[lxc-users] Username/Password for LXC container in fedora-20

Michael H. Warfield mhw at WittsEnd.com
Sat Jun 7 02:57:50 UTC 2014


On Sat, 2014-06-07 at 07:11 +0530, Ajith Adapa wrote:
> Hi Michael,

> Yeah I have wrongly modified files at /etc/pam.d rather than in
> container. After making changes as suggest I am able to login into
> container successfully with root/root credentials.

Yes!  Score!

> Where can i get the RPM for latest lxc version ?

The "current" (1.0.3) rpm is now in rawhide.  This and other related
messages resulted in a fury of activity over the last couple of days and
I've been now been in touch with the Fedora Project package maintainer
for LXC and I've been clearing bugzilla issues up there.  He's now moved
1.0.3 into rawhide in anticipation of 1.0.4 and we're staying in touch.

> Is there any permanent solution where I don't need to modify files in
> container everytime whenever I create a new container and start it ?

Once you are on 1.0.0+, the Fedora template deals with that for you.
The container will be correctly configured to avoid this problem
automatically.  1.0.4 will have other enhancements which will benefit
you, including autoboot of containers when the host boots.

> Once again, Thanks for the help.

Not a problem.  Glad to be of help.

> Regards,
> Ajith

Regards,
Mike

> On Fri, Jun 6, 2014 at 7:14 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> > On Fri, 2014-06-06 at 09:22 +0530, Ajith Adapa wrote:
> >> @Michael
> >
> >> Sorry seems I have shared wrong log in previous mail. As you can see I
> >> have commented the line in all files under /ete/pam.d
> >
> >> # cd /etc/pam.d
> >> # grep -rin pam_loginuid *
> >> atd:8:#session    required    pam_loginuid.so
> >> crond:8:#session    required   pam_loginuid.so
> >> gdm-autologin:9:#session    required    pam_loginuid.so
> >> gdm-fingerprint:10:#session     required      pam_loginuid.so
> >> gdm-password:12:#session     required      pam_loginuid.so
> >> gdm-pin:14:#session     required      pam_loginuid.so
> >> gdm-smartcard:10:#session     required      pam_loginuid.so
> >> login:10:#session    required     pam_loginuid.so
> >> pluto:16:#session required pam_loginuid.so
> >> remote:10:#session    required     pam_loginuid.so
> >> sshd:10:#session    required     pam_loginuid.so
> >
> > Is that in your host /etc/pam.d or in your container
> > ${rootfs}/etc/pam.d ?
> >
> > From your previous message, I would say to look in:
> >
> > Looks like the former.  It has to be done in the container, not in the
> > host.  You should NOT do this in the host root file system.
> >
> > /var/lib/lxc/test/rootfs/etc/pam.d/*
> >
> >> Regards,
> >> Ajith
> >
> > Regards,
> > Mike
> >
> >>
> >> On Fri, Jun 6, 2014 at 9:07 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
> >> > Hi Michael,
> >> >
> >> > I have updated Fedora-20 to latest kernel version.
> >> >
> >> > # uname -a
> >> > Linux localhost.localdomain 3.14.4-200.fc20.x86_64 #1 SMP Tue May 13
> >> > 13:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
> >> >
> >> > and commented out the line in /etc/pam.d/sshd file
> >> >
> >> > # cat /etc/pam.d/sshd
> >> > #%PAM-1.0
> >> > auth       required     pam_sepermit.so
> >> > auth       substack     password-auth
> >> > auth       include      postlogin
> >> > account    required     pam_nologin.so
> >> > account    include      password-auth
> >> > password   include      password-auth
> >> > # pam_selinux.so close should be the first session rule
> >> > session    required     pam_selinux.so close
> >> > #session    required     pam_loginuid.so
> >> > # pam_selinux.so open should only be followed by sessions to be
> >> > executed in the user context
> >> > session    required     pam_selinux.so open env_params
> >> > session    optional     pam_keyinit.so force revoke
> >> > session    include      password-auth
> >> > session    include      postlogin
> >> >
> >> > But still face the same problem when I create and start a new LXC container.
> >> >
> >> > @Fajar
> >> >
> >> > I tried again creating new lxc container but havent seen any password
> >> > in output log
> >> >
> >> > # lxc-create -n test -t fedora
> >> >
> >> > lxc-create: No config file specified, using the default config
> >> > /etc/lxc/default.
> >> > conf
> >> > Host CPE ID from /etc/os-release: cpe:/o:fedoraproject:fedora:20
> >> > Checking cache download in /var/cache/lxc/fedora/x86_64/20/rootfs ...
> >> > Cache found. Updating...
> >> > Loaded plugins: langpacks, refresh-packagekit
> >> > Could not get metalink
> >> > https://mirrors.fedoraproject.org/metalink?repo=updates-r
> >> >                                      eleased-f20&arch=x86_64 error was
> >> > 14: curl#6 - "Could not resolve host: mirrors.fedoraproject.org"
> >> > No packages marked for update
> >> > Update finished
> >> > Copy /var/cache/lxc/fedora/x86_64/20/rootfs to /var/lib/lxc/test/rootfs ...
> >> > Copying rootfs to /var/lib/lxc/test/rootfs ...setting root passwd to root
> >> > installing fedora-release package
> >> > Package fedora-release-20-3.noarch already installed and latest version
> >> > Nothing to do
> >> > unlink: cannot unlink
> >> > â/var/lib/lxc/test/rootfs/etc/systemd/system/default.targe
> >> >                                       tâ: No such file or directory
> >> > container rootfs and config created
> >> > 'fedora' template installed
> >> > 'test' created
> >> >
> >> >
> >> > # lxc-start -n test
> >> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
> >> > +IMA +SYSVINI                                                   T
> >> > +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
> >> > Detected virtualization 'lxc'.
> >> >
> >> > Welcome to Fedora 20 (Heisenbug)!
> >> >
> >> > Set hostname to <test.localdomain>.
> >> > Initializing machine ID from KVM UUID.
> >> > [  OK  ] Reached target Remote File Systems.
> >> > [  OK  ] Created slice Root Slice.
> >> > [  OK  ] Created slice User and Session Slice.
> >> > [  OK  ] Created slice System Slice.
> >> > [  OK  ] Reached target Slices.
> >> > [  OK  ] Created slice system-getty.slice.
> >> > [  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
> >> > [  OK  ] Listening on Delayed Shutdown Socket.
> >> > Failed to open /dev/autofs: No such file or directory
> >> > Failed to initialize automounter: No such file or directory
> >> > [FAILED] Failed to set up automount Arbitrary Executable File...utomount Point.
> >> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
> >> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
> >> > [  OK  ] Listening on udev Kernel Socket.
> >> > [  OK  ] Listening on udev Control Socket.
> >> > [  OK  ] Reached target Encrypted Volumes.
> >> > [  OK  ] Listening on Journal Socket.
> >> >          Starting Apply Kernel Variables...
> >> >          Mounting Debug File System...
> >> >          Starting udev Coldplug all Devices...
> >> >          Mounting Huge Pages File System...
> >> >          Mounting POSIX Message Queue File System...
> >> >          Starting Create static device nodes in /dev...
> >> >          Mounting Configuration File System...
> >> >          Starting Journal Service...
> >> > [  OK  ] Started Journal Service.
> >> > [  OK  ] Reached target Paths.
> >> > [  OK  ] Reached target Swap.
> >> >          Starting Remount Root and Kernel File Systems...
> >> >          Mounting Temporary Directory...
> >> > [  OK  ] Started Create static device nodes in /dev.
> >> >          Starting udev Kernel Device Manager...
> >> > [  OK  ] Mounted POSIX Message Queue File System.
> >> > [  OK  ] Mounted Configuration File System.
> >> > <30>systemd-udevd[20]: starting version 208
> >> > [  OK  ] Mounted Huge Pages File System.
> >> > [  OK  ] Mounted Debug File System.
> >> > [  OK  ] Mounted Temporary Directory.
> >> > [  OK  ] Started udev Coldplug all Devices.
> >> > [  OK  ] Started udev Kernel Device Manager.
> >> > [  OK  ] Started Remount Root and Kernel File Systems.
> >> > [  OK  ] Started Apply Kernel Variables.
> >> >          Starting Load/Save Random Seed...
> >> > [  OK  ] Reached target Local File Systems (Pre).
> >> >          Starting Configure read-only root support...
> >> > [  OK  ] Started Load/Save Random Seed.
> >> > [  OK  ] Reached target Sound Card.
> >> > [  OK  ] Started Configure read-only root support.
> >> > [  OK  ] Reached target Local File Systems.
> >> >          Starting Trigger Flushing of Journal to Persistent Storage...
> >> >          Starting Mark the need to relabel after reboot...
> >> >          Starting Create Volatile Files and Directories...
> >> > [  OK  ] Started Create Volatile Files and Directories.
> >> >          Starting Update UTMP about System Reboot/Shutdown...
> >> > [  OK  ] Started Mark the need to relabel after reboot.
> >> > [  OK  ] Started Update UTMP about System Reboot/Shutdown.
> >> > [  OK  ] Reached target System Initialization.
> >> > [  OK  ] Reached target Timers.
> >> > [  OK  ] Listening on D-Bus System Message Bus Socket.
> >> > [  OK  ] Reached target Sockets.
> >> > [  OK  ] Reached target Basic System.
> >> >          Starting System Logging Service...
> >> >          Starting Login Service...
> >> >          Starting D-Bus System Message Bus...
> >> > [  OK  ] Started D-Bus System Message Bus.
> >> > <46>systemd-journald[17]: Received request to flush runtime journal from PID 1
> >> > [  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
> >> >          Starting Permit User Sessions...
> >> > [  OK  ] Started Login Service.
> >> > [  OK  ] Started System Logging Service.
> >> > [  OK  ] Started Permit User Sessions.
> >> >          Starting Getty on tty3...
> >> > [  OK  ] Started Getty on tty3.
> >> >          Starting Getty on tty4...
> >> > [  OK  ] Started Getty on tty4.
> >> >          Starting Getty on tty2...
> >> > [  OK  ] Started Getty on tty2.
> >> >          Starting Getty on tty1...
> >> > [  OK  ] Started Getty on tty1.
> >> >          Starting Console Getty...
> >> > [  OK  ] Started Console Getty.
> >> > [  OK  ] Reached target Login Prompts.
> >> > [  OK  ] Reached target Multi-User System.
> >> >
> >> > Fedora release 20 (Heisenbug)
> >> > Kernel 3.14.4-200.fc20.x86_64 on an x86_64 (console)
> >> >
> >> > test login:
> >> >
> >> > Regards,
> >> > Ajith
> >> >
> >> >
> >> > On Fri, Jun 6, 2014 at 6:18 AM, Ajith Adapa <ajith.adapa at gmail.com> wrote:
> >> >> Hi guys,
> >> >>
> >> >> Thanks for the replies. I will try to upgrade my Fedora-20 with latest
> >> >> kernel and try the same.
> >> >>
> >> >>
> >> >>
> >> >> On Thu, Jun 5, 2014 at 7:51 PM, Michael H. Warfield <mhw at wittsend.com>
> >> >> wrote:
> >> >>>
> >> >>> On Thu, 2014-06-05 at 17:56 +0530, Ajith Adapa wrote:
> >> >>> > Hi,
> >> >>> >
> >> >>> > I have created an lxc container in feodra-20 with default config file
> >> >>> > and default fedora template.
> >> >>> >
> >> >>> > lxc-create -n root -t fedora
> >> >>> >
> >> >>> > When i try to start the container i am greeted with username and
> >> >>> > password prompt.What is the default username/password for
> >> >>> > lxc-container in fedora-20 ?
> >> >>> >
> >> >>> >
> >> >>> > Kernel Version
> >> >>> > ============
> >> >>>
> >> >>> > Linux localhost.localdomain 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5
> >> >>> > 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
> >> >>>
> >> >>> >
> >> >>> > LXC-version
> >> >>> > =============
> >> >>> > [root at localhost ~]# lxc-version
> >> >>> > lxc version: 0.9.0
> >> >>>
> >> >>> Ok...  Stop right there.  Seems to suddenly be a lot of people running
> >> >>> into this problem all of a sudden.  You're running on a combination of
> >> >>> old kernel and old version of LXC that do not play nice together and,
> >> >>> yes, that the early F20 kernel with the distro distributed version of
> >> >>> LXC.  We've been having an active discussion about this bug in several
> >> >>> forums.
> >> >>>
> >> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1002914
> >> >>>
> >> >>> Please note comments #6 & #7
> >> >>>
> >> >>> -- 6
> >> >>> I've noticed that this issue should be fixed in v3.13-rc1
> >> >>>
> >> >>> As mentioned in commit
> >> >>>
> >> >>>
> >> >>> http://o.cs.uvic.ca:20810/perl/cid.pl?cid=83fa6bbe4c4541ae748b550b4ec391f8a0acfe94
> >> >>>
> >> >>> CONFIG_AUDIT_LOGINUID_IMMUTABLE=y was removed. Could you please retest it
> >> >>> on the latest Fedora?
> >> >>> --
> >> >>>
> >> >>> -- 7
> >> >>> Hi,
> >> >>>  I have tried with the latest upgrades of F20 and the problem has been
> >> >>> fixed.
> >> >>>  Thank you very much for the support!
> >> >>>
> >> >>>  Regards,
> >> >>>  Enrique
> >> >>> --
> >> >>>
> >> >>> So, you have 2 choices.
> >> >>>
> >> >>> 1) Update your F20 system to the latest kernel.  My development server
> >> >>> is currently running 3.14.4-200.fc20.x86_64 from Fedora Updates.
> >> >>>
> >> >>> 2) Go through the files in ${root_fs}/etc/pam.d and make the following
> >> >>> changes:
> >> >>>
> >> >>> - session    required     pam_loginuid.so
> >> >>> + # session    required     pam_loginuid.so
> >> >>>
> >> >>> Either of those will enable you to log in once again.  If you don't to
> >> >>> either, there is no combination of user name or password that will work,
> >> >>> due to the error being generated out of pam_loginuid.so.
> >> >>> >
> >> >>> >
> >> >>> > [root at localhost ~]# lxc-start -n root
> >> >>> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
> >> >>> > +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
> >> >>> > Detected virtualization 'lxc'.
> >> >>> >
> >> >>> > Welcome to Fedora 20 (Heisenbug)!
> >> >>> >
> >> >>> > Set hostname to <root.localdomain>.
> >> >>> > [  OK  ] Reached target Remote File Systems.
> >> >>> > [  OK  ] Created slice Root Slice.
> >> >>> > [  OK  ] Created slice User and Session Slice.
> >> >>> > [  OK  ] Created slice System Slice.
> >> >>> > [  OK  ] Reached target Slices.
> >> >>> > [  OK  ] Created slice system-getty.slice.
> >> >>> > [  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
> >> >>> > [  OK  ] Listening on Delayed Shutdown Socket.
> >> >>> > Failed to open /dev/autofs: No such file or directory
> >> >>> > Failed to initialize automounter: No such file or directory
> >> >>> > [FAILED] Failed to set up automount Arbitrary Executable
> >> >>> > File...utomount Point.
> >> >>> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
> >> >>> > Unit proc-sys-fs-binfmt_misc.automount entered failed state.
> >> >>> > [  OK  ] Listening on udev Kernel Socket.
> >> >>> > [  OK  ] Listening on udev Control Socket.
> >> >>> > [  OK  ] Reached target Encrypted Volumes.
> >> >>> > [  OK  ] Listening on Journal Socket.
> >> >>> >          Starting Apply Kernel Variables...
> >> >>> >          Mounting Debug File System...
> >> >>> >          Starting udev Coldplug all Devices...
> >> >>> >          Mounting Huge Pages File System...
> >> >>> >          Mounting POSIX Message Queue File System...
> >> >>> >          Mounting FUSE Control File System...
> >> >>> >          Starting Create static device nodes in /dev...
> >> >>> >          Mounting Configuration File System...
> >> >>> >          Starting Journal Service...
> >> >>> > [  OK  ] Started Journal Service.
> >> >>> > [  OK  ] Reached target Paths.
> >> >>> > [  OK  ] Reached target Swap.
> >> >>> >          Starting Remount Root and Kernel File Systems...
> >> >>> >          Mounting Temporary Directory...
> >> >>> > [  OK  ] Started Apply Kernel Variables.
> >> >>> > [  OK  ] Mounted Debug File System.
> >> >>> > [  OK  ] Mounted Huge Pages File System.
> >> >>> > [  OK  ] Mounted POSIX Message Queue File System.
> >> >>> > [  OK  ] Mounted FUSE Control File System.
> >> >>> > [  OK  ] Started Create static device nodes in /dev.
> >> >>> > [  OK  ] Mounted Configuration File System.
> >> >>> > [  OK  ] Started Remount Root and Kernel File Systems.
> >> >>> > [  OK  ] Mounted Temporary Directory.
> >> >>> >          Starting Load/Save Random Seed...
> >> >>> >          Starting Configure read-only root support...
> >> >>> >          Starting udev Kernel Device Manager...
> >> >>> > [  OK  ] Reached target Local File Systems (Pre).
> >> >>> > <30>systemd-udevd[24]: starting version 208
> >> >>> > [  OK  ] Started Load/Save Random Seed.
> >> >>> > [  OK  ] Started udev Kernel Device Manager.
> >> >>> > [  OK  ] Started Configure read-only root support.
> >> >>> > [  OK  ] Reached target Local File Systems.
> >> >>> >          Starting Trigger Flushing of Journal to Persistent Storage...
> >> >>> >          Starting Create Volatile Files and Directories...
> >> >>> > [  OK  ] Started udev Coldplug all Devices.
> >> >>> > [  OK  ] Started Create Volatile Files and Directories.
> >> >>> >          Starting Update UTMP about System Reboot/Shutdown...
> >> >>> > <46>systemd-journald[18]: Received request to flush runtime journal
> >> >>> > from PID 1
> >> >>> > [  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
> >> >>> > [  OK  ] Started Update UTMP about System Reboot/Shutdown.
> >> >>> > [  OK  ] Reached target System Initialization.
> >> >>> > [  OK  ] Reached target Timers.
> >> >>> > [  OK  ] Listening on D-Bus System Message Bus Socket.
> >> >>> > [  OK  ] Reached target Sockets.
> >> >>> > [  OK  ] Reached target Basic System.
> >> >>> >          Starting System Logging Service...
> >> >>> >          Starting Permit User Sessions...
> >> >>> >          Starting Login Service...
> >> >>> >          Starting D-Bus System Message Bus...
> >> >>> > [  OK  ] Started D-Bus System Message Bus.
> >> >>> > [  OK  ] Started Permit User Sessions.
> >> >>> >          Starting Getty on tty3...
> >> >>> > [  OK  ] Started Getty on tty3.
> >> >>> >          Starting Getty on tty4...
> >> >>> > [  OK  ] Started Getty on tty4.
> >> >>> >          Starting Getty on tty2...
> >> >>> > [  OK  ] Started Getty on tty2.
> >> >>> >          Starting Getty on tty1...
> >> >>> > [  OK  ] Started Getty on tty1.
> >> >>> >          Starting Console Getty...
> >> >>> > [  OK  ] Started Console Getty.
> >> >>> > [  OK  ] Reached target Login Prompts.
> >> >>> >          Starting Cleanup of Temporary Directories...
> >> >>> > [  OK  ] Started System Logging Service.
> >> >>> > [  OK  ] Started Cleanup of Temporary Directories.
> >> >>> > [  OK  ] Reached target Sound Card.
> >> >>> > [  OK  ] Started Login Service.
> >> >>> > [  OK  ] Reached target Multi-User System.
> >> >>> >
> >> >>> > Fedora release 20 (Heisenbug)
> >> >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
> >> >>> >
> >> >>> > root login: root
> >> >>> > Password:
> >> >>> > Last failed login: Thu Jun  5 08:37:20 UTC 2014 on console
> >> >>> > There were 3 failed login attempts since the last successful login.
> >> >>> >
> >> >>> > Cannot make/remove an entry for the specified session
> >> >>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> >>>
> >> >>> This is the smoking gun.  This indicates precisely and exactly that you
> >> >>> are running into the pam_loginuid.so conflict bug.
> >> >>>
> >> >>> > Fedora release 20 (Heisenbug)
> >> >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console)
> >> >>> >
> >> >>> > root login:
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > Regards,
> >> >>> > Ajith
> >> >>>
> >> >>> Regards,
> >> >>> Mike
> >> >>> --
> >> >>> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
> >> >>>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
> >> >>> http://www.wittsend.com/mhw/
> >> >>>    NIC whois: MHW9          | An optimist believes we live in the best of
> >> >>> all
> >> >>>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> >> >>>
> >> >>>
> >> >>> _______________________________________________
> >> >>> lxc-users mailing list
> >> >>> lxc-users at lists.linuxcontainers.org
> >> >>> http://lists.linuxcontainers.org/listinfo/lxc-users
> >> >>
> >> >>
> >> _______________________________________________
> >> lxc-users mailing list
> >> lxc-users at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> > --
> > Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
> >    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
> >    NIC whois: MHW9          | An optimist believes we live in the best of all
> >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> >
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140606/bacedb3d/attachment-0001.sig>


More information about the lxc-users mailing list