On Thu, 09.05.13 14:38, Daniel P. Berrange (berra...@redhat.com) wrote: > > On Thu, May 09, 2013 at 03:32:09PM +0200, Lennart Poettering wrote: > > On Thu, 09.05.13 11:38, Daniel P. Berrange (berra...@redhat.com) wrote: > > > > > Following the suggestion in the systemd-nspawn manpage I populated > > > a mini Fedora 19 chroot, on a Fedora 19 host > > > > > > # yum -y --releasever=19 --nogpg --installroot=/srv/mycontainer \ > > > --disablerepo='*' --enablerepo=fedora \ > > > install systemd passwd yum fedora-release vim-minimal > > > # chroot /srv/mycontainer passwd > > > # systemd-nspawn -bD /srv/mycontainer > > > > > > Systemd boots up nicely & presents a login prompt, but it is impossible > > > to actually login, PAM always denying the attempts. > > > > Yeah, this is a known problem. We generally suggest to turn off audit > > by booting with audit=0 on the kernel cmdline for now: > > > > https://fedoraproject.org/wiki/Features/SystemdLightweightContainers > > > > I guess I should add a comment about this to nspawn's man page too. > > > > The audit folks are working on adding container awareness to the audit > > subsystem in the kernel (which basically means that audit messages carry > > the outside PID of PID1 of the container, so that auditd can track this > > properly). Currently audit is completely confused by PID > > namespacing. Also, we want them to fix for us that opening a PID > > namespace resets loginuid in the container to -1. We have discussed this > > several times with them, and they wanted to something about it, but so > > far nothing happened. But we'll have another meeting about this next > > week, so I can put some pressure on this. > > Did you file any BZs against the kernel for this ? If not I'll sort > out some BZs to track these problems.
There's https://bugzilla.redhat.com/show_bug.cgi?id=893751 But this probably deserves two separate bugs against the kernel either on rhbz or on upstream kernel bugzilla. Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel