[lxc-users] User authentication in containers via libnss-mysql

Andre Nathan andre at digirati.com.br
Wed Sep 10 12:31:40 UTC 2014


On 09/09/2014 05:46 PM, Andre Nathan wrote:
> I'm running Ubuntu 14.04 with LXC 1.0.4-0ubuntu0.1. I'm running a
> container whose filesystem is populated via bind-mounts from the host.
> The container starts up fine but for some reason calls to getpwnam()
> block forever in a futex() call before being able to access the
> libnss-mysql-bg configuration. Local users are found as expected, and
> everything works fine from an lxc-attach session, but not from
> lxc-console when logged in as a normal user.

Fixed it :)

For the record, between Ubuntu 12.04 and 14.04 the libnss-mysql-bg
package was patched[1] and one side effect of that patch is that
/etc/libnss-mysql-root.cfg needs to be readable by the shadow group. My
configuration had the file created on the container with mode 400
root:root. Changing it to 440 root:shadow fixed the issue.

Cheers,
Andre

[1]https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641404


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140910/87508c74/attachment.sig>


More information about the lxc-users mailing list