[lxc-users] ubuntu utopic (14.10) permission problems?

Norberto Bensa nbensa+lxcusers at gmail.com
Thu Mar 12 01:58:44 UTC 2015


This one is a kernel issue. Going back to trusty's kernel solves these
issues with mailq and pam/kerberos/ldap.

Good kernel:

ii  linux-image-3.13.0-46-generic                         3.13.0-46.77
                        amd64        Linux kernel image for version 3.13.0
on 64 bit x86 SMP

Bad:

ii  linux-image-3.16.0-31-generic                         3.16.0-31.43
                        amd64        Linux kernel image for version 3.16.0
on 64 bit x86 SMP





2015-03-11 22:14 GMT-03:00 Norberto Bensa <nbensa+lxcusers at gmail.com>:

> Update.
>
> # mailq
> Mail queue is empty
> # mailq
> postqueue: warning: close: Permission denied
>
>
> Same session. Less than a second between two consecutive mailq commands.
> So I made this test:
>
> # for i in {1..1000}; do mailq 2>&1 |grep Mail; done
> Mail queue is empty
> # for i in {1..1000}; do mailq 2>&1 |grep Mail; done
> # for i in {1..1000}; do mailq 2>&1 |grep Mail; done
> Mail queue is empty
>
> Does this ring any bell? I'm using postfix as an example but I think this
> is related to my kerberos/ldap/pam problem. Postfix is just easier to set
> up :-)
>
> Thanks!
>
>
>
>
> 2015-03-11 0:42 GMT-03:00 Norberto Bensa <nbensa+lxcusers at gmail.com>:
>
> Hello,
>>
>> I upgraded my main box to ubuntu 14.10 and now my containers are failing
>> with weird permission problems. A simple test is this:
>>
>> $ sudo lxc-create -t ubuntu -n testing -- -r trusty
>>
>> In the containter install postfix (sudo apt-get install postfix). After a
>> basic postfix configuration, run mailq:
>>
>> $ mailq
>> postqueue: warning: close: Permission denied
>>
>> $ sudo mailq
>> postqueue: warning: close: Permission denied
>>
>>
>> Others containters are also failing with pam (?) related issues. For
>> example:
>>
>> $ ssh dana
>> Connection closed by 10.11.101.3
>>
>> Now this one is more interesting for me because "dana" uses kerberos and
>> ldap. When I attach to the container, auth.log says:
>>
>> Mar 11 00:20:15 dana sshd[1503]: Authorized to zoolook, krb5 principal
>> zoolook at BENSA.AR (krb5_kuserok)
>> Mar 11 00:20:15 dana sshd[1503]: fatal: Access denied for user zoolook by
>> PAM account configuration [preauth]
>>
>> This container was working with ubuntu trusty on the host BUT it also
>> failed when I tried utopic kernels on the host
>> (linux-image-generic-lts-utopic).
>>
>> Does anyone have any idea what it's going on?
>>
>> Thanks in advance,
>> Norberto
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150311/c9f5a778/attachment.html>


More information about the lxc-users mailing list