[lxc-users] Status: Debian Jessie support for unprivileged containers?

Fajar A. Nugraha list at fajar.net
Sat Jan 9 02:23:24 UTC 2016


On Sat, Jan 9, 2016 at 3:40 AM, Xavier Gendre <gendre.reivax at gmail.com> wrote:
> Hello Carlos,
>
>> Once you replace systemd with sysvinit in the container, you get it
>> booting and starting the services, but you can't login on it (via the
>> login prompt) or ssh on it.
>
> I didn't know that, i always use lxc-attach to get a prompt in my
> containers and it works like a charm.
>
>> You will get the following error:
>>
>> " Cannot make/remove an entry for the specified session "
>>
>> This is caused because Debian now requires pam_loginuid for both login
>> an sshd
>>
>> # grep pam_loginuid  /etc/pam.d/*
>> /etc/pam.d/login:session    required     pam_loginuid.so
>> /etc/pam.d/sshd:session    required     pam_loginuid.so
>>
>> You have to remove that line from both files to be able to login on the
>> container via the login prompt or via ssh
>
> Thanks for that point, i will use it one day if i need to properly login
> or ssh into one of my containers.


Hmmm ... I wonder why this old thread is suddenly active again.

Anyway, I wrote this several months ago, should be the easiest way to
get unpriv jessie on jessie: http://debian-lxc.github.io/
The repo has lxc-1.1.5 and cgmanager, ported from ubuntu.

You can choose between a custom cgroup (like what you suggested in
eariler mail), or have systemd create it automatically with a ported
ubuntu's version of systemd (also available in the repo). It also
address ssh login issue (by comenting out the pam_loginuid line above)
and root-inside-container-path issue (by using "lxc-attach -n
CONTAINER_NAME -- sudo -i")

-- 
Fajar


More information about the lxc-users mailing list