Control: tags -1 + wontfix
Joey Hess <[email protected]> writes:
> Despite there being closed bugs about this in docker's bug tracker
> (https://github.com/docker/docker/issues/5663)
> it remains a problem to use ssh and cron in docker containers, because
> pam_loginuid.so fails to work inside docker in the default
> configuration.
>
> Workaround is to make the /etc/pam.d/ lines for pam_loginuid.so
> s/required/optional/.
pam_loginuid fails in containers because no login session exists -- this
is expected behavior. docker.io cannot and should not set loginuid.
Running sshd, cron, or atd in containers is not a good idea without
careful configuration (PAM, PID 1, logging, etc.). Prefer one-process
containers and external scheduling.
The fix -- changing `required` to `optional` for pam_loginuid.so --
belongs in your Dockerfile, not the docker.io package:
RUN sed -i 's/required *pam_loginuid\.so/optional pam_loginuid.so/' \
/etc/pam.d/* 2>/dev/null || true
References:
- https://github.com/moby/moby/issues/5663
- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
-rt
