lxc 3.0.2/3 - cannot create root password in privileged container
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | lxc (Ubuntu) |
Undecided
|
Unassigned | ||
Bug Description
Prior filing this as potential bug help was sought but did not yield a remedy
host - ubuntu cosmic with kernel 4.18.0-12 / systemd 239-7 / apparmor 2.12
Whilst there is no issue with creating a root password via lxc-attach and passwd in an unprivileged container it is however not possible to create a password the same way for a privileged container (tried centos 7 and ubuntu cosmic).
Error reported from within the containers:
passwd: System error
passwd: Authentication token manipulation error
Error reported at the host:
passwd: PAM audit_log_
Next tried with:
chroot /container/
but that produced the same error.
Next tried with:
lxc.cap.keep = CAP_AUDIT_WRITE
but the container would not boot.
Next tried with:
lxc.apparmor.
but no remedy.
Next switched the kernel to 4.19.7 but no dice either.
| description: | updated |
| km (n8v8r) wrote : | #1 |
| summary: |
- lxc 3.0.2 - cannot create root password in privileged container + lxc 3.0.2/3 - cannot create root password in privileged container |
| km (n8v8r) wrote : | #2 |
The issue is due to the lxc logic of applying in deploying in default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
in which case the container is ultimately constructed as unprivileged container and such cannot be reverted with a the container specific config.
| Changed in lxc (Ubuntu): | |
| status: | New → Invalid |
The issue persists after having upgraded lxc to version 3.0.3