On Tue, 19 Nov 2013 17:00:50 -0500 "Michael H. Warfield" <m...@wittsend.com> wrote:
> On Mon, 2013-11-18 at 12:28 -0500, Dwight Engen wrote: > > Signed-off-by: Dwight Engen <dwight.en...@oracle.com> > > --- > > templates/lxc-oracle.in | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in > > index e86f261..8770e70 100644 > > --- a/templates/lxc-oracle.in > > +++ b/templates/lxc-oracle.in > > @@ -72,6 +72,10 @@ container_rootfs_configure() > > fi > > sed -i > > 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*close|#session > > required pam_selinux.so close|' $container_rootfs/etc/pam.d/login > > sed -i > > 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*open|#session > > required pam_selinux.so open|' $container_rootfs/etc/pam.d/login + > > + # setting /proc/$$/loginuid doesn't work under user namespace, > > which > > + # prevents logins from working > > + sed -i 's|session[ \t]*required[ \t]*pam_loginuid.so|#session > > required pam_loginuid.so|' $container_rootfs/etc/pam.d/sshd sed -i > > 's|session[ \t]*required[ \t]*pam_loginuid.so|#session required > > pam_loginuid.so|' $container_rootfs/etc/pam.d/login if [ -f > > $container_rootfs/usr/sbin/selinuxenabled ]; then @@ -83,6 +87,11 > > @@ container_rootfs_configure() sed -i > > 's|cat /proc/self/attr/current|cat /proc/self/attr/current > > 2>/dev/null|' $container_rootfs/etc/rc.sysinit sed -i > > 2>'s|cat /proc/self/attr/current|cat /proc/self/attr/current > > 2>2>/dev/null|' $container_rootfs/etc/rc.d/rc.sysinit > > + # on ol4 pam_limits prevents logins when using user namespaces > > + if [ $container_release_major = "4" ]; then > > + sed -i > > 's|session[ \t]*required[ \t]*/lib/security/\$ISA/pam_limits.so|#session > > required /lib/security/$ISA/pam_limits.so|' > > $container_rootfs/etc/pam.d/system-auth > > + fi > > + > > # configure the network to use dhcp. we set DHCP_HOSTNAME so > > the guest # will report its name and be resolv'able by the hosts > > dnsmasq cat <<EOF > > > $container_rootfs/etc/sysconfig/network-scripts/ifcfg-eth0 -- > > 1.8.3.1 > > Crap. I need to do this in the Fedora template as well. > > Thanks! Yeah, hopefully this will eventually get fixed and the loginuid can be set by pam in a container, but today is not that day. See https://bugzilla.redhat.com/show_bug.cgi?id=893751 for more. > Regards, > Mike ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
