[lxc-users] Username/Password for LXC container in fedora-20

Ajith Adapa ajith.adapa at gmail.com
Sat Jun 7 01:41:06 UTC 2014


Hi Michael,

Yeah I have wrongly modified files at /etc/pam.d rather than in
container. After making changes as suggest I am able to login into
container successfully with root/root credentials.

Where can i get the RPM for latest lxc version ?

Is there any permanent solution where I don't need to modify files in
container everytime whenever I create a new container and start it ?

Once again, Thanks for the help.

Regards,
Ajith

On Fri, Jun 6, 2014 at 7:14 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Fri, 2014-06-06 at 09:22 +0530, Ajith Adapa wrote:
>> @Michael
>
>> Sorry seems I have shared wrong log in previous mail. As you can see I
>> have commented the line in all files under /ete/pam.d
>
>> # cd /etc/pam.d
>> # grep -rin pam_loginuid *
>> atd:8:#session    required    pam_loginuid.so
>> crond:8:#session    required   pam_loginuid.so
>> gdm-autologin:9:#session    required    pam_loginuid.so
>> gdm-fingerprint:10:#session     required      pam_loginuid.so
>> gdm-password:12:#session     required      pam_loginuid.so
>> gdm-pin:14:#session     required      pam_loginuid.so
>> gdm-smartcard:10:#session     required      pam_loginuid.so
>> login:10:#session    required     pam_loginuid.so
>> pluto:16:#session required pam_loginuid.so
>> remote:10:#session    required     pam_loginuid.so
>> sshd:10:#session    required     pam_loginuid.so
>
> Is that in your host /etc/pam.d or in your container
> ${rootfs}/etc/pam.d ?
>
> From your previous message, I would say to look in:
>
> Looks like the former.  It has to be done in the container, not in the
> host.  You should NOT do this in the host root file system.
>
> /var/lib/lxc/test/rootfs/etc/pam.d/*
>
>> Regards,
>> Ajith
>
> Regards,
> Mike
>
>>
>> On Fri, Jun 6, 2014 at 9:07 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
>> > Hi Michael,
>> >
>> > I have updated Fedora-20 to latest kernel version.
>> >
>> > # uname -a
>> > Linux localhost.localdomain 3.14.4-200.fc20.x86_64 #1 SMP Tue May 13
>> > 13:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>> >
>> > and commented out the line in /etc/pam.d/sshd file
>> >
>> > # cat /etc/pam.d/sshd
>> > #%PAM-1.0
>> > auth       required     pam_sepermit.so
>> > auth       substack     password-auth
>> > auth       include      postlogin
>> > account    required     pam_nologin.so
>> > account    include      password-auth
>> > password   include      password-auth
>> > # pam_selinux.so close should be the first session rule
>> > session    required     pam_selinux.so close
>> > #session    required     pam_loginuid.so
>> > # pam_selinux.so open should only be followed by sessions to be
>> > executed in the user context
>> > session    required     pam_selinux.so open env_params
>> > session    optional     pam_keyinit.so force revoke
>> > session    include      password-auth
>> > session    include      postlogin
>> >
>> > But still face the same problem when I create and start a new LXC container.
>> >
>> > @Fajar
>> >
>> > I tried again creating new lxc container but havent seen any password
>> > in output log
>> >
>> > # lxc-create -n test -t fedora
>> >
>> > lxc-create: No config file specified, using the default config
>> > /etc/lxc/default.
>> > conf
>> > Host CPE ID from /etc/os-release: cpe:/o:fedoraproject:fedora:20
>> > Checking cache download in /var/cache/lxc/fedora/x86_64/20/rootfs ...
>> > Cache found. Updating...
>> > Loaded plugins: langpacks, refresh-packagekit
>> > Could not get metalink
>> > https://mirrors.fedoraproject.org/metalink?repo=updates-r
>> >                                      eleased-f20&arch=x86_64 error was
>> > 14: curl#6 - "Could not resolve host: mirrors.fedoraproject.org"
>> > No packages marked for update
>> > Update finished
>> > Copy /var/cache/lxc/fedora/x86_64/20/rootfs to /var/lib/lxc/test/rootfs ...
>> > Copying rootfs to /var/lib/lxc/test/rootfs ...setting root passwd to root
>> > installing fedora-release package
>> > Package fedora-release-20-3.noarch already installed and latest version
>> > Nothing to do
>> > unlink: cannot unlink
>> > â/var/lib/lxc/test/rootfs/etc/systemd/system/default.targe
>> >                                       tâ: No such file or directory
>> > container rootfs and config created
>> > 'fedora' template installed
>> > 'test' created
>> >
>> >
>> > # lxc-start -n test
>> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
>> > +IMA +SYSVINI                                                   T
>> > +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
>> > Detected virtualization 'lxc'.
>> >
>> > Welcome to Fedora 20 (Heisenbug)!
>> >
>> > Set hostname to <test.localdomain>.
>> > Initializing machine ID from KVM UUID.
>> > [  OK  ] Reached target Remote File Systems.
>> > [  OK  ] Created slice Root Slice.
>> > [  OK  ] Created slice User and Session Slice.
>> > [  OK  ] Created slice System Slice.
>> > [  OK  ] Reached target Slices.
>> > [  OK  ] Created slice system-getty.slice.
>> > [  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
>> > [  OK  ] Listening on Delayed Shutdown Socket.
>> > Failed to open /dev/autofs: No such file or directory
>> > Failed to initialize automounter: No such file or directory
>> > [FAILED] Failed to set up automount Arbitrary Executable File...utomount Point.
>> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
>> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
>> > [  OK  ] Listening on udev Kernel Socket.
>> > [  OK  ] Listening on udev Control Socket.
>> > [  OK  ] Reached target Encrypted Volumes.
>> > [  OK  ] Listening on Journal Socket.
>> >          Starting Apply Kernel Variables...
>> >          Mounting Debug File System...
>> >          Starting udev Coldplug all Devices...
>> >          Mounting Huge Pages File System...
>> >          Mounting POSIX Message Queue File System...
>> >          Starting Create static device nodes in /dev...
>> >          Mounting Configuration File System...
>> >          Starting Journal Service...
>> > [  OK  ] Started Journal Service.
>> > [  OK  ] Reached target Paths.
>> > [  OK  ] Reached target Swap.
>> >          Starting Remount Root and Kernel File Systems...
>> >          Mounting Temporary Directory...
>> > [  OK  ] Started Create static device nodes in /dev.
>> >          Starting udev Kernel Device Manager...
>> > [  OK  ] Mounted POSIX Message Queue File System.
>> > [  OK  ] Mounted Configuration File System.
>> > <30>systemd-udevd[20]: starting version 208
>> > [  OK  ] Mounted Huge Pages File System.
>> > [  OK  ] Mounted Debug File System.
>> > [  OK  ] Mounted Temporary Directory.
>> > [  OK  ] Started udev Coldplug all Devices.
>> > [  OK  ] Started udev Kernel Device Manager.
>> > [  OK  ] Started Remount Root and Kernel File Systems.
>> > [  OK  ] Started Apply Kernel Variables.
>> >          Starting Load/Save Random Seed...
>> > [  OK  ] Reached target Local File Systems (Pre).
>> >          Starting Configure read-only root support...
>> > [  OK  ] Started Load/Save Random Seed.
>> > [  OK  ] Reached target Sound Card.
>> > [  OK  ] Started Configure read-only root support.
>> > [  OK  ] Reached target Local File Systems.
>> >          Starting Trigger Flushing of Journal to Persistent Storage...
>> >          Starting Mark the need to relabel after reboot...
>> >          Starting Create Volatile Files and Directories...
>> > [  OK  ] Started Create Volatile Files and Directories.
>> >          Starting Update UTMP about System Reboot/Shutdown...
>> > [  OK  ] Started Mark the need to relabel after reboot.
>> > [  OK  ] Started Update UTMP about System Reboot/Shutdown.
>> > [  OK  ] Reached target System Initialization.
>> > [  OK  ] Reached target Timers.
>> > [  OK  ] Listening on D-Bus System Message Bus Socket.
>> > [  OK  ] Reached target Sockets.
>> > [  OK  ] Reached target Basic System.
>> >          Starting System Logging Service...
>> >          Starting Login Service...
>> >          Starting D-Bus System Message Bus...
>> > [  OK  ] Started D-Bus System Message Bus.
>> > <46>systemd-journald[17]: Received request to flush runtime journal from PID 1
>> > [  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
>> >          Starting Permit User Sessions...
>> > [  OK  ] Started Login Service.
>> > [  OK  ] Started System Logging Service.
>> > [  OK  ] Started Permit User Sessions.
>> >          Starting Getty on tty3...
>> > [  OK  ] Started Getty on tty3.
>> >          Starting Getty on tty4...
>> > [  OK  ] Started Getty on tty4.
>> >          Starting Getty on tty2...
>> > [  OK  ] Started Getty on tty2.
>> >          Starting Getty on tty1...
>> > [  OK  ] Started Getty on tty1.
>> >          Starting Console Getty...
>> > [  OK  ] Started Console Getty.
>> > [  OK  ] Reached target Login Prompts.
>> > [  OK  ] Reached target Multi-User System.
>> >
>> > Fedora release 20 (Heisenbug)
>> > Kernel 3.14.4-200.fc20.x86_64 on an x86_64 (console)
>> >
>> > test login:
>> >
>> > Regards,
>> > Ajith
>> >
>> >
>> > On Fri, Jun 6, 2014 at 6:18 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
>> >> Hi guys,
>> >>
>> >> Thanks for the replies. I will try to upgrade my Fedora-20 with latest
>> >> kernel and try the same.
>> >>
>> >>
>> >>
>> >> On Thu, Jun 5, 2014 at 7:51 PM, Michael H. Warfield <mhw at wittsend.com>
>> >> wrote:
>> >>>
>> >>> On Thu, 2014-06-05 at 17:56 +0530, Ajith Adapa wrote:
>> >>> > Hi,
>> >>> >
>> >>> > I have created an lxc container in feodra-20 with default config file
>> >>> > and default fedora template.
>> >>> >
>> >>> > lxc-create -n root -t fedora
>> >>> >
>> >>> > When i try to start the container i am greeted with username and
>> >>> > password prompt.What is the default username/password for
>> >>> > lxc-container in fedora-20 ?
>> >>> >
>> >>> >
>> >>> > Kernel Version
>> >>> > ============
>> >>>
>> >>> > Linux localhost.localdomain 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5
>> >>> > 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
>> >>>
>> >>> >
>> >>> > LXC-version
>> >>> > =============
>> >>> > [root at localhost ~]# lxc-version
>> >>> > lxc version: 0.9.0
>> >>>
>> >>> Ok...  Stop right there.  Seems to suddenly be a lot of people running
>> >>> into this problem all of a sudden.  You're running on a combination of
>> >>> old kernel and old version of LXC that do not play nice together and,
>> >>> yes, that the early F20 kernel with the distro distributed version of
>> >>> LXC.  We've been having an active discussion about this bug in several
>> >>> forums.
>> >>>
>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1002914
>> >>>
>> >>> Please note comments #6 & #7
>> >>>
>> >>> -- 6
>> >>> I've noticed that this issue should be fixed in v3.13-rc1
>> >>>
>> >>> As mentioned in commit
>> >>>
>> >>>
>> >>> http://o.cs.uvic.ca:20810/perl/cid.pl?cid=83fa6bbe4c4541ae748b550b4ec391f8a0acfe94
>> >>>
>> >>> CONFIG_AUDIT_LOGINUID_IMMUTABLE=y was removed. Could you please retest it
>> >>> on the latest Fedora?
>> >>> --
>> >>>
>> >>> -- 7
>> >>> Hi,
>> >>>  I have tried with the latest upgrades of F20 and the problem has been
>> >>> fixed.
>> >>>  Thank you very much for the support!
>> >>>
>> >>>  Regards,
>> >>>  Enrique
>> >>> --
>> >>>
>> >>> So, you have 2 choices.
>> >>>
>> >>> 1) Update your F20 system to the latest kernel.  My development server
>> >>> is currently running 3.14.4-200.fc20.x86_64 from Fedora Updates.
>> >>>
>> >>> 2) Go through the files in ${root_fs}/etc/pam.d and make the following
>> >>> changes:
>> >>>
>> >>> - session    required     pam_loginuid.so
>> >>> + # session    required     pam_loginuid.so
>> >>>
>> >>> Either of those will enable you to log in once again.  If you don't to
>> >>> either, there is no combination of user name or password that will work,
>> >>> due to the error being generated out of pam_loginuid.so.
>> >>> >
>> >>> >
>> >>> > [root at localhost ~]# lxc-start -n root
>> >>> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
>> >>> > +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
>> >>> > Detected virtualization 'lxc'.
>> >>> >
>> >>> > Welcome to Fedora 20 (Heisenbug)!
>> >>> >
>> >>> > Set hostname to <root.localdomain>.
>> >>> > [  OK  ] Reached target Remote File Systems.
>> >>> > [  OK  ] Created slice Root Slice.
>> >>> > [  OK  ] Created slice User and Session Slice.
>> >>> > [  OK  ] Created slice System Slice.
>> >>> > [  OK  ] Reached target Slices.
>> >>> > [  OK  ] Created slice system-getty.slice.
>> >>> > [  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
>> >>> > [  OK  ] Listening on Delayed Shutdown Socket.
>> >>> > Failed to open /dev/autofs: No such file or directory
>> >>> > Failed to initialize automounter: No such file or directory
>> >>> > [FAILED] Failed to set up automount Arbitrary Executable
>> >>> > File...utomount Point.
>> >>> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
>> >>> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
>> >>> > [  OK  ] Listening on udev Kernel Socket.
>> >>> > [  OK  ] Listening on udev Control Socket.
>> >>> > [  OK  ] Reached target Encrypted Volumes.
>> >>> > [  OK  ] Listening on Journal Socket.
>> >>> >          Starting Apply Kernel Variables...
>> >>> >          Mounting Debug File System...
>> >>> >          Starting udev Coldplug all Devices...
>> >>> >          Mounting Huge Pages File System...
>> >>> >          Mounting POSIX Message Queue File System...
>> >>> >          Mounting FUSE Control File System...
>> >>> >          Starting Create static device nodes in /dev...
>> >>> >          Mounting Configuration File System...
>> >>> >          Starting Journal Service...
>> >>> > [  OK  ] Started Journal Service.
>> >>> > [  OK  ] Reached target Paths.
>> >>> > [  OK  ] Reached target Swap.
>> >>> >          Starting Remount Root and Kernel File Systems...
>> >>> >          Mounting Temporary Directory...
>> >>> > [  OK  ] Started Apply Kernel Variables.
>> >>> > [  OK  ] Mounted Debug File System.
>> >>> > [  OK  ] Mounted Huge Pages File System.
>> >>> > [  OK  ] Mounted POSIX Message Queue File System.
>> >>> > [  OK  ] Mounted FUSE Control File System.
>> >>> > [  OK  ] Started Create static device nodes in /dev.
>> >>> > [  OK  ] Mounted Configuration File System.
>> >>> > [  OK  ] Started Remount Root and Kernel File Systems.
>> >>> > [  OK  ] Mounted Temporary Directory.
>> >>> >          Starting Load/Save Random Seed...
>> >>> >          Starting Configure read-only root support...
>> >>> >          Starting udev Kernel Device Manager...
>> >>> > [  OK  ] Reached target Local File Systems (Pre).
>> >>> > <30>systemd-udevd[24]: starting version 208
>> >>> > [  OK  ] Started Load/Save Random Seed.
>> >>> > [  OK  ] Started udev Kernel Device Manager.
>> >>> > [  OK  ] Started Configure read-only root support.
>> >>> > [  OK  ] Reached target Local File Systems.
>> >>> >          Starting Trigger Flushing of Journal to Persistent Storage...
>> >>> >          Starting Create Volatile Files and Directories...
>> >>> > [  OK  ] Started udev Coldplug all Devices.
>> >>> > [  OK  ] Started Create Volatile Files and Directories.
>> >>> >          Starting Update UTMP about System Reboot/Shutdown...
>> >>> > <46>systemd-journald[18]: Received request to flush runtime journal
>> >>> > from PID 1
>> >>> > [  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
>> >>> > [  OK  ] Started Update UTMP about System Reboot/Shutdown.
>> >>> > [  OK  ] Reached target System Initialization.
>> >>> > [  OK  ] Reached target Timers.
>> >>> > [  OK  ] Listening on D-Bus System Message Bus Socket.
>> >>> > [  OK  ] Reached target Sockets.
>> >>> > [  OK  ] Reached target Basic System.
>> >>> >          Starting System Logging Service...
>> >>> >          Starting Permit User Sessions...
>> >>> >          Starting Login Service...
>> >>> >          Starting D-Bus System Message Bus...
>> >>> > [  OK  ] Started D-Bus System Message Bus.
>> >>> > [  OK  ] Started Permit User Sessions.
>> >>> >          Starting Getty on tty3...
>> >>> > [  OK  ] Started Getty on tty3.
>> >>> >          Starting Getty on tty4...
>> >>> > [  OK  ] Started Getty on tty4.
>> >>> >          Starting Getty on tty2...
>> >>> > [  OK  ] Started Getty on tty2.
>> >>> >          Starting Getty on tty1...
>> >>> > [  OK  ] Started Getty on tty1.
>> >>> >          Starting Console Getty...
>> >>> > [  OK  ] Started Console Getty.
>> >>> > [  OK  ] Reached target Login Prompts.
>> >>> >          Starting Cleanup of Temporary Directories...
>> >>> > [  OK  ] Started System Logging Service.
>> >>> > [  OK  ] Started Cleanup of Temporary Directories.
>> >>> > [  OK  ] Reached target Sound Card.
>> >>> > [  OK  ] Started Login Service.
>> >>> > [  OK  ] Reached target Multi-User System.
>> >>> >
>> >>> > Fedora release 20 (Heisenbug)
>> >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
>> >>> >
>> >>> > root login: root
>> >>> > Password:
>> >>> > Last failed login: Thu Jun  5 08:37:20 UTC 2014 on console
>> >>> > There were 3 failed login attempts since the last successful login.
>> >>> >
>> >>> > Cannot make/remove an entry for the specified session
>> >>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> >>>
>> >>> This is the smoking gun.  This indicates precisely and exactly that you
>> >>> are running into the pam_loginuid.so conflict bug.
>> >>>
>> >>> > Fedora release 20 (Heisenbug)
>> >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
>> >>> >
>> >>> > root login:
>> >>> >
>> >>> >
>> >>> >
>> >>> > Regards,
>> >>> > Ajith
>> >>>
>> >>> Regards,
>> >>> Mike
>> >>> --
>> >>> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>> >>>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
>> >>> http://www.wittsend.com/mhw/
>> >>>    NIC whois: MHW9          | An optimist believes we live in the best of
>> >>> all
>> >>>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> lxc-users mailing list
>> >>> lxc-users at lists.linuxcontainers.org
>> >>> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>
>> >>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
> --
> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


More information about the lxc-users mailing list