Hey, On Sun, Apr 17, 2016 at 09:57:51PM +0200, Evgeni Golov wrote: > > There are PAM patches at [1][2][3], maybe they just need backporting to > > Jessie? > > > > [1] > > https://git.fedorahosted.org/cgit/linux-pam.git/commit/modules/pam_loginuid/pam_loginuid.c?id=5825450540e6620ac331c64345b42fdcbb1d6e87 > > [2] > > https://git.fedorahosted.org/cgit/linux-pam.git/commit/modules/pam_loginuid/pam_loginuid.c?id=24f3a88e7de52fbfcb7b8a1ebdae0cdbef420edf > > [3] > > https://git.fedorahosted.org/cgit/linux-pam.git/commit/modules/pam_loginuid/pam_loginuid.c?id=2e62d5aea3f5ac267cfa54f0ea1f8c07ac85a95a > > [3] is missing from src:pam/debian/patches-applied/pam-loginuid-in-containers > Ubuntu has it backported at [4]. > > I think the following should be done (but I am unsure that's the only failure > here, so maybe rather a clone? - I'll let the openssh maintainers decide) > reassign -1 libpam-modules > retitle -1 pam_loginuid fails in unprivileged containers > found -1 1.1.8-3.1+deb8u1 > found -1 1.1.8-3.2 > tags -1 + patch
This has been done, thanks. > [4] > https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/wily/pam/wily/view/head:/debian/patches-applied/pam-loginuid-in-containers This patch seems only to adress LXC containers. The original report looks like it was happening on Linux VServer and Myon confirms he has this issues on such a box too. I think we would need to teach PAM to detect also Linux VServers similar how it is done for LXC in [5] Detecting a VServer guest should as easy as looking at /proc/self/status for a line "VxID: x" with x != 0. [6] Oh, and what's abou OpenVZ? :) [5] https://git.fedorahosted.org/cgit/linux-pam.git/tree/modules/pam_loginuid/pam_loginuid.c#n61 [6] https://github.com/puppetlabs/facter/blob/master/lib/src/facts/linux/virtualization_resolver.cc#L146
