Created slice System Slice.
> >>> > [  OK  ] Reached target Slices.
> >>> > [  OK  ] Created slice system-getty.slice.
> >>> > [  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
> >>> > [  OK  ] Listening on Delayed Shutdown Socket.
> >>> > Failed to open /dev/autofs: No such file or directory
> >>> > Failed to initialize automounter: No such file or directory
> >>> > [FAILED] Failed to set up automount Arbitrary Executable
> >>> > File...utomount Point.
> >>> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
> >>> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
> >>> > [  OK  ] Listening on udev Kernel Socket.
> >>> > [  OK  ] Listening on udev Control Socket.
> >>> > [  OK  ] Reached target Encrypted Volumes.
> >>> > [  OK  ] Listening on Journal Socket.
> >>> >          Starting Apply Kernel Variables...
> >>> >          Mounting Debug File System...
> >>> >          Starting udev Coldplug all Devices...
> >>> >          Mounting Huge Pages File System...
> >>> >          Mounting POSIX Message Queue File System...
> >>> >          Mounting FUSE Control File System...
> >>> >          Starting Create static device nodes in /dev...
> >>> >          Mounting Configuration File System...
> >>> >          Starting Journal Service...
> >>> > [  OK  ] Started Journal Service.
> >>> > [  OK  ] Reached target Paths.
> >>> > [  OK  ] Reached target Swap.
> >>> >          Starting Remount Root and Kernel File Systems...
> >>> >          Mounting Temporary Directory...
> >>> > [  OK  ] Started Apply Kernel Variables.
> >>> > [  OK  ] Mounted Debug File System.
> >>> > [  OK  ] Mounted Huge Pages File System.
> >>> > [  OK  ] Mounted POSIX Message Queue File System.
> >>> > [  OK  ] Mounted FUSE Control File System.
> >>> > [  OK  ] Started Create static device nodes in /dev.
> >>> > [  OK  ] Mounted Configuration File System.
> >>> > [  OK  ] Started Remount Root and Kernel File Systems.
> >>> > [  OK  ] Mounted Temporary Directory.
> >>> >          Starting Load/Save Random Seed...
> >>> >          Starting Configure read-only root support...
> >>> >          Starting udev Kernel Device Manager...
> >>> > [  OK  ] Reached target Local File Systems (Pre).
> >>> > <30>systemd-udevd[24]: starting version 208
> >>> > [  OK  ] Started Load/Save Random Seed.
> >>> > [  OK  ] Started udev Kernel Device Manager.
> >>> > [  OK  ] Started Configure read-only root support.
> >>> > [  OK  ] Reached target Local File Systems.
> >>> >          Starting Trigger Flushing of Journal to Persistent Storage...
> >>> >          Starting Create Volatile Files and Directories...
> >>> > [  OK  ] Started udev Coldplug all Devices.
> >>> > [  OK  ] Started Create Volatile Files and Directories.
> >>> >          Starting Update UTMP about System Reboot/Shutdown...
> >>> > <46>systemd-journald[18]: Received request to flush runtime journal
> >>> > from PID 1
> >>> > [  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
> >>> > [  OK  ] Started Update UTMP about System Reboot/Shutdown.
> >>> > [  OK  ] Reached target System Initialization.
> >>> > [  OK  ] Reached target Timers.
> >>> > [  OK  ] Listening on D-Bus System Message Bus Socket.
> >>> > [  OK  ] Reached target Sockets.
> >>> > [  OK  ] Reached target Basic System.
> >>> >          Starting System Logging Service...
> >>> >          Starting Permit User Sessions...
> >>> >          Starting Login Service...
> >>> >          Starting D-Bus System Message Bus...
> >>> > [  OK  ] Started D-Bus System Message Bus.
> >>> > [  OK  ] Started Permit User Sessions.
> >>> >          Starting Getty on tty3...
> >>> > [  OK  ] Started Getty on tty3.
> >>> >          Starting Getty on tty4...
> >>> > [  OK  ] Started Getty on tty4.
> >>> >          Starting Getty on tty2...
> >>> > [  OK  ] Started Getty on tty2.
> >>> >          Starting Getty on tty1...
> >>> > [  OK  ] Started Getty on tty1.
> >>> >          Starting Console Getty...
> >>> > [  OK  ] Started Console Getty.
> >>> > [  OK  ] Reached target Login Prompts.
> >>> >          Starting Cleanup of Temporary Directories...
> >>> > [  OK  ] Started System Logging Service.
> >>> > [  OK  ] Started Cleanup of Temporary Directories.
> >>> > [  OK  ] Reached target Sound Card.
> >>> > [  OK  ] Started Login Service.
> >>> > [  OK  ] Reached target Multi-User System.
> >>> >
> >>> > Fedora release 20 (Heisenbug)
> >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
> >>> >
> >>> > root login: root
> >>> > Password:
> >>> > Last failed login: Thu Jun  5 08:37:20 UTC 2014 on console
> >>> > There were 3 failed login attempts since the last successful login.
> >>> >
> >>> > Cannot make/remove an entry for the specified session
> >>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>>
> >>> This is the smoking gun.  This indicates precisely and exactly that you
> >>> are running into the pam_loginuid.so conflict bug.
> >>>
> >>> > Fedora release 20 (Heisenbug)
> >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
> >>> >
> >>> > root login:
> >>> >
> >>> >
> >>> >
> >>> > Regards,
> >>> > Ajith
> >>>
> >>> Regards,
> >>> Mike
> >>> --
> >>> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
> >>>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
> >>> http://www.wittsend.com/mhw/
> >>>    NIC whois: MHW9          | An optimist believes we live in the best of
> >>> all
> >>>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> >>>
> >>>
> >>> _______________________________________________
> >>> lxc-users mailing list
> >>> lxc-users at lists.linuxcontainers.org
> >>> http://lists.linuxcontainers.org/listinfo/lxc-users
> >>
> >>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140606/45580d59/attachment.sig>


More information about the lxc-users mailing list