The Problem
This problem occurs especially when LXC Containers are run on a host machine with CentOS distribution. When we want to create an user inside the container, we get an error which says "..... is not authorized to change the password of <user_name>. A snippet of the error is shown below:
~]# passwd testuser
passwd: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 is not authorized to change the password of testuser |
| Containers Abstract Image |
The Solution
The culprit behind this problem usually is SELinux. When set to "Enforcing" or "Permissive", the SELinux would deny the user to change user parameters inside the containers like passwords as we encountered in the problem. Though, it is not safe to disable SELinux; we can solve above problem temporarily by checking the status of SELinux and disabling it. To get the "passwd" command work inside the container, follow the steps below:
1. Check SELinux settings on CentOS Host Machine
1. Check SELinux settings on CentOS Host Machine
~]$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted2. Check SELinux settings on Guest
5. After reboot, check SELinux setting parameter using getenforce
~]$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing3. Disable SELinux from Config file- Go to the config file located at /etc/selinux/config
- Change SELINUX option to disabled
- Save and close the file
5. After reboot, check SELinux setting parameter using getenforce
~]$ getenforce
DisabledNow, check again if the problem still persists in the guest virtual machine. This temporary fix should solve the problem.*Note: This is only a temporary fix to the problem. If you want to have more insight on the problem and patches to fix the internal problems in LXC (if any), please post your queries to "lxc-users" mailing list here.
Hot Topics
Tags
Videos
0 comments:
Post a Comment