[lxc-users] Username/Password for LXC container in fedora-20
Michael H. Warfield
mhw at WittsEnd.com
Fri Jun 6 14:17:52 UTC 2014
On Fri, 2014-06-06 at 09:44 -0400, Michael H. Warfield wrote:
> On Fri, 2014-06-06 at 09:22 +0530, Ajith Adapa wrote:
> > @Michael
>
> > Sorry seems I have shared wrong log in previous mail. As you can see I
> > have commented the line in all files under /ete/pam.d
>
> > # cd /etc/pam.d
> > # grep -rin pam_loginuid *
> > atd:8:#session required pam_loginuid.so
> > crond:8:#session required pam_loginuid.so
> > gdm-autologin:9:#session required pam_loginuid.so
> > gdm-fingerprint:10:#session required pam_loginuid.so
> > gdm-password:12:#session required pam_loginuid.so
> > gdm-pin:14:#session required pam_loginuid.so
> > gdm-smartcard:10:#session required pam_loginuid.so
> > login:10:#session required pam_loginuid.so
> > pluto:16:#session required pam_loginuid.so
> > remote:10:#session required pam_loginuid.so
> > sshd:10:#session required pam_loginuid.so
>
> Is that in your host /etc/pam.d or in your container
> ${rootfs}/etc/pam.d ?
> From your previous message, I would say to look in:
Damn copy and paste error... The line above should be below the
paragraph below.
> Looks like the former. It has to be done in the container, not in the
> host. You should NOT do this in the host root file system.
From your previous message, I would say to look in:
/var/lib/lxc/test/rootfs/etc/pam.d/*
> > Regards,
> > Ajith
>
> Regards,
> Mike
>
> >
> > On Fri, Jun 6, 2014 at 9:07 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
> > > Hi Michael,
> > >
> > > I have updated Fedora-20 to latest kernel version.
> > >
> > > # uname -a
> > > Linux localhost.localdomain 3.14.4-200.fc20.x86_64 #1 SMP Tue May 13
> > > 13:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
> > >
> > > and commented out the line in /etc/pam.d/sshd file
> > >
> > > # cat /etc/pam.d/sshd
> > > #%PAM-1.0
> > > auth required pam_sepermit.so
> > > auth substack password-auth
> > > auth include postlogin
> > > account required pam_nologin.so
> > > account include password-auth
> > > password include password-auth
> > > # pam_selinux.so close should be the first session rule
> > > session required pam_selinux.so close
> > > #session required pam_loginuid.so
> > > # pam_selinux.so open should only be followed by sessions to be
> > > executed in the user context
> > > session required pam_selinux.so open env_params
> > > session optional pam_keyinit.so force revoke
> > > session include password-auth
> > > session include postlogin
> > >
> > > But still face the same problem when I create and start a new LXC container.
> > >
> > > @Fajar
> > >
> > > I tried again creating new lxc container but havent seen any password
> > > in output log
> > >
> > > # lxc-create -n test -t fedora
> > >
> > > lxc-create: No config file specified, using the default config
> > > /etc/lxc/default.
> > > conf
> > > Host CPE ID from /etc/os-release: cpe:/o:fedoraproject:fedora:20
> > > Checking cache download in /var/cache/lxc/fedora/x86_64/20/rootfs ...
> > > Cache found. Updating...
> > > Loaded plugins: langpacks, refresh-packagekit
> > > Could not get metalink
> > > https://mirrors.fedoraproject.org/metalink?repo=updates-r
> > > eleased-f20&arch=x86_64 error was
> > > 14: curl#6 - "Could not resolve host: mirrors.fedoraproject.org"
> > > No packages marked for update
> > > Update finished
> > > Copy /var/cache/lxc/fedora/x86_64/20/rootfs to /var/lib/lxc/test/rootfs ...
> > > Copying rootfs to /var/lib/lxc/test/rootfs ...setting root passwd to root
> > > installing fedora-release package
> > > Package fedora-release-20-3.noarch already installed and latest version
> > > Nothing to do
> > > unlink: cannot unlink
> > > â/var/lib/lxc/test/rootfs/etc/systemd/system/default.targe
> > > tâ: No such file or directory
> > > container rootfs and config created
> > > 'fedora' template installed
> > > 'test' created
> > >
> > >
> > > # lxc-start -n test
> > > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
> > > +IMA +SYSVINI T
> > > +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
> > > Detected virtualization 'lxc'.
> > >
> > > Welcome to Fedora 20 (Heisenbug)!
> > >
> > > Set hostname to <test.localdomain>.
> > > Initializing machine ID from KVM UUID.
> > > [ OK ] Reached target Remote File Systems.
> > > [ OK ] Created slice Root Slice.
> > > [ OK ] Created slice User and Session Slice.
> > > [ OK ] Created slice System Slice.
> > > [ OK ] Reached target Slices.
> > > [ OK ] Created slice system-getty.slice.
> > > [ OK ] Listening on /dev/initctl Compatibility Named Pipe.
> > > [ OK ] Listening on Delayed Shutdown Socket.
> > > Failed to open /dev/autofs: No such file or directory
> > > Failed to initialize automounter: No such file or directory
> > > [FAILED] Failed to set up automount Arbitrary Executable File...utomount Point.
> > > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
> > > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
> > > [ OK ] Listening on udev Kernel Socket.
> > > [ OK ] Listening on udev Control Socket.
> > > [ OK ] Reached target Encrypted Volumes.
> > > [ OK ] Listening on Journal Socket.
> > > Starting Apply Kernel Variables...
> > > Mounting Debug File System...
> > > Starting udev Coldplug all Devices...
> > > Mounting Huge Pages File System...
> > > Mounting POSIX Message Queue File System...
> > > Starting Create static device nodes in /dev...
> > > Mounting Configuration File System...
> > > Starting Journal Service...
> > > [ OK ] Started Journal Service.
> > > [ OK ] Reached target Paths.
> > > [ OK ] Reached target Swap.
> > > Starting Remount Root and Kernel File Systems...
> > > Mounting Temporary Directory...
> > > [ OK ] Started Create static device nodes in /dev.
> > > Starting udev Kernel Device Manager...
> > > [ OK ] Mounted POSIX Message Queue File System.
> > > [ OK ] Mounted Configuration File System.
> > > <30>systemd-udevd[20]: starting version 208
> > > [ OK ] Mounted Huge Pages File System.
> > > [ OK ] Mounted Debug File System.
> > > [ OK ] Mounted Temporary Directory.
> > > [ OK ] Started udev Coldplug all Devices.
> > > [ OK ] Started udev Kernel Device Manager.
> > > [ OK ] Started Remount Root and Kernel File Systems.
> > > [ OK ] Started Apply Kernel Variables.
> > > Starting Load/Save Random Seed...
> > > [ OK ] Reached target Local File Systems (Pre).
> > > Starting Configure read-only root support...
> > > [ OK ] Started Load/Save Random Seed.
> > > [ OK ] Reached target Sound Card.
> > > [ OK ] Started Configure read-only root support.
> > > [ OK ] Reached target Local File Systems.
> > > Starting Trigger Flushing of Journal to Persistent Storage...
> > > Starting Mark the need to relabel after reboot...
> > > Starting Create Volatile Files and Directories...
> > > [ OK ] Started Create Volatile Files and Directories.
> > > Starting Update UTMP about System Reboot/Shutdown...
> > > [ OK ] Started Mark the need to relabel after reboot.
> > > [ OK ] Started Update UTMP about System Reboot/Shutdown.
> > > [ OK ] Reached target System Initialization.
> > > [ OK ] Reached target Timers.
> > > [ OK ] Listening on D-Bus System Message Bus Socket.
> > > [ OK ] Reached target Sockets.
> > > [ OK ] Reached target Basic System.
> > > Starting System Logging Service...
> > > Starting Login Service...
> > > Starting D-Bus System Message Bus...
> > > [ OK ] Started D-Bus System Message Bus.
> > > <46>systemd-journald[17]: Received request to flush runtime journal from PID 1
> > > [ OK ] Started Trigger Flushing of Journal to Persistent Storage.
> > > Starting Permit User Sessions...
> > > [ OK ] Started Login Service.
> > > [ OK ] Started System Logging Service.
> > > [ OK ] Started Permit User Sessions.
> > > Starting Getty on tty3...
> > > [ OK ] Started Getty on tty3.
> > > Starting Getty on tty4...
> > > [ OK ] Started Getty on tty4.
> > > Starting Getty on tty2...
> > > [ OK ] Started Getty on tty2.
> > > Starting Getty on tty1...
> > > [ OK ] Started Getty on tty1.
> > > Starting Console Getty...
> > > [ OK ] Started Console Getty.
> > > [ OK ] Reached target Login Prompts.
> > > [ OK ] Reached target Multi-User System.
> > >
> > > Fedora release 20 (Heisenbug)
> > > Kernel 3.14.4-200.fc20.x86_64 on an x86_64 (console)
> > >
> > > test login:
> > >
> > > Regards,
> > > Ajith
> > >
> > >
> > > On Fri, Jun 6, 2014 at 6:18 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
> > >> Hi guys,
> > >>
> > >> Thanks for the replies. I will try to upgrade my Fedora-20 with latest
> > >> kernel and try the same.
> > >>
> > >>
> > >>
> > >> On Thu, Jun 5, 2014 at 7:51 PM, Michael H. Warfield <mhw at wittsend.com>
> > >> wrote:
> > >>>
> > >>> On Thu, 2014-06-05 at 17:56 +0530, Ajith Adapa wrote:
> > >>> > Hi,
> > >>> >
> > >>> > I have created an lxc container in feodra-20 with default config file
> > >>> > and default fedora template.
> > >>> >
> > >>> > lxc-create -n root -t fedora
> > >>> >
> > >>> > When i try to start the container i am greeted with username and
> > >>> > password prompt.What is the default username/password for
> > >>> > lxc-container in fedora-20 ?
> > >>> >
> > >>> >
> > >>> > Kernel Version
> > >>> > ============
> > >>>
> > >>> > Linux localhost.localdomain 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5
> > >>> > 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
> > >>>
> > >>> >
> > >>> > LXC-version
> > >>> > =============
> > >>> > [root at localhost ~]# lxc-version
> > >>> > lxc version: 0.9.0
> > >>>
> > >>> Ok... Stop right there. Seems to suddenly be a lot of people running
> > >>> into this problem all of a sudden. You're running on a combination of
> > >>> old kernel and old version of LXC that do not play nice together and,
> > >>> yes, that the early F20 kernel with the distro distributed version of
> > >>> LXC. We've been having an active discussion about this bug in several
> > >>> forums.
> > >>>
> > >>> https://bugzilla.redhat.com/show_bug.cgi?id=1002914
> > >>>
> > >>> Please note comments #6 & #7
> > >>>
> > >>> -- 6
> > >>> I've noticed that this issue should be fixed in v3.13-rc1
> > >>>
> > >>> As mentioned in commit
> > >>>
> > >>>
> > >>> http://o.cs.uvic.ca:20810/perl/cid.pl?cid=83fa6bbe4c4541ae748b550b4ec391f8a0acfe94
> > >>>
> > >>> CONFIG_AUDIT_LOGINUID_IMMUTABLE=y was removed. Could you please retest it
> > >>> on the latest Fedora?
> > >>> --
> > >>>
> > >>> -- 7
> > >>> Hi,
> > >>> I have tried with the latest upgrades of F20 and the problem has been
> > >>> fixed.
> > >>> Thank you very much for the support!
> > >>>
> > >>> Regards,
> > >>> Enrique
> > >>> --
> > >>>
> > >>> So, you have 2 choices.
> > >>>
> > >>> 1) Update your F20 system to the latest kernel. My development server
> > >>> is currently running 3.14.4-200.fc20.x86_64 from Fedora Updates.
> > >>>
> > >>> 2) Go through the files in ${root_fs}/etc/pam.d and make the following
> > >>> changes:
> > >>>
> > >>> - session required pam_loginuid.so
> > >>> + # session required pam_loginuid.so
> > >>>
> > >>> Either of those will enable you to log in once again. If you don't to
> > >>> either, there is no combination of user name or password that will work,
> > >>> due to the error being generated out of pam_loginuid.so.
> > >>> >
> > >>> >
> > >>> > [root at localhost ~]# lxc-start -n root
> > >>> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
> > >>> > +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
> > >>> > Detected virtualization 'lxc'.
> > >>> >
> > >>> > Welcome to Fedora 20 (Heisenbug)!
> > >>> >
> > >>> > Set hostname to <root.localdomain>.
> > >>> > [ OK ] Reached target Remote File Systems.
> > >>> > [ OK ] Created slice Root Slice.
> > >>> > [ OK ] Created slice User and Session Slice.
> > >>> > [ OK ] Created slice System Slice.
> > >>> > [ OK ] Reached target Slices.
> > >>> > [ OK ] Created slice system-getty.slice.
> > >>> > [ OK ] Listening on /dev/initctl Compatibility Named Pipe.
> > >>> > [ OK ] Listening on Delayed Shutdown Socket.
> > >>> > Failed to open /dev/autofs: No such file or directory
> > >>> > Failed to initialize automounter: No such file or directory
> > >>> > [FAILED] Failed to set up automount Arbitrary Executable
> > >>> > File...utomount Point.
> > >>> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
> > >>> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
> > >>> > [ OK ] Listening on udev Kernel Socket.
> > >>> > [ OK ] Listening on udev Control Socket.
> > >>> > [ OK ] Reached target Encrypted Volumes.
> > >>> > [ OK ] Listening on Journal Socket.
> > >>> > Starting Apply Kernel Variables...
> > >>> > Mounting Debug File System...
> > >>> > Starting udev Coldplug all Devices...
> > >>> > Mounting Huge Pages File System...
> > >>> > Mounting POSIX Message Queue File System...
> > >>> > Mounting FUSE Control File System...
> > >>> > Starting Create static device nodes in /dev...
> > >>> > Mounting Configuration File System...
> > >>> > Starting Journal Service...
> > >>> > [ OK ] Started Journal Service.
> > >>> > [ OK ] Reached target Paths.
> > >>> > [ OK ] Reached target Swap.
> > >>> > Starting Remount Root and Kernel File Systems...
> > >>> > Mounting Temporary Directory...
> > >>> > [ OK ] Started Apply Kernel Variables.
> > >>> > [ OK ] Mounted Debug File System.
> > >>> > [ OK ] Mounted Huge Pages File System.
> > >>> > [ OK ] Mounted POSIX Message Queue File System.
> > >>> > [ OK ] Mounted FUSE Control File System.
> > >>> > [ OK ] Started Create static device nodes in /dev.
> > >>> > [ OK ] Mounted Configuration File System.
> > >>> > [ OK ] Started Remount Root and Kernel File Systems.
> > >>> > [ OK ] Mounted Temporary Directory.
> > >>> > Starting Load/Save Random Seed...
> > >>> > Starting Configure read-only root support...
> > >>> > Starting udev Kernel Device Manager...
> > >>> > [ OK ] Reached target Local File Systems (Pre).
> > >>> > <30>systemd-udevd[24]: starting version 208
> > >>> > [ OK ] Started Load/Save Random Seed.
> > >>> > [ OK ] Started udev Kernel Device Manager.
> > >>> > [ OK ] Started Configure read-only root support.
> > >>> > [ OK ] Reached target Local File Systems.
> > >>> > Starting Trigger Flushing of Journal to Persistent Storage...
> > >>> > Starting Create Volatile Files and Directories...
> > >>> > [ OK ] Started udev Coldplug all Devices.
> > >>> > [ OK ] Started Create Volatile Files and Directories.
> > >>> > Starting Update UTMP about System Reboot/Shutdown...
> > >>> > <46>systemd-journald[18]: Received request to flush runtime journal
> > >>> > from PID 1
> > >>> > [ OK ] Started Trigger Flushing of Journal to Persistent Storage.
> > >>> > [ OK ] Started Update UTMP about System Reboot/Shutdown.
> > >>> > [ OK ] Reached target System Initialization.
> > >>> > [ OK ] Reached target Timers.
> > >>> > [ OK ] Listening on D-Bus System Message Bus Socket.
> > >>> > [ OK ] Reached target Sockets.
> > >>> > [ OK ] Reached target Basic System.
> > >>> > Starting System Logging Service...
> > >>> > Starting Permit User Sessions...
> > >>> > Starting Login Service...
> > >>> > Starting D-Bus System Message Bus...
> > >>> > [ OK ] Started D-Bus System Message Bus.
> > >>> > [ OK ] Started Permit User Sessions.
> > >>> > Starting Getty on tty3...
> > >>> > [ OK ] Started Getty on tty3.
> > >>> > Starting Getty on tty4...
> > >>> > [ OK ] Started Getty on tty4.
> > >>> > Starting Getty on tty2...
> > >>> > [ OK ] Started Getty on tty2.
> > >>> > Starting Getty on tty1...
> > >>> > [ OK ] Started Getty on tty1.
> > >>> > Starting Console Getty...
> > >>> > [ OK ] Started Console Getty.
> > >>> > [ OK ] Reached target Login Prompts.
> > >>> > Starting Cleanup of Temporary Directories...
> > >>> > [ OK ] Started System Logging Service.
> > >>> > [ OK ] Started Cleanup of Temporary Directories.
> > >>> > [ OK ] Reached target Sound Card.
> > >>> > [ OK ] Started Login Service.
> > >>> > [ OK ] Reached target Multi-User System.
> > >>> >
> > >>> > Fedora release 20 (Heisenbug)
> > >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
> > >>> >
> > >>> > root login: root
> > >>> > Password:
> > >>> > Last failed login: Thu Jun 5 08:37:20 UTC 2014 on console
> > >>> > There were 3 failed login attempts since the last successful login.
> > >>> >
> > >>> > Cannot make/remove an entry for the specified session
> > >>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >>>
> > >>> This is the smoking gun. This indicates precisely and exactly that you
> > >>> are running into the pam_loginuid.so conflict bug.
> > >>>
> > >>> > Fedora release 20 (Heisenbug)
> > >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
> > >>> >
> > >>> > root login:
> > >>> >
> > >>> >
> > >>> >
> > >>> > Regards,
> > >>> > Ajith
> > >>>
> > >>> Regards,
> > >>> Mike
> > >>> --
> > >>> Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
> > >>> /\/\|=mhw=|\/\/ | (678) 463-0932 |
> > >>> http://www.wittsend.com/mhw/
> > >>> NIC whois: MHW9 | An optimist believes we live in the best of
> > >>> all
> > >>> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>> lxc-users mailing list
> > >>> lxc-users at lists.linuxcontainers.org
> > >>> http://lists.linuxcontainers.org/listinfo/lxc-users
> > >>
> > >>
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140606/b43e27bb/attachment-0001.sig>
More information about the lxc-users
mailing list