[lxc-users] ubuntu utopic (14.10) permission problems?
Norberto Bensa
nbensa+lxcusers at gmail.com
Thu Mar 12 02:01:08 UTC 2015
And of course it's a bug and is reported.
https://bugs.launchpad.net/ubuntu/utopic/+source/linux/+bug/1390223
2015-03-11 22:58 GMT-03:00 Norberto Bensa <nbensa+lxcusers at gmail.com>:
> This one is a kernel issue. Going back to trusty's kernel solves these
> issues with mailq and pam/kerberos/ldap.
>
> Good kernel:
>
> ii linux-image-3.13.0-46-generic 3.13.0-46.77
> amd64 Linux kernel image for version 3.13.0
> on 64 bit x86 SMP
>
> Bad:
>
> ii linux-image-3.16.0-31-generic 3.16.0-31.43
> amd64 Linux kernel image for version 3.16.0
> on 64 bit x86 SMP
>
>
>
>
>
> 2015-03-11 22:14 GMT-03:00 Norberto Bensa <nbensa+lxcusers at gmail.com>:
>
> Update.
>>
>> # mailq
>> Mail queue is empty
>> # mailq
>> postqueue: warning: close: Permission denied
>>
>>
>> Same session. Less than a second between two consecutive mailq commands.
>> So I made this test:
>>
>> # for i in {1..1000}; do mailq 2>&1 |grep Mail; done
>> Mail queue is empty
>> # for i in {1..1000}; do mailq 2>&1 |grep Mail; done
>> # for i in {1..1000}; do mailq 2>&1 |grep Mail; done
>> Mail queue is empty
>>
>> Does this ring any bell? I'm using postfix as an example but I think this
>> is related to my kerberos/ldap/pam problem. Postfix is just easier to set
>> up :-)
>>
>> Thanks!
>>
>>
>>
>>
>> 2015-03-11 0:42 GMT-03:00 Norberto Bensa <nbensa+lxcusers at gmail.com>:
>>
>> Hello,
>>>
>>> I upgraded my main box to ubuntu 14.10 and now my containers are failing
>>> with weird permission problems. A simple test is this:
>>>
>>> $ sudo lxc-create -t ubuntu -n testing -- -r trusty
>>>
>>> In the containter install postfix (sudo apt-get install postfix). After
>>> a basic postfix configuration, run mailq:
>>>
>>> $ mailq
>>> postqueue: warning: close: Permission denied
>>>
>>> $ sudo mailq
>>> postqueue: warning: close: Permission denied
>>>
>>>
>>> Others containters are also failing with pam (?) related issues. For
>>> example:
>>>
>>> $ ssh dana
>>> Connection closed by 10.11.101.3
>>>
>>> Now this one is more interesting for me because "dana" uses kerberos and
>>> ldap. When I attach to the container, auth.log says:
>>>
>>> Mar 11 00:20:15 dana sshd[1503]: Authorized to zoolook, krb5 principal
>>> zoolook at BENSA.AR (krb5_kuserok)
>>> Mar 11 00:20:15 dana sshd[1503]: fatal: Access denied for user zoolook
>>> by PAM account configuration [preauth]
>>>
>>> This container was working with ubuntu trusty on the host BUT it also
>>> failed when I tried utopic kernels on the host
>>> (linux-image-generic-lts-utopic).
>>>
>>> Does anyone have any idea what it's going on?
>>>
>>> Thanks in advance,
>>> Norberto
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150311/699ccec2/attachment.html>
More information about the lxc-users
mailing list