[libvirt] [PATCH] lxc: Add virCgroupSetOwner()

Daniel P. Berrange berrange at redhat.com
Fri Feb 14 13:32:59 UTC 2014


On Fri, Feb 14, 2014 at 02:17:24PM +0100, Tom Kuther wrote:
> Am 14.02.2014 13:42, schrieb Stephan Sachse:
> > set LogLevel to DEBUG3. keyexchange is down. put then hangs for some
> > time und sshd dies
> > 
> > sshd[269]: debug1: KEX done [preauth]
> > sshd[269]: debug1: userauth-request for user root service
> > ssh-connection method none [preauth]
> > sshd[269]: debug1: attempt 0 failures 0 [preauth]
> > sshd[269]: debug3: mm_getpwnamallow entering [preauth]
> > sshd[269]: debug3: mm_request_send entering: type 8 [preauth]
> > sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
> > sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth]
> > sshd[269]: debug3: mm_request_receive entering [preauth]
> > sshd[269]: debug3: mm_request_receive entering
> > sshd[269]: debug3: monitor_read: checking request 8
> > sshd[269]: debug3: mm_answer_pwnamallow
> > sshd[269]: debug3: Trying to reverse map address 10.1.25.151.
> > systemd[1]: Received SIGCHLD from PID 270 (sshd).
> > systemd[1]: Got SIGCHLD for process 270 (sshd)
> > systemd[1]: Child 270 died (code=killed, status=15/TERM)
> > 
> >> Also keep in mind that running a compete distro within LXC + user namespaces requires
> >> some changes. Like disabling pam_loginuid.so in pam.
> >> For systemd distros you have to remove OOMScoreAdjust= and CapabilityBoundingSet= from all units...
> > 
> > yes, i know. i have no errors from systemd, all looks fine with "exec
> > /sbin/init systemd.log_level=debug"
> > 
> > /stephan
> > 
> 
> I have the same problem on a slightly different setup. Both host and
> guest are Archlinux with systemd-208, libvirt-git with the chown() patches.
> 
> LXC Console login works fine (and I do not have such issues with messed
> up console), but login via SSH fails with the exact same symptoms.

Most likely is the pam_loginuid module denying access. Sadly I find
debugging PAM a complete pain - if anyone knows how to make it spew
logs for each module executed and then accept/reject state, that'd
be awesome for troubleshooting this.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list