[lxc-users] Username/Password for LXC container in fedora-20
Ajith Adapa
ajith.adapa at gmail.com
Sat Jun 7 01:41:06 UTC 2014
Hi Michael,
Yeah I have wrongly modified files at /etc/pam.d rather than in
container. After making changes as suggest I am able to login into
container successfully with root/root credentials.
Where can i get the RPM for latest lxc version ?
Is there any permanent solution where I don't need to modify files in
container everytime whenever I create a new container and start it ?
Once again, Thanks for the help.
Regards,
Ajith
On Fri, Jun 6, 2014 at 7:14 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Fri, 2014-06-06 at 09:22 +0530, Ajith Adapa wrote:
>> @Michael
>
>> Sorry seems I have shared wrong log in previous mail. As you can see I
>> have commented the line in all files under /ete/pam.d
>
>> # cd /etc/pam.d
>> # grep -rin pam_loginuid *
>> atd:8:#session required pam_loginuid.so
>> crond:8:#session required pam_loginuid.so
>> gdm-autologin:9:#session required pam_loginuid.so
>> gdm-fingerprint:10:#session required pam_loginuid.so
>> gdm-password:12:#session required pam_loginuid.so
>> gdm-pin:14:#session required pam_loginuid.so
>> gdm-smartcard:10:#session required pam_loginuid.so
>> login:10:#session required pam_loginuid.so
>> pluto:16:#session required pam_loginuid.so
>> remote:10:#session required pam_loginuid.so
>> sshd:10:#session required pam_loginuid.so
>
> Is that in your host /etc/pam.d or in your container
> ${rootfs}/etc/pam.d ?
>
> From your previous message, I would say to look in:
>
> Looks like the former. It has to be done in the container, not in the
> host. You should NOT do this in the host root file system.
>
> /var/lib/lxc/test/rootfs/etc/pam.d/*
>
>> Regards,
>> Ajith
>
> Regards,
> Mike
>
>>
>> On Fri, Jun 6, 2014 at 9:07 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
>> > Hi Michael,
>> >
>> > I have updated Fedora-20 to latest kernel version.
>> >
>> > # uname -a
>> > Linux localhost.localdomain 3.14.4-200.fc20.x86_64 #1 SMP Tue May 13
>> > 13:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>> >
>> > and commented out the line in /etc/pam.d/sshd file
>> >
>> > # cat /etc/pam.d/sshd
>> > #%PAM-1.0
>> > auth required pam_sepermit.so
>> > auth substack password-auth
>> > auth include postlogin
>> > account required pam_nologin.so
>> > account include password-auth
>> > password include password-auth
>> > # pam_selinux.so close should be the first session rule
>> > session required pam_selinux.so close
>> > #session required pam_loginuid.so
>> > # pam_selinux.so open should only be followed by sessions to be
>> > executed in the user context
>> > session required pam_selinux.so open env_params
>> > session optional pam_keyinit.so force revoke
>> > session include password-auth
>> > session include postlogin
>> >
>> > But still face the same problem when I create and start a new LXC container.
>> >
>> > @Fajar
>> >
>> > I tried again creating new lxc container but havent seen any password
>> > in output log
>> >
>> > # lxc-create -n test -t fedora
>> >
>> > lxc-create: No config file specified, using the default config
>> > /etc/lxc/default.
>> > conf
>> > Host CPE ID from /etc/os-release: cpe:/o:fedoraproject:fedora:20
>> > Checking cache download in /var/cache/lxc/fedora/x86_64/20/rootfs ...
>> > Cache found. Updating...
>> > Loaded plugins: langpacks, refresh-packagekit
>> > Could not get metalink
>> > https://mirrors.fedoraproject.org/metalink?repo=updates-r
>> > eleased-f20&arch=x86_64 error was
>> > 14: curl#6 - "Could not resolve host: mirrors.fedoraproject.org"
>> > No packages marked for update
>> > Update finished
>> > Copy /var/cache/lxc/fedora/x86_64/20/rootfs to /var/lib/lxc/test/rootfs ...
>> > Copying rootfs to /var/lib/lxc/test/rootfs ...setting root passwd to root
>> > installing fedora-release package
>> > Package fedora-release-20-3.noarch already installed and latest version
>> > Nothing to do
>> > unlink: cannot unlink
>> > â/var/lib/lxc/test/rootfs/etc/systemd/system/default.targe
>> > tâ: No such file or directory
>> > container rootfs and config created
>> > 'fedora' template installed
>> > 'test' created
>> >
>> >
>> > # lxc-start -n test
>> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
>> > +IMA +SYSVINI T
>> > +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
>> > Detected virtualization 'lxc'.
>> >
>> > Welcome to Fedora 20 (Heisenbug)!
>> >
>> > Set hostname to <test.localdomain>.
>> > Initializing machine ID from KVM UUID.
>> > [ OK ] Reached target Remote File Systems.
>> > [ OK ] Created slice Root Slice.
>> > [ OK ] Created slice User and Session Slice.
>> > [ OK ] Created slice System Slice.
>> > [ OK ] Reached target Slices.
>> > [ OK ] Created slice system-getty.slice.
>> > [ OK ] Listening on /dev/initctl Compatibility Named Pipe.
>> > [ OK ] Listening on Delayed Shutdown Socket.
>> > Failed to open /dev/autofs: No such file or directory
>> > Failed to initialize automounter: No such file or directory
>> > [FAILED] Failed to set up automount Arbitrary Executable File...utomount Point.
>> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
>> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
>> > [ OK ] Listening on udev Kernel Socket.
>> > [ OK ] Listening on udev Control Socket.
>> > [ OK ] Reached target Encrypted Volumes.
>> > [ OK ] Listening on Journal Socket.
>> > Starting Apply Kernel Variables...
>> > Mounting Debug File System...
>> > Starting udev Coldplug all Devices...
>> > Mounting Huge Pages File System...
>> > Mounting POSIX Message Queue File System...
>> > Starting Create static device nodes in /dev...
>> > Mounting Configuration File System...
>> > Starting Journal Service...
>> > [ OK ] Started Journal Service.
>> > [ OK ] Reached target Paths.
>> > [ OK ] Reached target Swap.
>> > Starting Remount Root and Kernel File Systems...
>> > Mounting Temporary Directory...
>> > [ OK ] Started Create static device nodes in /dev.
>> > Starting udev Kernel Device Manager...
>> > [ OK ] Mounted POSIX Message Queue File System.
>> > [ OK ] Mounted Configuration File System.
>> > <30>systemd-udevd[20]: starting version 208
>> > [ OK ] Mounted Huge Pages File System.
>> > [ OK ] Mounted Debug File System.
>> > [ OK ] Mounted Temporary Directory.
>> > [ OK ] Started udev Coldplug all Devices.
>> > [ OK ] Started udev Kernel Device Manager.
>> > [ OK ] Started Remount Root and Kernel File Systems.
>> > [ OK ] Started Apply Kernel Variables.
>> > Starting Load/Save Random Seed...
>> > [ OK ] Reached target Local File Systems (Pre).
>> > Starting Configure read-only root support...
>> > [ OK ] Started Load/Save Random Seed.
>> > [ OK ] Reached target Sound Card.
>> > [ OK ] Started Configure read-only root support.
>> > [ OK ] Reached target Local File Systems.
>> > Starting Trigger Flushing of Journal to Persistent Storage...
>> > Starting Mark the need to relabel after reboot...
>> > Starting Create Volatile Files and Directories...
>> > [ OK ] Started Create Volatile Files and Directories.
>> > Starting Update UTMP about System Reboot/Shutdown...
>> > [ OK ] Started Mark the need to relabel after reboot.
>> > [ OK ] Started Update UTMP about System Reboot/Shutdown.
>> > [ OK ] Reached target System Initialization.
>> > [ OK ] Reached target Timers.
>> > [ OK ] Listening on D-Bus System Message Bus Socket.
>> > [ OK ] Reached target Sockets.
>> > [ OK ] Reached target Basic System.
>> > Starting System Logging Service...
>> > Starting Login Service...
>> > Starting D-Bus System Message Bus...
>> > [ OK ] Started D-Bus System Message Bus.
>> > <46>systemd-journald[17]: Received request to flush runtime journal from PID 1
>> > [ OK ] Started Trigger Flushing of Journal to Persistent Storage.
>> > Starting Permit User Sessions...
>> > [ OK ] Started Login Service.
>> > [ OK ] Started System Logging Service.
>> > [ OK ] Started Permit User Sessions.
>> > Starting Getty on tty3...
>> > [ OK ] Started Getty on tty3.
>> > Starting Getty on tty4...
>> > [ OK ] Started Getty on tty4.
>> > Starting Getty on tty2...
>> > [ OK ] Started Getty on tty2.
>> > Starting Getty on tty1...
>> > [ OK ] Started Getty on tty1.
>> > Starting Console Getty...
>> > [ OK ] Started Console Getty.
>> > [ OK ] Reached target Login Prompts.
>> > [ OK ] Reached target Multi-User System.
>> >
>> > Fedora release 20 (Heisenbug)
>> > Kernel 3.14.4-200.fc20.x86_64 on an x86_64 (console)
>> >
>> > test login:
>> >
>> > Regards,
>> > Ajith
>> >
>> >
>> > On Fri, Jun 6, 2014 at 6:18 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
>> >> Hi guys,
>> >>
>> >> Thanks for the replies. I will try to upgrade my Fedora-20 with latest
>> >> kernel and try the same.
>> >>
>> >>
>> >>
>> >> On Thu, Jun 5, 2014 at 7:51 PM, Michael H. Warfield <mhw at wittsend.com>
>> >> wrote:
>> >>>
>> >>> On Thu, 2014-06-05 at 17:56 +0530, Ajith Adapa wrote:
>> >>> > Hi,
>> >>> >
>> >>> > I have created an lxc container in feodra-20 with default config file
>> >>> > and default fedora template.
>> >>> >
>> >>> > lxc-create -n root -t fedora
>> >>> >
>> >>> > When i try to start the container i am greeted with username and
>> >>> > password prompt.What is the default username/password for
>> >>> > lxc-container in fedora-20 ?
>> >>> >
>> >>> >
>> >>> > Kernel Version
>> >>> > ============
>> >>>
>> >>> > Linux localhost.localdomain 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5
>> >>> > 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
>> >>>
>> >>> >
>> >>> > LXC-version
>> >>> > =============
>> >>> > [root at localhost ~]# lxc-version
>> >>> > lxc version: 0.9.0
>> >>>
>> >>> Ok... Stop right there. Seems to suddenly be a lot of people running
>> >>> into this problem all of a sudden. You're running on a combination of
>> >>> old kernel and old version of LXC that do not play nice together and,
>> >>> yes, that the early F20 kernel with the distro distributed version of
>> >>> LXC. We've been having an active discussion about this bug in several
>> >>> forums.
>> >>>
>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1002914
>> >>>
>> >>> Please note comments #6 & #7
>> >>>
>> >>> -- 6
>> >>> I've noticed that this issue should be fixed in v3.13-rc1
>> >>>
>> >>> As mentioned in commit
>> >>>
>> >>>
>> >>> http://o.cs.uvic.ca:20810/perl/cid.pl?cid=83fa6bbe4c4541ae748b550b4ec391f8a0acfe94
>> >>>
>> >>> CONFIG_AUDIT_LOGINUID_IMMUTABLE=y was removed. Could you please retest it
>> >>> on the latest Fedora?
>> >>> --
>> >>>
>> >>> -- 7
>> >>> Hi,
>> >>> I have tried with the latest upgrades of F20 and the problem has been
>> >>> fixed.
>> >>> Thank you very much for the support!
>> >>>
>> >>> Regards,
>> >>> Enrique
>> >>> --
>> >>>
>> >>> So, you have 2 choices.
>> >>>
>> >>> 1) Update your F20 system to the latest kernel. My development server
>> >>> is currently running 3.14.4-200.fc20.x86_64 from Fedora Updates.
>> >>>
>> >>> 2) Go through the files in ${root_fs}/etc/pam.d and make the following
>> >>> changes:
>> >>>
>> >>> - session required pam_loginuid.so
>> >>> + # session required pam_loginuid.so
>> >>>
>> >>> Either of those will enable you to log in once again. If you don't to
>> >>> either, there is no combination of user name or password that will work,
>> >>> due to the error being generated out of pam_loginuid.so.
>> >>> >
>> >>> >
>> >>> > [root at localhost ~]# lxc-start -n root
>> >>> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
>> >>> > +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
>> >>> > Detected virtualization 'lxc'.
>> >>> >
>> >>> > Welcome to Fedora 20 (Heisenbug)!
>> >>> >
>> >>> > Set hostname to <root.localdomain>.
>> >>> > [ OK ] Reached target Remote File Systems.
>> >>> > [ OK ] Created slice Root Slice.
>> >>> > [ OK ] Created slice User and Session Slice.
>> >>> > [ OK ] Created slice System Slice.
>> >>> > [ OK ] Reached target Slices.
>> >>> > [ OK ] Created slice system-getty.slice.
>> >>> > [ OK ] Listening on /dev/initctl Compatibility Named Pipe.
>> >>> > [ OK ] Listening on Delayed Shutdown Socket.
>> >>> > Failed to open /dev/autofs: No such file or directory
>> >>> > Failed to initialize automounter: No such file or directory
>> >>> > [FAILED] Failed to set up automount Arbitrary Executable
>> >>> > File...utomount Point.
>> >>> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
>> >>> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
>> >>> > [ OK ] Listening on udev Kernel Socket.
>> >>> > [ OK ] Listening on udev Control Socket.
>> >>> > [ OK ] Reached target Encrypted Volumes.
>> >>> > [ OK ] Listening on Journal Socket.
>> >>> > Starting Apply Kernel Variables...
>> >>> > Mounting Debug File System...
>> >>> > Starting udev Coldplug all Devices...
>> >>> > Mounting Huge Pages File System...
>> >>> > Mounting POSIX Message Queue File System...
>> >>> > Mounting FUSE Control File System...
>> >>> > Starting Create static device nodes in /dev...
>> >>> > Mounting Configuration File System...
>> >>> > Starting Journal Service...
>> >>> > [ OK ] Started Journal Service.
>> >>> > [ OK ] Reached target Paths.
>> >>> > [ OK ] Reached target Swap.
>> >>> > Starting Remount Root and Kernel File Systems...
>> >>> > Mounting Temporary Directory...
>> >>> > [ OK ] Started Apply Kernel Variables.
>> >>> > [ OK ] Mounted Debug File System.
>> >>> > [ OK ] Mounted Huge Pages File System.
>> >>> > [ OK ] Mounted POSIX Message Queue File System.
>> >>> > [ OK ] Mounted FUSE Control File System.
>> >>> > [ OK ] Started Create static device nodes in /dev.
>> >>> > [ OK ] Mounted Configuration File System.
>> >>> > [ OK ] Started Remount Root and Kernel File Systems.
>> >>> > [ OK ] Mounted Temporary Directory.
>> >>> > Starting Load/Save Random Seed...
>> >>> > Starting Configure read-only root support...
>> >>> > Starting udev Kernel Device Manager...
>> >>> > [ OK ] Reached target Local File Systems (Pre).
>> >>> > <30>systemd-udevd[24]: starting version 208
>> >>> > [ OK ] Started Load/Save Random Seed.
>> >>> > [ OK ] Started udev Kernel Device Manager.
>> >>> > [ OK ] Started Configure read-only root support.
>> >>> > [ OK ] Reached target Local File Systems.
>> >>> > Starting Trigger Flushing of Journal to Persistent Storage...
>> >>> > Starting Create Volatile Files and Directories...
>> >>> > [ OK ] Started udev Coldplug all Devices.
>> >>> > [ OK ] Started Create Volatile Files and Directories.
>> >>> > Starting Update UTMP about System Reboot/Shutdown...
>> >>> > <46>systemd-journald[18]: Received request to flush runtime journal
>> >>> > from PID 1
>> >>> > [ OK ] Started Trigger Flushing of Journal to Persistent Storage.
>> >>> > [ OK ] Started Update UTMP about System Reboot/Shutdown.
>> >>> > [ OK ] Reached target System Initialization.
>> >>> > [ OK ] Reached target Timers.
>> >>> > [ OK ] Listening on D-Bus System Message Bus Socket.
>> >>> > [ OK ] Reached target Sockets.
>> >>> > [ OK ] Reached target Basic System.
>> >>> > Starting System Logging Service...
>> >>> > Starting Permit User Sessions...
>> >>> > Starting Login Service...
>> >>> > Starting D-Bus System Message Bus...
>> >>> > [ OK ] Started D-Bus System Message Bus.
>> >>> > [ OK ] Started Permit User Sessions.
>> >>> > Starting Getty on tty3...
>> >>> > [ OK ] Started Getty on tty3.
>> >>> > Starting Getty on tty4...
>> >>> > [ OK ] Started Getty on tty4.
>> >>> > Starting Getty on tty2...
>> >>> > [ OK ] Started Getty on tty2.
>> >>> > Starting Getty on tty1...
>> >>> > [ OK ] Started Getty on tty1.
>> >>> > Starting Console Getty...
>> >>> > [ OK ] Started Console Getty.
>> >>> > [ OK ] Reached target Login Prompts.
>> >>> > Starting Cleanup of Temporary Directories...
>> >>> > [ OK ] Started System Logging Service.
>> >>> > [ OK ] Started Cleanup of Temporary Directories.
>> >>> > [ OK ] Reached target Sound Card.
>> >>> > [ OK ] Started Login Service.
>> >>> > [ OK ] Reached target Multi-User System.
>> >>> >
>> >>> > Fedora release 20 (Heisenbug)
>> >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
>> >>> >
>> >>> > root login: root
>> >>> > Password:
>> >>> > Last failed login: Thu Jun 5 08:37:20 UTC 2014 on console
>> >>> > There were 3 failed login attempts since the last successful login.
>> >>> >
>> >>> > Cannot make/remove an entry for the specified session
>> >>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> >>>
>> >>> This is the smoking gun. This indicates precisely and exactly that you
>> >>> are running into the pam_loginuid.so conflict bug.
>> >>>
>> >>> > Fedora release 20 (Heisenbug)
>> >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
>> >>> >
>> >>> > root login:
>> >>> >
>> >>> >
>> >>> >
>> >>> > Regards,
>> >>> > Ajith
>> >>>
>> >>> Regards,
>> >>> Mike
>> >>> --
>> >>> Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
>> >>> /\/\|=mhw=|\/\/ | (678) 463-0932 |
>> >>> http://www.wittsend.com/mhw/
>> >>> NIC whois: MHW9 | An optimist believes we live in the best of
>> >>> all
>> >>> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> lxc-users mailing list
>> >>> lxc-users at lists.linuxcontainers.org
>> >>> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>
>> >>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
> --
> Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list