This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
docs:lxc [2013-11-24 15:17] glen separate section for problems/solutio |
docs:lxc [2013-11-24 16:18] glen [loginuid] |
||
---|---|---|---|
Line 64: | Line 64: | ||
===== Common problems / Useful tricks ===== | ===== Common problems / Useful tricks ===== | ||
+ | |||
+ | ==== lxc-stop is not graceful ==== | ||
+ | |||
+ | Currently ''lxc-stop -n test'' sends ''SIGPWR'' to init inside container, but ''rc-scripts'' fails to shutdown things properly (shutdown scripts are not invoked). For workaround, stop services manually before issueing ''lxc-stop'' or run ''poweroff''/''halt''/''reboot'' from container. | ||
+ | |||
+ | Details: In process table is only this process runrning, no further actions from ''rc-scripts'': | ||
+ | <file> | ||
+ | /sbin/shutdown -f -h +2 Power Failure; System Shutting Down | ||
+ | </file> | ||
==== loginuid ==== | ==== loginuid ==== | ||
- | ''pam_loginuid.so'' does not allow ''sshd'' to login | + | having ''audit_control'' dropped: |
+ | <file config config> | ||
+ | lxc.cap.drop = audit_control | ||
+ | </file> | ||
+ | ''pam_loginuid.so'' does not allow ''sshd'' to login: | ||
<file> | <file> | ||
Nov 24 16:02:10 test sshd[2694]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session | Nov 24 16:02:10 test sshd[2694]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session | ||
</file> | </file> | ||
- | + | You can either [[http://kb.parallels.com/en/112597|workaround]] to disable ''pam_loginuid.so'' in the authentication rules: | |
- | Similar problem as [[http://kb.parallels.com/en/112597|here]], to workaround, disable ''pam_loginuid.so'' in the authentication rules: | + | |
<file> | <file> | ||
# sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/* | # sed '/pam_loginuid.so/s/^/#/g' -i /etc/pam.d/* | ||
</file> | </file> | ||
+ | Or just **do not** drop the capability. | ||
===== Vserver comparision ===== | ===== Vserver comparision ===== | ||