On Mon, 2013-11-18 at 12:28 -0500, Dwight Engen wrote: > Signed-off-by: Dwight Engen <dwight.en...@oracle.com> > --- > templates/lxc-oracle.in | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in > index e86f261..8770e70 100644 > --- a/templates/lxc-oracle.in > +++ b/templates/lxc-oracle.in > @@ -72,6 +72,10 @@ container_rootfs_configure() > fi > sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*close|#session > required pam_selinux.so close|' $container_rootfs/etc/pam.d/login > sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*open|#session > required pam_selinux.so open|' $container_rootfs/etc/pam.d/login > + > + # setting /proc/$$/loginuid doesn't work under user namespace, which > + # prevents logins from working > + sed -i 's|session[ \t]*required[ \t]*pam_loginuid.so|#session required > pam_loginuid.so|' $container_rootfs/etc/pam.d/sshd > sed -i 's|session[ \t]*required[ \t]*pam_loginuid.so|#session required > pam_loginuid.so|' $container_rootfs/etc/pam.d/login > > if [ -f $container_rootfs/usr/sbin/selinuxenabled ]; then > @@ -83,6 +87,11 @@ container_rootfs_configure() > sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current > 2>/dev/null|' $container_rootfs/etc/rc.sysinit > sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current > 2>/dev/null|' $container_rootfs/etc/rc.d/rc.sysinit > > + # on ol4 pam_limits prevents logins when using user namespaces > + if [ $container_release_major = "4" ]; then > + sed -i 's|session[ \t]*required[ > \t]*/lib/security/\$ISA/pam_limits.so|#session required > /lib/security/$ISA/pam_limits.so|' $container_rootfs/etc/pam.d/system-auth > + fi > + > # configure the network to use dhcp. we set DHCP_HOSTNAME so the guest > # will report its name and be resolv'able by the hosts dnsmasq > cat <<EOF > $container_rootfs/etc/sysconfig/network-scripts/ifcfg-eth0 > -- > 1.8.3.1
Crap. I need to do this in the Fedora template as well. Thanks! Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
