Further information: On Wed, 2014-06-04 at 12:57 -0400, Michael H. Warfield wrote: > Hello,
> On Thu, 2014-06-05 at 02:10 +1100, Dmitry Kolesov wrote: > > Hello, > > > > > > I created container from lxc-fedora template. My operation system is > > Fedora 20. > > The kernel is 3.14.0 x86_64. > > When I start conteiner there is one fail message: > > [FAILED] Failed to set up automount Arbitrary Executable > > File...utomount Point. > > All another messages are "OK". > > But when I try to login into I have message: "Login incorrect". > > I tryed to chroot into rootfs directory and I have changed root's > > password. > > But I always have this message: "Login incorrect". > > SELinux is disabled in my main OS. > > Could somebody help me to login into? > Yeah, I can take a pretty good guess what the problem might be. > First a few questions. > 1) What is the host distro (I'm guessing Fedora or CentOS)? > 2) What version of LXC are you running? > 3) Was LXC installed/built from the distro or from recent tarball or > from git? If from git, when? > 4) Logging in on the lxc-start console, using lxc-console or using ssh? 5) Have you updated to the latest kernel update for F20? My dev system is running 3.14.4-200.fc20.x86_64. Your kernel rev doesn't seem to be a stock Fedora rev string so I'm maybe guessing you are not on Fedora after all? What you are running into is likely this bug. https://bugzilla.redhat.com/show_bug.cgi?id=1002914 This is a kernel configuration issue. Note comment #6: -- I've noticed that this issue should be fixed in v3.13-rc1 As mentioned in commit http://o.cs.uvic.ca:20810/perl/cid.pl?cid=83fa6bbe4c4541ae748b550b4ec391f8a0acfe94 CONFIG_AUDIT_LOGINUID_IMMUTABLE=y was removed. Could you please retest it on the latest Fedora? -- And #7: -- Hi, I have tried with the latest upgrades of F20 and the problem has been fixed. Thank you very much for the support! Regards, Enrique -- I'm deducing here that if "CONFIG_AUDIT_LOGINUID_IMMUTABLE=y" in the kernel config, then you are going to run into this problem. Check that config option for your kernel build. If that's a custom kernel, then you can also get rid of that and be able to set the login uid in a container (probably a good idea). If you are on Fedora, please update to the latest stock build and retest, according to that bug report. > So, now I'll take some WAGs (wild ass guesses) with little to go on. If > you're running the distro stock version of LXC on a Fedora 20 host (most > likely if you're building Fedora 20 containers) then you're probably > running an out of date version of LXC. Latest version from Fedora 20 > Updates is 0.9.0 and I'm not overly surprised you're running into this > problem. Even Fedora rawhide (to be Fedora 21) is only sporting 0.9.0, > sigh... Nothing encouraging in Updates Testing either, so I guess > someone needs to file a bugzilla request to rebase it. > > Check in your container ${root_fs}/etc/pam.d directory for files > containing this line: > > session required pam_loginuid.so > > Most especially the files "login" and "sshd" but others as well. > > If that line exists and is not commented out (leading hash #), that's > most likely your problem. You might have also seen an error about > unable to set session something or another, it's been a while since I > looked at it. That might have only shown up in the log files, I don't > recall. Comment out that line in every file that has it. > > Around between Fedora 19 and Fedora 20, they introduced some changes > regarding this whole "login uid" and pam_loginuid is no longer able to > set a login uid when running in a container. I added code to the > lxc-fedora template to comment out all those lines in the pam.d files. > But, I think that went into the 1.0.0 release and was probably not in > the 0.9.0 release. We're currently on release 1.0.3 with 1.0.4 on the > near horizon. > > Once those lines are commented out, you should be able to log in. > That's all assuming what I'm guessing you are running but it's > consistent with what I would expect. > > I would also strongly recommend upgrading to 1.0.3 or 1.0.4 when it's > out, if you're not already there. 1.0.4 is going to have some > significant improvements to the bootup and autostart processes (which > don't even exist in 0.9.0). > > > Regards, > > Dmitry Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users