[lxc-users] Status: Debian Jessie support for unprivileged containers?
Carlos Alberto Lopez Perez
clopez at igalia.com
Fri Jan 8 19:23:51 UTC 2016
On 13/10/15 12:11, Xavier Gendre wrote:
>
> You can run unprivileged Jessie container in a Jessie host. The point is
> that the container fails to start mainly because of systemd in the
> Jessie container.
>
> To tackle that problem, i create a custom image of Jessie without
> systemd and it runs perfectly. I give the details to create the image
> and the container in my blog (in french, sorry):
>
> https://www.meseira.fr/blog/post/2015/08/02/unprivileged-jessie-container/
Is not that simple.
Once you replace systemd with sysvinit in the container, you get it
booting and starting the services, but you can't login on it (via the
login prompt) or ssh on it.
You will get the following error:
" Cannot make/remove an entry for the specified session "
This is caused because Debian now requires pam_loginuid for both login
an sshd
# grep pam_loginuid /etc/pam.d/*
/etc/pam.d/login:session required pam_loginuid.so
/etc/pam.d/sshd:session required pam_loginuid.so
You have to remove that line from both files to be able to login on the
container via the login prompt or via ssh
More info:
http://gaijin-nippon.blogspot.com.es/2013/07/audit-on-lxc-host.html
https://www.pld-linux.org/docs/lxc#loginuid
https://github.com/lxc/lxc/issues/661
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160108/5aa9628d/attachment.sig>
More information about the lxc-users
mailing list