[systemd-devel] sshd inside in a nspawn container
Lennart Poettering
lennart at poettering.net
Sun Apr 3 14:12:10 PDT 2011
On Sun, 03.04.11 18:01, Albert Strasheim (fullung at gmail.com) wrote:
>
> Hello all
>
> On Sun, Apr 3, 2011 at 4:59 PM, Albert Strasheim <fullung at gmail.com> wrote:
> > pam_loginuid(sshd:session): set_loginuid failed
>
> This one is caused by:
>
> 32 open("/proc/self/loginuid", O_WRONLY|O_TRUNC|O_NOFOLLOW) = 4
> 32 write(4, "0", 1) = -1 EPERM (Operation not permitted)
>
> This happens regardless of whether systemd-nspawn is run with sudo or
> directly as root.
This fails due to the missing auditing capabilities I'd guess.
>
> > pam_systemd(sshd:session): Failed to get user data.
>
> This is caused by my user ID not being present in the passwd file in
> the container.
Ah, interesting problem. pam_systemd uses the loginuid, but
that's the one from the container, and hence things go bad.
Hmm, not sure how to fix this in a nice way in pam_systemd: if we are in
a container we should not use the loginuid. Only way I see is by
explicitly checking for PID namespaces...
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list