[systemd-devel] sshd inside in a nspawn container

Albert Strasheim fullung at gmail.com
Sun Apr 3 07:59:41 PDT 2011


Hello all

I've been working on a systemd configuration to do integration tests
with a few services inside a nspawn container.

Among these, I'm trying to get sshd going using the units here as a
starting point:

http://0pointer.de/public/systemd-units/

Unfortunately, it seems the nspawn container is a bit restrictive for
what sshd wants to do.

Firstly, I had problems with auditd:

auditd: Error setting audit daemon pid (Operation not permitted)
auditd: Started dispatcher: /sbin/audispd pid: 20
auditd: Error setting audit daemon pid (Operation not permitted)
auditd: Unable to set audit pid, exiting
auditd: The audit daemon is exiting.

and then sshd would error out with:

sshd: error: cannot write into audit

I disabled audit completely by booting the host kernel with audit=0.
So far so good.

Once I had installed all the PAM packages so that authconfig could run
without errors, I ran into the following issue.

I can connect to my sshd running inside the container (after changing
it to use port 2222), but then some PAM stuff fails:

Accepted password for root from 127.0.0.1 port 55879 ssh2
fatal: mm_request_receive: read: Connection reset by peer
pam_loginuid(sshd:session): set_loginuid failed
pam_systemd(sshd:session): Failed to get user data.
pam_unix(sshd:session): session opened for user root by (uid=0)
error: PAM: pam_open_session(): Cannot make/remove an entry for the
specified session
syslogin_perform_logout: logout() returned an error

I suspect this is due to the restrictions placed on the proc file
system mounted inside the container.

Could some of these restrictions be relaxed to make sshd work?
Alternatively, it would be useful if it were possible to run both
systemd and a shell inside the same container.

Any thoughts on the best way to proceed would be appreciated.

Regards

Albert


More information about the systemd-devel mailing list