The issue is due to the lxc logic of applying in deploying in
default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
in which case the container is ultimately constructed as unprivileged
container and such cannot be reverted with a the container specific
config.
** Changed in: lxc (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1807134
Title:
lxc 3.0.2/3 - cannot create root password in privileged container
Status in lxc package in Ubuntu:
Invalid
Bug description:
Prior filing this as potential bug help was sought but did not yield a
remedy
https://discuss.linuxcontainers.org/t/3-0-2-bug-cannot-create-root-
password-in-privileged-container/3425
host - ubuntu cosmic with kernel 4.18.0-12 / systemd 239-7 / apparmor
2.12
Whilst there is no issue with creating a root password via lxc-attach
and passwd in an unprivileged container it is however not possible to
create a password the same way for a privileged container (tried
centos 7 and ubuntu cosmic).
Error reported from within the containers:
passwd: System error
passwd: Authentication token manipulation error
Error reported at the host:
passwd: PAM audit_log_acct_message() failed: Operation not permitted
Next tried with:
chroot /container/path/rootfs passwd
but that produced the same error.
Next tried with:
lxc.cap.keep = CAP_AUDIT_WRITE
but the container would not boot.
Next tried with:
lxc.apparmor.profile = unconfined
but no remedy.
Next switched the kernel to 4.19.7 but no dice either.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1807134/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
