[systemd-devel] nspawn remounts /selinux readonly, thus breaking logins
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Thu Jul 7 13:42:37 PDT 2011
Hi,
on freshly installed fedora-15 system, I've been trying out the nspawn, and
running "systemd-nspawn -D debian-tree/" (i.e. just the shell) seems
to cause /selinux to be remount ro on the _host_:
$ rpm -q systemd
systemd-26-5.fc15.x86_64
$ mount|grep selinux
selinuxfs on /selinux type selinuxfs (rw,relatime)
$ sudo systemd-nspawn -D debian-tree/ /bin/true
$ mount|grep selinux
selinuxfs on /selinux type selinuxfs (ro,relatime)
This has a nasty consequence of breaking logins:
Jul 7 22:17:05 fedora-15 sshd[14261]: Accepted publickey for zbyszek from 192.168.122.1 port 51205 ssh2
Jul 7 20:17:05 fedora-15 sshd[14262]: fatal: mm_request_receive: read: Connection reset by peer
Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): conversation failed
Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): No response to query: Would you like to enter a security context? [N]
Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): Unable to get valid context for zbyszek
Jul 7 22:17:05 fedora-15 sshd[14261]: pam_unix(sshd:session): session opened for user zbyszek by (uid=0)
Jul 7 22:17:05 fedora-15 sshd[14261]: error: PAM: pam_open_session(): Authentication failure
Jul 7 22:17:05 fedora-15 sshd[14264]: Received disconnect from 192.168.122.1: 11: disconnected by user
In case of a login on a tty, the question about a security context
is displayed on the screen. In case of ssh login, if just fails
without any message displayed on the remote side.
-
Zbyszek
More information about the systemd-devel
mailing list