Your message dated Fri, 16 Feb 2024 18:44:21 +0100
with message-id <87y1bkwbfp.fsf@daath>
and subject line Re: [pkg-lxc-devel] Bug#831850: lxc: Please add a way to set
root password for debian template
has caused the Debian Bug report #831850,
regarding lxc: Please add a way to set root password for debian template
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
831850: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831850
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: lxc
Version: 1:2.0.3-1
Severity: normal
Hi,
I saw the sentence added to the README.Debian claiming that
"Most templates ship without a root password", but this seems false.
Looking at the other templates it seems that a lot of them (ie.
Fedora/Centos) are setting a root password, basically only ubuntu and
debian now are not doing so.
More over there is an effort on their side to make the default images more
secure:
https://fedoraproject.org/wiki/LXC_Template_Security_Improvements
Shouldn't debian follow the scheme used by Fedora/CentOS to set the root
password?
Or at least generate a default random password?
The extra actions needed to set a root password after the installation
of the image are not completely obvious.
Cheers,
Laurent Bigonville
-- System Information:
Debian Release: stretch/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lxc depends on:
ii init-system-helpers 1.39
ii libapparmor1 2.10.95-4
ii libc6 2.23-2
ii libcap2 1:2.25-1
ii liblxc1 1:2.0.3-1
ii libseccomp2 2.3.1-2
ii libselinux1 2.5-3
ii python3 3.5.1-4
pn python3:any <none>
Versions of packages lxc recommends:
ii bridge-utils 1.5-9
ii cgmanager 0.41-2
ii debootstrap 1.0.81
ii dnsmasq-base 2.76-2
ii iptables 1.6.0-2
pn libpam-cgfs <none>
ii lxcfs 2.0.2-1
ii openssl 1.0.2h-1
ii rsync 3.1.1-3
ii uidmap 1:4.2-3.1
Versions of packages lxc suggests:
pn apparmor <none>
ii btrfs-tools 4.5.2-1
ii lua5.2 5.2.4-1
ii lvm2 2.02.160-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Hi,
After starting a container, one can do:
lxc-unpriv-attach ct
passwd
And be done.
Mathias Gibbens <[email protected]> wrote on 11/02/2024 at 02:41:28+0100:
> [[PGP Signed Part:No public key for 29EEE2D6ECF442F9 created at
> 2024-02-11T02:41:28+0100 using RSA]]
> Control: tags -1 + wontfix
>
> Given that we've now had four releases of Debian without the
> capability to set a root password via template argument and that the
> upstream project is depreciated, I don't think it's worth the effort to
> add this capability back -- tagging with wontfix. It's still documented
> in lxc's README.Debian that you can run `lxc-attach -n <container>
> passwd` to set a root password if really needed.
>
> Mathias
>
> [[End of PGP Signed Part]]
> _______________________________________________
> Pkg-lxc-devel mailing list
> [email protected]
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-lxc-devel
signature.asc
Description: PGP signature
--- End Message ---
