[lxc-users] login[487]: PAM audit_log_acct_message() failed:Operation not permitted

史佩昌 shipeichang at kylinos.cn
Thu Apr 2 09:03:24 UTC 2015


I have got it. The kernel version of the two host machines is 3.14.  Maybe there are some bugs in this version. In bootargs "audit = 0" was added, the problem solved.  However "auditctl -e 0"  is ineffectiveness. 
 
 
------------------ Original ------------------
From:  "史佩昌"<shipeichang at kylinos.cn>;
Date:  Wed, Apr 1, 2015 04:29 PM
To:  "lxc-users"<lxc-users at lists.linuxcontainers.org>; 

Subject:  [lxc-users] login[487]: PAM audit_log_acct_message() failed:Operation not permitted

 
Dear,
       I have a lxc container named ginkgo1, which runs on an physic arm64 host machine. When i using "lxc-console -n ginkgo1 -t 3" to login the lxc container with the right name and Password, the "Login incorrect" was displayed. 
       Here is the full section from the /var/lib/lxc/ginkgo1/var/log/auth.log file of the host machine (Host_Machine_1):
      Apr  1 16:14:30 ginkgo1 sshd[495]: Server listening on 0.0.0.0 port 22.
      Apr  1 16:14:31 ginkgo1 su[622]: PAM audit_log_acct_message() failed: Operation not permitted
      Apr  1 16:14:31 ginkgo1 su[622]: pam_authenticate: System error
      Apr  1 16:14:31 ginkgo1 su[622]: FAILED su for buildd by root
      Apr  1 16:14:31 ginkgo1 su[622]: - /dev/lxc/console root:buildd
      Apr  1 16:14:44 ginkgo1 login[478]: PAM audit_log_acct_message() failed: Operation not permitted
      Apr  1 16:14:47 ginkgo1 login[478]: FAILED LOGIN (2) on '/dev/lxc/tty3' FOR 'ubuntu', System error

       
       Here is a healthy output from another host machine (Host_Machine_2) with the exact same configuration:
       Apr  1 16:09:12 ginkgo1 sshd[445]: Server listening on 0.0.0.0 port 22.
       Apr  1 16:09:13 ginkgo1 su[577]: Successful su for buildd by root
       Apr  1 16:09:13 ginkgo1 su[577]: + /dev/lxc/console root:buildd
       Apr  1 16:09:13 ginkgo1 su[577]: pam_unix(su:session): session opened for user buildd by (uid=0)
       Apr  1 16:09:14 ginkgo1 su[577]: pam_unix(su:session): session closed for user buildd
       Apr  1 16:09:40 ginkgo1 login[425]: pam_unix(login:session): session opened for user ubuntu by (uid=0)
       Apr  1 16:10:08 ginkgo1 sudo:   ubuntu : TTY=tty3 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/vim /var/log/auth.log
       Apr  1 16:10:08 ginkgo1 sudo: pam_unix(sudo:session): session opened for user root by LOGIN(uid=0)

       The only thing different about the two arm64 host machine, is that the kernel of Host_Machine_1 don't support apparmor while Host_Machine_2 support.
       What could be causing this? And how can I fix it/get around it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150402/02137c01/attachment.html>


More information about the lxc-users mailing list