[pkg-lxc-devel] Bug#823864: Bug#823864: libpam-cgfs: installing libpam-cgfs from backport on stable prevent session from opening
Xavier Quost
xquost2000 at yahoo.fr
Thu May 19 11:27:58 UTC 2016
Hi Evgeni
Sorry for this late answer.
> Strictly speaking bugs about backports should go to
> debian-backports at l.d.o and not the BTS, but I personally do not care, so
> lets keep it here for now.
Ok I will keep this in mind.
> Could you still provide stippets of auth.log and messages around that
> time? Just to crosscheck.
Here are auth.log with libpam-cgfs installed
May 19 11:37:31 pc251270 saslauthd[1938]: detach_tty : master pid is: 1938
May 19 11:37:31 pc251270 saslauthd[1938]: ipc_init : listening on socket: /var/run/saslauthd/mux
May 19 11:37:31 pc251270 sshd[2371]: Server listening on 0.0.0.0 port 22.
May 19 11:37:31 pc251270 sshd[2371]: Server listening on :: port 22.
May 19 11:37:32 pc251270 sshd[2371]: Received signal 15; terminating.
May 19 11:37:32 pc251270 sshd[3058]: Server listening on 0.0.0.0 port 22.
May 19 11:37:32 pc251270 sshd[3058]: Server listening on :: port 22.
May 19 11:37:49 pc251270 kdm: :0[3246]: pam_unix(kdm:session): session opened for user xquost by (uid=0)
May 19 11:37:55 pc251270 login[3763]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
May 19 11:37:55 pc251270 login[3801]: ROOT LOGIN on '/dev/tty1'
May 19 11:38:01 pc251270 login[3804]: pam_unix(login:session): session opened for user xquost by LOGIN(uid=0)
May 19 11:38:05 pc251270 login[3814]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=root
May 19 11:38:08 pc251270 login[3814]: FAILED LOGIN (1) on '/dev/tty1' FOR 'root', Authentication failure
May 19 11:38:14 pc251270 login[3814]: FAILED LOGIN (2) on '/dev/tty1' FOR 'root', Authentication failure
May 19 11:38:19 pc251270 login[3814]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
May 19 11:38:19 pc251270 login[3823]: ROOT LOGIN on '/dev/tty1'
May 19 11:38:29 pc251270 saslauthd[1938]: server_exit : master exited: 1938
May 19 11:38:30 pc251270 sshd[3058]: Received signal 15; terminating.
As I was saying auth.log shows normal login (NB 2 false password as root to eased the research in log file)
Here are auth.log with libpam-cgfs uninstalled
May 19 11:40:00 pc251270 saslauthd[2063]: detach_tty : master pid is: 2063
May 19 11:40:00 pc251270 saslauthd[2063]: ipc_init : listening on socket: /var/run/saslauthd/mux
May 19 11:40:00 pc251270 sshd[2416]: Server listening on 0.0.0.0 port 22.
May 19 11:40:00 pc251270 sshd[2416]: Server listening on :: port 22.
May 19 11:40:00 pc251270 sshd[2416]: Received signal 15; terminating.
May 19 11:40:00 pc251270 sshd[3110]: Server listening on 0.0.0.0 port 22.
May 19 11:40:00 pc251270 sshd[3110]: Server listening on :: port 22.
May 19 11:40:12 pc251270 kdm: :0[3298]: pam_unix(kdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=xquost
May 19 11:40:22 pc251270 kdm: :0[3298]: pam_unix(kdm:session): session opened for user xquost by (uid=0)
May 19 11:40:31 pc251270 polkitd(authority=local): Registered Authentication Agent for unix-session:1 (system bus name :1.28 [/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale fr_FR.UTF-8)
May 19 11:40:39 pc251270 su[4207]: Successful su for root by xquost
May 19 11:40:39 pc251270 su[4207]: + /dev/pts/0 xquost:root
May 19 11:40:39 pc251270 su[4207]: pam_unix(su:session): session opened for user root by xquost(uid=1000)
> Do you mean you have other Jessie systems where libpam-cgfs does not
> trigger this behaviour?
Yes, but on those systems, there was no attempt to install lxc
> Do you by any chance have SELinux or AppArmor enabled on these boxes?
Yes, apparmor comes as a requirement of lxc
# apt-get install -t jessie-backports lxc
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
Les paquets suivants ont été installés automatiquement et ne sont plus nécessaires :
linux-headers-4.4.0-0.bpo.1-amd64 linux-headers-4.4.0-0.bpo.1-common linux-image-4.4.0-0.bpo.1-amd64 linux-kbuild-4.4
Veuillez utiliser « apt-get autoremove » pour les supprimer.
Les paquets supplémentaires suivants seront installés :
apparmor libapparmor-perl libapparmor1 liblxc1 libpam-cgfs libseccomp2 lxcfs
Paquets suggérés :
apparmor-profiles apparmor-profiles-extra apparmor-docs apparmor-utils btrfs-tools lua5.2 lvm2
Les NOUVEAUX paquets suivants seront installés :
apparmor libapparmor-perl libapparmor1 liblxc1 libpam-cgfs libseccomp2 lxc lxcfs
0 mis à jour, 8 nouvellement installés, 0 à enlever et 25 non mis à jour.
Il est nécessaire de prendre 37,0 ko/1 506 ko dans les archives.
Après cette opération, 4 891 ko d'espace disque supplémentaires seront utilisés.
Souhaitez-vous continuer ? [O/n] n
however before filling this bug report, lxc and apparmor were removed
dpkg -l |grep appar
rc apparmor 2.9.0-3 amd64 User-space parser utility for AppArmor
rc apparmor-profiles 2.9.0-3 all Profiles for AppArmor Security policies
rc apparmor-utils 2.9.0-3 amd64 Utilities for controlling AppArmor
rc libapparmor1:amd64 2.9.0-3 amd64 changehat AppArmor library
dpkg -l |grep lxc
rc liblxc1 1:2.0.0-3~bpo8+1 amd64 Linux Containers userspace tools (library)
rc lxc 1:2.0.0-3~bpo8+1 amd64 Linux Containers userspace tools
rc lxcfs 2.0.0-3~bpo8+1 amd64 FUSE based filesystem for LXC
rc lxctl 0.3.1+debian-3 all Utility to manage LXC
I also purged the remaining configuration files for apparmor and lxc but with no improvement.
dpkg -l |grep -i selin
ii libselinux1:amd64 2.3-2 amd64 SELinux runtime shared libraries
ii libsemanage-common 2.3-1 all Common files for SELinux policy management libraries
ii libsemanage1:amd64 2.3-1+b1 amd64 SELinux policy management library
ii libsepol1:amd64 2.3-2 amd64 SELinux library for manipulating binary security policies
However there are still some cgroup packages
dpkg -l | grep cgroup
ii cgmanager 0.33-2+deb8u2 amd64 Central cgroup manager daemon
ii cgroup-bin 0.41-6 all control and monitor control groups (transitional package)
ii cgroup-tools 0.41-6 amd64 control and monitor control groups (tools)
ii cgroupfs-mount 1.1 all Light-weight package to set up cgroupfs mounts
ii libcgmanager0:amd64 0.33-2+deb8u2 amd64 Central cgroup manager daemon (client library)
ii libcgroup1:amd64 0.41-6 amd64 control and monitor control groups (library)
libpam installed :
ii libpam-modules:amd64 1.1.8-3.1+deb8u1+b1 amd64 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.1.8-3.1+deb8u1+b1 amd64 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-runtime 1.1.8-3.1+deb8u1 all Runtime support for the PAM library
ii libpam-systemd:amd64 215-17+deb8u4 amd64 system and service manager - PAM module
ii libpam0g:amd64 1.1.8-3.1+deb8u1+b1 amd64 Pluggable Authentication Modules library
ii sa-compile 3.4.0-6 all Tools for compiling SpamAssassin rules into C
ii spamassassin 3.4.0-6 all Perl-based spam filter using text analysis
ii spamc 3.4.0-6 amd64 Client for SpamAssassin spam filtering daemon
and a small list of others package from bpo :
dpkg -l |grep ii |grep "~bpo"
ii dmidecode 3.0-2~bpo8+1 amd64 SMBIOS/DMI table decoder
ii firmware-amd-graphics 20160110-1~bpo8+1 all Binary firmware for AMD/ATI graphics chips
ii firmware-iwlwifi 20160110-1~bpo8+1 all Binary firmware for Intel Wireless cards
ii firmware-linux 20160110-1~bpo8+1 all Binary firmware for various drivers in the Linux kernel (meta-package)
ii firmware-linux-nonfree 20160110-1~bpo8+1 all Binary firmware for various drivers in the Linux kernel (meta-package)
ii firmware-misc-nonfree 20160110-1~bpo8+1 all Binary firmware for various drivers in the Linux kernel
ii fonts-opensymbol 2:102.7+LibO5.1.2-3~bpo8+1 all OpenSymbol TrueType font
ii geoip-database 20160317-1~bpo8+1 all IP lookup command line tools that use the GeoIP library (country database)
ii geoip-database-extra 20160317-1~bpo8+1 all IP lookup command line tools that use the GeoIP library (ASN/city database)
ii hplip 3.16.3+repack0-1~bpo8+1 amd64 HP Linux Printing and Imaging System (HPLIP)
ii hplip-data 3.16.3+repack0-1~bpo8+1 all HP Linux Printing and Imaging - data files
ii iucode-tool 1.5.2-1~bpo8+1 amd64 Intel processor microcode tool
ii libdrm-amdgpu1:amd64 2.4.68-1~bpo8+1 amd64 Userspace interface to amdgpu-specific kernel DRM services -- runtime
ii libdrm-dev:amd64 2.4.68-1~bpo8+1 amd64 Userspace interface to kernel DRM services -- development files
ii libdrm-intel1:amd64 2.4.68-1~bpo8+1 amd64 Userspace interface to intel-specific kernel DRM services -- runtime
ii libdrm-nouveau2:amd64 2.4.68-1~bpo8+1 amd64 Userspace interface to nouveau-specific kernel DRM services -- runtime
ii libdrm-radeon1:amd64 2.4.68-1~bpo8+1 amd64 Userspace interface to radeon-specific kernel DRM services -- runtime
ii libdrm2:amd64 2.4.68-1~bpo8+1 amd64 Userspace interface to kernel DRM services -- runtime
ii libegl1-mesa:amd64 11.1.3-1~bpo8+1 amd64 free implementation of the EGL API -- runtime
ii libgbm1:amd64 11.1.3-1~bpo8+1 amd64 generic buffer management API -- runtime
ii libgeoip1:amd64 1.6.7-2~bpo8+1 amd64 non-DNS IP-to-country resolver library
ii libgl1-mesa-dev:amd64 11.1.3-1~bpo8+1 amd64 free implementation of the OpenGL API -- GLX development files
ii libgl1-mesa-dri:amd64 11.1.3-1~bpo8+1 amd64 free implementation of the OpenGL API -- DRI modules
ii libgl1-mesa-glx:amd64 11.1.3-1~bpo8+1 amd64 free implementation of the OpenGL API -- GLX runtime
ii libglapi-mesa:amd64 11.1.3-1~bpo8+1 amd64 free implementation of the GL API -- shared library
ii libgles1-mesa:amd64 11.1.3-1~bpo8+1 amd64 free implementation of the OpenGL|ES 1.x API -- runtime
ii libgles2-mesa:amd64 11.1.3-1~bpo8+1 amd64 free implementation of the OpenGL|ES 2.x API -- runtime
ii libgphoto2-6:amd64 2.5.8-1~bpo8+1 amd64 gphoto2 digital camera library
ii libgphoto2-l10n 2.5.8-1~bpo8+1 all gphoto2 digital camera library - localized messages
ii libgphoto2-port12:amd64 2.5.8-1~bpo8+1 amd64 gphoto2 digital camera port library
ii libhpmud0:amd64 3.16.3+repack0-1~bpo8+1 amd64 HP Multi-Point Transport Driver (hpmud) run-time libraries
ii libjs-jquery 1.11.3+dfsg-4~bpo8+1 all JavaScript library for dynamic web applications
ii libjs-openlayers 2.13.1+ds2-1~bpo8+1 all JavaScript library for displaying map data in web browsers
ii libllvm3.5:amd64 1:3.5.2-3~bpo8+2 amd64 Modular compiler and toolchain technologies, runtime library
ii libmtp-common 1.1.10-1~bpo8+1 all Media Transfer Protocol (MTP) common files
ii libmtp-runtime 1.1.10-1~bpo8+1 amd64 Media Transfer Protocol (MTP) runtime tools
ii libmtp9:amd64 1.1.10-1~bpo8+1 amd64 Media Transfer Protocol (MTP) library
ii libnet-dbus-perl 1.1.0-3~bpo8+1 amd64 Perl extension for the DBus bindings
ii libpcap0.8:amd64 1.7.4-1~bpo8+1 amd64 system interface for user-level packet capture
ii libpulse-mainloop-glib0:amd64 7.1-2~bpo8+1 amd64 PulseAudio client libraries (glib support)
ii libpulse0:amd64 7.1-2~bpo8+1 amd64 PulseAudio client libraries
ii libpulsedsp:amd64 7.1-2~bpo8+1 amd64 PulseAudio OSS pre-load library
ii libreoffice 1:5.1.2-3~bpo8+1 amd64 office productivity suite (metapackage)
ii libreoffice-avmedia-backend-gstreamer 1:5.1.2-3~bpo8+1 amd64 GStreamer backend for LibreOffice
ii libreoffice-base 1:5.1.2-3~bpo8+1 amd64 office productivity suite -- database
ii libreoffice-base-core 1:5.1.2-3~bpo8+1 amd64 office productivity suite -- shared library
ii libreoffice-base-drivers 1:5.1.2-3~bpo8+1 amd64 Database connectivity drivers for LibreOffice
ii libreoffice-calc 1:5.1.2-3~bpo8+1 amd64 office productivity suite -- spreadsheet
ii libreoffice-common 1:5.1.2-3~bpo8+1 all office productivity suite -- arch-independent files
ii libreoffice-core 1:5.1.2-3~bpo8+1 amd64 office productivity suite -- arch-dependent files
ii libreoffice-draw 1:5.1.2-3~bpo8+1 amd64 office productivity suite -- drawing
ii libreoffice-help-en-us 1:5.1.2-3~bpo8+1 all office productivity suite -- English_american help
ii libreoffice-help-fr 1:5.1.2-3~bpo8+1 all office productivity suite -- French help
ii libreoffice-impress 1:5.1.2-3~bpo8+1 amd64 office productivity suite -- presentation
ii libreoffice-java-common 1:5.1.2-3~bpo8+1 all office productivity suite -- arch-independent Java support files
ii libreoffice-kde 1:5.1.2-3~bpo8+1 amd64 office productivity suite -- KDE integration
ii libreoffice-l10n-fr 1:5.1.2-3~bpo8+1 all office productivity suite -- French language package
ii libreoffice-math 1:5.1.2-3~bpo8+1 amd64 office productivity suite -- equation editor
ii libreoffice-report-builder-bin 1:5.1.2-3~bpo8+1 amd64 LibreOffice component for building database reports -- libraries
ii libreoffice-sdbc-firebird 1:5.1.2-3~bpo8+1 amd64 Firebird SDBC driver for LibreOffice
ii libreoffice-sdbc-hsqldb 1:5.1.2-3~bpo8+1 amd64 HSQLDB SDBC driver for LibreOffice
ii libreoffice-style-galaxy 1:5.1.2-3~bpo8+1 all office productivity suite -- Galaxy (Default) symbol style
ii libreoffice-style-oxygen 1:5.1.2-3~bpo8+1 all office productivity suite -- Oxygen symbol style
ii libreoffice-style-tango 1:5.1.2-3~bpo8+1 all office productivity suite -- Tango symbol style
ii libreoffice-writer 1:5.1.2-3~bpo8+1 amd64 office productivity suite -- word processor
ii libsane-hpaio:amd64 3.16.3+repack0-1~bpo8+1 amd64 HP SANE backend for multi-function peripherals
ii libvdpau1:amd64 1.1.1-1~bpo8+1 amd64 Video Decode and Presentation API for Unix (libraries)
ii libwayland-egl1-mesa:amd64 11.1.3-1~bpo8+1 amd64 implementation of the Wayland EGL platform -- runtime
ii libwireshark-data 2.0.3+geed34f0-1~bpo8+1 all network packet dissection library -- data files
ii libwireshark6:amd64 2.0.3+geed34f0-1~bpo8+1 amd64 network packet dissection library -- shared library
ii libwiretap5:amd64 2.0.3+geed34f0-1~bpo8+1 amd64 network packet capture library -- shared library
ii libwsutil6:amd64 2.0.3+geed34f0-1~bpo8+1 amd64 network packet dissection utilities library -- shared library
ii libxatracker2:amd64 11.1.3-1~bpo8+1 amd64 X acceleration library -- runtime
ii linux-base 4.0~bpo8+1 all Linux image base package
ii linux-compiler-gcc-4.9-x86 4.5.3-2~bpo8+1 amd64 Compiler for Linux on x86 (meta-package)
ii linux-headers-4.4.0-0.bpo.1-amd64 4.4.6-1~bpo8+1 amd64 Header files for Linux 4.4.0-0.bpo.1-amd64
ii linux-headers-4.4.0-0.bpo.1-common 4.4.6-1~bpo8+1 amd64 Common header files for Linux 4.4.0-0.bpo.1
ii linux-headers-4.5.0-0.bpo.1-amd64 4.5.1-1~bpo8+1 amd64 Header files for Linux 4.5.0-0.bpo.1-amd64
ii linux-headers-4.5.0-0.bpo.1-common 4.5.1-1~bpo8+1 amd64 Common header files for Linux 4.5.0-0.bpo.1
ii linux-headers-4.5.0-0.bpo.2-amd64 4.5.3-2~bpo8+1 amd64 Header files for Linux 4.5.0-0.bpo.2-amd64
ii linux-headers-4.5.0-0.bpo.2-common 4.5.3-2~bpo8+1 amd64 Common header files for Linux 4.5.0-0.bpo.2
ii linux-headers-amd64 4.5+73~bpo8+1 amd64 Header files for Linux amd64 configuration (meta-package)
ii linux-image-4.4.0-0.bpo.1-amd64 4.4.6-1~bpo8+1 amd64 Linux 4.4 for 64-bit PCs
ii linux-image-4.5.0-0.bpo.1-amd64 4.5.1-1~bpo8+1 amd64 Linux 4.5 for 64-bit PCs
ii linux-image-4.5.0-0.bpo.2-amd64 4.5.3-2~bpo8+1 amd64 Linux 4.5 for 64-bit PCs
ii linux-image-amd64 4.5+73~bpo8+1 amd64 Linux for 64-bit PCs (meta-package)
ii linux-kbuild-4.4 4.4-4~bpo8+1 amd64 Kbuild infrastructure for Linux 4.4
ii linux-kbuild-4.5 4.5.3-2~bpo8+1 amd64 Kbuild infrastructure for Linux 4.5
ii linux-libc-dev:amd64 4.5.3-2~bpo8+1 amd64 Linux support headers for userspace development
ii linux-source 4.5+73~bpo8+1 all Linux kernel source (meta-package)
ii linux-source-4.5 4.5.3-2~bpo8+1 all Linux kernel source for version 4.5 with Debian patches
ii mesa-common-dev:amd64 11.1.3-1~bpo8+1 amd64 Developer documentation for Mesa
ii pinentry-gtk2 0.9.7-5~bpo8+1 amd64 GTK+-2-based PIN or pass-phrase entry dialog for GnuPG
ii printer-driver-hpcups 3.16.3+repack0-1~bpo8+1 amd64 HP Linux Printing and Imaging - CUPS Raster driver (hpcups)
ii printer-driver-hpijs 3.16.3+repack0-1~bpo8+1 amd64 HP Linux Printing and Imaging - printer driver (hpijs)
ii printer-driver-postscript-hp 3.16.3+repack0-1~bpo8+1 all HP Printers PostScript Descriptions
ii pulseaudio 7.1-2~bpo8+1 amd64 PulseAudio sound server
ii pulseaudio-module-x11 7.1-2~bpo8+1 amd64 X11 module for PulseAudio sound server
ii pulseaudio-utils 7.1-2~bpo8+1 amd64 Command line tools for the PulseAudio sound server
ii python-cffi-backend 1.4.2-2~bpo8+1 amd64 Foreign Function Interface for Python calling C code - backend
ii python-cryptography 1.1.1-1~bpo8+1 amd64 Python library exposing cryptographic recipes and primitives (Python 2)
ii python-debianbts 2.6.0~bpo8+1 all Python interface to Debian's Bug Tracking System
ii python-idna 2.0-3~bpo8+1 all Python IDNA2008 (RFC 5891) handling (Python 2)
ii python-ipaddress 1.0.16-1~bpo8+1 all Backport of Python 3 ipaddress module (Python 2)
ii python-ndg-httpsclient 0.4.0-3~bpo8+1 all enhanced HTTPS support for httplib and urllib2 using PyOpenSSL for Python2
ii python-openssl 0.15.1-2~bpo8+1 all Python 2 wrapper around the OpenSSL library
ii python-pkg-resources 18.8-1~bpo8+1 all Package Discovery and Resource Access using pkg_resources
ii python-pyasn1 0.1.9-1~bpo8+1 all ASN.1 library for Python (Python 2 module)
ii python-pysimplesoap 1.16-1~bpo8+1 all simple and lightweight SOAP Library (Python 2)
ii python-reportbug 6.6.6~bpo8+1 all Python modules for interacting with bug tracking systems
ii python-requests 2.8.1-1~bpo8+1 all elegant and simple HTTP library for Python2, built for human beings
ii python-setuptools 18.8-1~bpo8+1 all Python Distutils Enhancements
ii python-six 1.9.0-3~bpo8+1 all Python 2 and 3 compatibility library (Python 2 interface)
ii python-urllib3 1.12-1~bpo8+1 all HTTP library with thread-safe connection pooling for Python
ii python3-pkg-resources 18.8-1~bpo8+1 all Package Discovery and Resource Access using pkg_resources
ii python3-six 1.9.0-3~bpo8+1 all Python 2 and 3 compatibility library (Python 3 interface)
ii python3-uno 1:5.1.2-3~bpo8+1 amd64 Python-UNO bridge
ii reportbug 6.6.6~bpo8+1 all reports bugs in the Debian distribution
ii shared-mime-info 1.5-2~bpo8+1 amd64 FreeDesktop.org shared MIME database and spec
ii socat 1.7.3.1-1~bpo8+1 amd64 multipurpose relay for bidirectional data transfer
ii uno-libs3 5.1.2-3~bpo8+1 amd64 LibreOffice UNO runtime environment -- public shared libraries
ii ure 5.1.2-3~bpo8+1 amd64 LibreOffice UNO runtime environment
ii wireshark 2.0.3+geed34f0-1~bpo8+1 amd64 network traffic analyzer - meta-package
ii wireshark-common 2.0.3+geed34f0-1~bpo8+1 amd64 network traffic analyzer - common files
ii wireshark-qt 2.0.3+geed34f0-1~bpo8+1 amd64 network traffic analyzer - Qt version
ii xserver-xorg-video-intel 2:2.99.917-2~bpo8+1 amd64 X.Org X server -- Intel i8xx, i9xx display driver
What would be the following steps ?
Best regards
Xavier
More information about the Pkg-lxc-devel
mailing list