On Sun, 03.04.11 18:01, Albert Strasheim (full...@gmail.com) wrote:
>
> Hello all
>
> On Sun, Apr 3, 2011 at 4:59 PM, Albert Strasheim <full...@gmail.com> wrote:
> > pam_loginuid(sshd:session): set_loginuid failed
>
> This one is caused by:
>
> 32 open("/proc/self/loginuid", O_WRONLY|O_TRUNC|O_NOFOLLOW) = 4
> 32 write(4, "0", 1) = -1 EPERM (Operation not permitted)
>
> This happens regardless of whether systemd-nspawn is run with sudo or
> directly as root.
This fails due to the missing auditing capabilities I'd guess.
>
> > pam_systemd(sshd:session): Failed to get user data.
>
> This is caused by my user ID not being present in the passwd file in
> the container.
Ah, interesting problem. pam_systemd uses the loginuid, but
that's the one from the container, and hence things go bad.
Hmm, not sure how to fix this in a nice way in pam_systemd: if we are in
a container we should not use the loginuid. Only way I see is by
explicitly checking for PID namespaces...
Lennart
--
Lennart Poettering - Red Hat, Inc.
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
