Containerized sshd does not work with older PAM
sshd containers don't let logins on some systems with older PAM library because /proc/self/loginuid is not always readable or writeable. Examples of possible failures on such systems are erroneous cold and live migrations. This fix does not upgrade PAM but makes pam_loginuid optional for nova_ssh and keystone_ssh. More information: https://github.com/docker/docker/issues/5663 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726661 https://git.fedorahosted.org/cgit/linux-pam.git/tree/modules/pam_loginuid/pam_loginuid.c#n61 Change-Id: Ic14255b042ceedcff536c062bdcba00502af7a87 Closes-Bug: #1651395
This commit is contained in:
parent
95bb052fe7
commit
aae9193675
|
@ -22,6 +22,8 @@ RUN mkdir -p /var/run/sshd \
|
|||
{% endif %}
|
||||
{{ macros.install_packages(keystone_ssh_packages | customizable("packages")) }}
|
||||
|
||||
RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd
|
||||
|
||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
RUN chmod 755 /usr/local/bin/kolla_extend_start
|
||||
|
||||
|
|
|
@ -18,7 +18,8 @@ RUN mkdir -p /var/run/sshd \
|
|||
|
||||
{{ macros.install_packages(nova_ssh_packages | customizable("packages")) }}
|
||||
|
||||
RUN chsh -s /bin/bash nova
|
||||
RUN chsh -s /bin/bash nova \
|
||||
&& sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd
|
||||
|
||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
RUN chmod 755 /usr/local/bin/kolla_extend_start
|
||||
|
|
Loading…
Reference in New Issue