On Fri, 2014-06-06 at 09:44 -0400, Michael H. Warfield wrote:
> On Fri, 2014-06-06 at 09:22 +0530, Ajith Adapa wrote:
> > @Michael
>
> > Sorry seems I have shared wrong log in previous mail. As you can see I
> > have commented the line in all files under /ete/pam.d
>
> > # cd /etc/pam.d
> > # grep -rin pam_loginuid *
> > atd:8:#session required pam_loginuid.so
> > crond:8:#session required pam_loginuid.so
> > gdm-autologin:9:#session required pam_loginuid.so
> > gdm-fingerprint:10:#session required pam_loginuid.so
> > gdm-password:12:#session required pam_loginuid.so
> > gdm-pin:14:#session required pam_loginuid.so
> > gdm-smartcard:10:#session required pam_loginuid.so
> > login:10:#session required pam_loginuid.so
> > pluto:16:#session required pam_loginuid.so
> > remote:10:#session required pam_loginuid.so
> > sshd:10:#session required pam_loginuid.so
>
> Is that in your host /etc/pam.d or in your container
> ${rootfs}/etc/pam.d ?> From your previous message, I would say to look in: Damn copy and paste error... The line above should be below the paragraph below. > Looks like the former. It has to be done in the container, not in the > host. You should NOT do this in the host root file system. From your previous message, I would say to look in: /var/lib/lxc/test/rootfs/etc/pam.d/* > > Regards, > > Ajith > > Regards, > Mike > > > > > On Fri, Jun 6, 2014 at 9:07 AM, Ajith Adapa <ajith.ad...@gmail.com> wrote: > > > Hi Michael, > > > > > > I have updated Fedora-20 to latest kernel version. > > > > > > # uname -a > > > Linux localhost.localdomain 3.14.4-200.fc20.x86_64 #1 SMP Tue May 13 > > > 13:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux > > > > > > and commented out the line in /etc/pam.d/sshd file > > > > > > # cat /etc/pam.d/sshd > > > #%PAM-1.0 > > > auth required pam_sepermit.so > > > auth substack password-auth > > > auth include postlogin > > > account required pam_nologin.so > > > account include password-auth > > > password include password-auth > > > # pam_selinux.so close should be the first session rule > > > session required pam_selinux.so close > > > #session required pam_loginuid.so > > > # pam_selinux.so open should only be followed by sessions to be > > > executed in the user context > > > session required pam_selinux.so open env_params > > > session optional pam_keyinit.so force revoke > > > session include password-auth > > > session include postlogin > > > > > > But still face the same problem when I create and start a new LXC > > > container. > > > > > > @Fajar > > > > > > I tried again creating new lxc container but havent seen any password > > > in output log > > > > > > # lxc-create -n test -t fedora > > > > > > lxc-create: No config file specified, using the default config > > > /etc/lxc/default. > > > conf > > > Host CPE ID from /etc/os-release: cpe:/o:fedoraproject:fedora:20 > > > Checking cache download in /var/cache/lxc/fedora/x86_64/20/rootfs ... > > > Cache found. Updating... > > > Loaded plugins: langpacks, refresh-packagekit > > > Could not get metalink > > > https://mirrors.fedoraproject.org/metalink?repo=updates-r > > > eleased-f20&arch=x86_64 error was > > > 14: curl#6 - "Could not resolve host: mirrors.fedoraproject.org" > > > No packages marked for update > > > Update finished > > > Copy /var/cache/lxc/fedora/x86_64/20/rootfs to /var/lib/lxc/test/rootfs > > > ... > > > Copying rootfs to /var/lib/lxc/test/rootfs ...setting root passwd to root > > > installing fedora-release package > > > Package fedora-release-20-3.noarch already installed and latest version > > > Nothing to do > > > unlink: cannot unlink > > > â/var/lib/lxc/test/rootfs/etc/systemd/system/default.targe > > > tâ: No such file or directory > > > container rootfs and config created > > > 'fedora' template installed > > > 'test' created > > > > > > > > > # lxc-start -n test > > > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX > > > +IMA +SYSVINI T > > > +LIBCRYPTSETUP +GCRYPT +ACL +XZ) > > > Detected virtualization 'lxc'. > > > > > > Welcome to Fedora 20 (Heisenbug)! > > > > > > Set hostname to <test.localdomain>. > > > Initializing machine ID from KVM UUID. > > > [ OK ] Reached target Remote File Systems. > > > [ OK ] Created slice Root Slice. > > > [ OK ] Created slice User and Session Slice. > > > [ OK ] Created slice System Slice. > > > [ OK ] Reached target Slices. > > > [ OK ] Created slice system-getty.slice. > > > [ OK ] Listening on /dev/initctl Compatibility Named Pipe. > > > [ OK ] Listening on Delayed Shutdown Socket. > > > Failed to open /dev/autofs: No such file or directory > > > Failed to initialize automounter: No such file or directory > > > [FAILED] Failed to set up automount Arbitrary Executable File...utomount > > > Point. > > > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details. > > > Unit proc-sys-fs-binfmt_misc.automount entered failed state. > > > [ OK ] Listening on udev Kernel Socket. > > > [ OK ] Listening on udev Control Socket. > > > [ OK ] Reached target Encrypted Volumes. > > > [ OK ] Listening on Journal Socket. > > > Starting Apply Kernel Variables... > > > Mounting Debug File System... > > > Starting udev Coldplug all Devices... > > > Mounting Huge Pages File System... > > > Mounting POSIX Message Queue File System... > > > Starting Create static device nodes in /dev... > > > Mounting Configuration File System... > > > Starting Journal Service... > > > [ OK ] Started Journal Service. > > > [ OK ] Reached target Paths. > > > [ OK ] Reached target Swap. > > > Starting Remount Root and Kernel File Systems... > > > Mounting Temporary Directory... > > > [ OK ] Started Create static device nodes in /dev. > > > Starting udev Kernel Device Manager... > > > [ OK ] Mounted POSIX Message Queue File System. > > > [ OK ] Mounted Configuration File System. > > > <30>systemd-udevd[20]: starting version 208 > > > [ OK ] Mounted Huge Pages File System. > > > [ OK ] Mounted Debug File System. > > > [ OK ] Mounted Temporary Directory. > > > [ OK ] Started udev Coldplug all Devices. > > > [ OK ] Started udev Kernel Device Manager. > > > [ OK ] Started Remount Root and Kernel File Systems. > > > [ OK ] Started Apply Kernel Variables. > > > Starting Load/Save Random Seed... > > > [ OK ] Reached target Local File Systems (Pre). > > > Starting Configure read-only root support... > > > [ OK ] Started Load/Save Random Seed. > > > [ OK ] Reached target Sound Card. > > > [ OK ] Started Configure read-only root support. > > > [ OK ] Reached target Local File Systems. > > > Starting Trigger Flushing of Journal to Persistent Storage... > > > Starting Mark the need to relabel after reboot... > > > Starting Create Volatile Files and Directories... > > > [ OK ] Started Create Volatile Files and Directories. > > > Starting Update UTMP about System Reboot/Shutdown... > > > [ OK ] Started Mark the need to relabel after reboot. > > > [ OK ] Started Update UTMP about System Reboot/Shutdown. > > > [ OK ] Reached target System Initialization. > > > [ OK ] Reached target Timers. > > > [ OK ] Listening on D-Bus System Message Bus Socket. > > > [ OK ] Reached target Sockets. > > > [ OK ] Reached target Basic System. > > > Starting System Logging Service... > > > Starting Login Service... > > > Starting D-Bus System Message Bus... > > > [ OK ] Started D-Bus System Message Bus. > > > <46>systemd-journald[17]: Received request to flush runtime journal from > > > PID 1 > > > [ OK ] Started Trigger Flushing of Journal to Persistent Storage. > > > Starting Permit User Sessions... > > > [ OK ] Started Login Service. > > > [ OK ] Started System Logging Service. > > > [ OK ] Started Permit User Sessions. > > > Starting Getty on tty3... > > > [ OK ] Started Getty on tty3. > > > Starting Getty on tty4... > > > [ OK ] Started Getty on tty4. > > > Starting Getty on tty2... > > > [ OK ] Started Getty on tty2. > > > Starting Getty on tty1... > > > [ OK ] Started Getty on tty1. > > > Starting Console Getty... > > > [ OK ] Started Console Getty. > > > [ OK ] Reached target Login Prompts. > > > [ OK ] Reached target Multi-User System. > > > > > > Fedora release 20 (Heisenbug) > > > Kernel 3.14.4-200.fc20.x86_64 on an x86_64 (console) > > > > > > test login: > > > > > > Regards, > > > Ajith > > > > > > > > > On Fri, Jun 6, 2014 at 6:18 AM, Ajith Adapa <ajith.ad...@gmail.com> wrote: > > >> Hi guys, > > >> > > >> Thanks for the replies. I will try to upgrade my Fedora-20 with latest > > >> kernel and try the same. > > >> > > >> > > >> > > >> On Thu, Jun 5, 2014 at 7:51 PM, Michael H. Warfield <m...@wittsend.com> > > >> wrote: > > >>> > > >>> On Thu, 2014-06-05 at 17:56 +0530, Ajith Adapa wrote: > > >>> > Hi, > > >>> > > > >>> > I have created an lxc container in feodra-20 with default config file > > >>> > and default fedora template. > > >>> > > > >>> > lxc-create -n root -t fedora > > >>> > > > >>> > When i try to start the container i am greeted with username and > > >>> > password prompt.What is the default username/password for > > >>> > lxc-container in fedora-20 ? > > >>> > > > >>> > > > >>> > Kernel Version > > >>> > ============ > > >>> > > >>> > Linux localhost.localdomain 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 > > >>> > 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux > > >>> > > >>> > > > >>> > LXC-version > > >>> > ============= > > >>> > [root@localhost ~]# lxc-version > > >>> > lxc version: 0.9.0 > > >>> > > >>> Ok... Stop right there. Seems to suddenly be a lot of people running > > >>> into this problem all of a sudden. You're running on a combination of > > >>> old kernel and old version of LXC that do not play nice together and, > > >>> yes, that the early F20 kernel with the distro distributed version of > > >>> LXC. We've been having an active discussion about this bug in several > > >>> forums. > > >>> > > >>> https://bugzilla.redhat.com/show_bug.cgi?id=1002914 > > >>> > > >>> Please note comments #6 & #7 > > >>> > > >>> -- 6 > > >>> I've noticed that this issue should be fixed in v3.13-rc1 > > >>> > > >>> As mentioned in commit > > >>> > > >>> > > >>> http://o.cs.uvic.ca:20810/perl/cid.pl?cid=83fa6bbe4c4541ae748b550b4ec391f8a0acfe94 > > >>> > > >>> CONFIG_AUDIT_LOGINUID_IMMUTABLE=y was removed. Could you please retest > > >>> it > > >>> on the latest Fedora? > > >>> -- > > >>> > > >>> -- 7 > > >>> Hi, > > >>> I have tried with the latest upgrades of F20 and the problem has been > > >>> fixed. > > >>> Thank you very much for the support! > > >>> > > >>> Regards, > > >>> Enrique > > >>> -- > > >>> > > >>> So, you have 2 choices. > > >>> > > >>> 1) Update your F20 system to the latest kernel. My development server > > >>> is currently running 3.14.4-200.fc20.x86_64 from Fedora Updates. > > >>> > > >>> 2) Go through the files in ${root_fs}/etc/pam.d and make the following > > >>> changes: > > >>> > > >>> - session required pam_loginuid.so > > >>> + # session required pam_loginuid.so > > >>> > > >>> Either of those will enable you to log in once again. If you don't to > > >>> either, there is no combination of user name or password that will work, > > >>> due to the error being generated out of pam_loginuid.so. > > >>> > > > >>> > > > >>> > [root@localhost ~]# lxc-start -n root > > >>> > systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX > > >>> > +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ) > > >>> > Detected virtualization 'lxc'. > > >>> > > > >>> > Welcome to Fedora 20 (Heisenbug)! > > >>> > > > >>> > Set hostname to <root.localdomain>. > > >>> > [ OK ] Reached target Remote File Systems. > > >>> > [ OK ] Created slice Root Slice. > > >>> > [ OK ] Created slice User and Session Slice. > > >>> > [ OK ] Created slice System Slice. > > >>> > [ OK ] Reached target Slices. > > >>> > [ OK ] Created slice system-getty.slice. > > >>> > [ OK ] Listening on /dev/initctl Compatibility Named Pipe. > > >>> > [ OK ] Listening on Delayed Shutdown Socket. > > >>> > Failed to open /dev/autofs: No such file or directory > > >>> > Failed to initialize automounter: No such file or directory > > >>> > [FAILED] Failed to set up automount Arbitrary Executable > > >>> > File...utomount Point. > > >>> > See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details. > > >>> > Unit proc-sys-fs-binfmt_misc.automount entered failed state. > > >>> > [ OK ] Listening on udev Kernel Socket. > > >>> > [ OK ] Listening on udev Control Socket. > > >>> > [ OK ] Reached target Encrypted Volumes. > > >>> > [ OK ] Listening on Journal Socket. > > >>> > Starting Apply Kernel Variables... > > >>> > Mounting Debug File System... > > >>> > Starting udev Coldplug all Devices... > > >>> > Mounting Huge Pages File System... > > >>> > Mounting POSIX Message Queue File System... > > >>> > Mounting FUSE Control File System... > > >>> > Starting Create static device nodes in /dev... > > >>> > Mounting Configuration File System... > > >>> > Starting Journal Service... > > >>> > [ OK ] Started Journal Service. > > >>> > [ OK ] Reached target Paths. > > >>> > [ OK ] Reached target Swap. > > >>> > Starting Remount Root and Kernel File Systems... > > >>> > Mounting Temporary Directory... > > >>> > [ OK ] Started Apply Kernel Variables. > > >>> > [ OK ] Mounted Debug File System. > > >>> > [ OK ] Mounted Huge Pages File System. > > >>> > [ OK ] Mounted POSIX Message Queue File System. > > >>> > [ OK ] Mounted FUSE Control File System. > > >>> > [ OK ] Started Create static device nodes in /dev. > > >>> > [ OK ] Mounted Configuration File System. > > >>> > [ OK ] Started Remount Root and Kernel File Systems. > > >>> > [ OK ] Mounted Temporary Directory. > > >>> > Starting Load/Save Random Seed... > > >>> > Starting Configure read-only root support... > > >>> > Starting udev Kernel Device Manager... > > >>> > [ OK ] Reached target Local File Systems (Pre). > > >>> > <30>systemd-udevd[24]: starting version 208 > > >>> > [ OK ] Started Load/Save Random Seed. > > >>> > [ OK ] Started udev Kernel Device Manager. > > >>> > [ OK ] Started Configure read-only root support. > > >>> > [ OK ] Reached target Local File Systems. > > >>> > Starting Trigger Flushing of Journal to Persistent Storage... > > >>> > Starting Create Volatile Files and Directories... > > >>> > [ OK ] Started udev Coldplug all Devices. > > >>> > [ OK ] Started Create Volatile Files and Directories. > > >>> > Starting Update UTMP about System Reboot/Shutdown... > > >>> > <46>systemd-journald[18]: Received request to flush runtime journal > > >>> > from PID 1 > > >>> > [ OK ] Started Trigger Flushing of Journal to Persistent Storage. > > >>> > [ OK ] Started Update UTMP about System Reboot/Shutdown. > > >>> > [ OK ] Reached target System Initialization. > > >>> > [ OK ] Reached target Timers. > > >>> > [ OK ] Listening on D-Bus System Message Bus Socket. > > >>> > [ OK ] Reached target Sockets. > > >>> > [ OK ] Reached target Basic System. > > >>> > Starting System Logging Service... > > >>> > Starting Permit User Sessions... > > >>> > Starting Login Service... > > >>> > Starting D-Bus System Message Bus... > > >>> > [ OK ] Started D-Bus System Message Bus. > > >>> > [ OK ] Started Permit User Sessions. > > >>> > Starting Getty on tty3... > > >>> > [ OK ] Started Getty on tty3. > > >>> > Starting Getty on tty4... > > >>> > [ OK ] Started Getty on tty4. > > >>> > Starting Getty on tty2... > > >>> > [ OK ] Started Getty on tty2. > > >>> > Starting Getty on tty1... > > >>> > [ OK ] Started Getty on tty1. > > >>> > Starting Console Getty... > > >>> > [ OK ] Started Console Getty. > > >>> > [ OK ] Reached target Login Prompts. > > >>> > Starting Cleanup of Temporary Directories... > > >>> > [ OK ] Started System Logging Service. > > >>> > [ OK ] Started Cleanup of Temporary Directories. > > >>> > [ OK ] Reached target Sound Card. > > >>> > [ OK ] Started Login Service. > > >>> > [ OK ] Reached target Multi-User System. > > >>> > > > >>> > Fedora release 20 (Heisenbug) > > >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console) > > >>> > > > >>> > root login: root > > >>> > Password: > > >>> > Last failed login: Thu Jun 5 08:37:20 UTC 2014 on console > > >>> > There were 3 failed login attempts since the last successful login. > > >>> > > > >>> > Cannot make/remove an entry for the specified session > > >>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > >>> > > >>> This is the smoking gun. This indicates precisely and exactly that you > > >>> are running into the pam_loginuid.so conflict bug. > > >>> > > >>> > Fedora release 20 (Heisenbug) > > >>> > Kernel 3.11.10-301.fc20.x86_64 on an x86_64 (console) > > >>> > > > >>> > root login: > > >>> > > > >>> > > > >>> > > > >>> > Regards, > > >>> > Ajith > > >>> > > >>> Regards, > > >>> Mike > > >>> -- > > >>> Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com > > >>> /\/\|=mhw=|\/\/ | (678) 463-0932 | > > >>> http://www.wittsend.com/mhw/ > > >>> NIC whois: MHW9 | An optimist believes we live in the best > > >>> of > > >>> all > > >>> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of > > >>> it! > > >>> > > >>> > > >>> _______________________________________________ > > >>> lxc-users mailing list > > >>> lxc-users@lists.linuxcontainers.org > > >>> http://lists.linuxcontainers.org/listinfo/lxc-users > > >> > > >> > > _______________________________________________ > > lxc-users mailing list > > lxc-users@lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-users > -- Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
