[Bug 656509] New: Can't login with systemd: Cannot make/remove an entry for the specified session
https://bugzilla.novell.com/show_bug.cgi?id=656509 https://bugzilla.novell.com/show_bug.cgi?id=656509#c0 Summary: Can't login with systemd: Cannot make/remove an entry for the specified session Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: mvyskocil@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.10) Gecko/20100914 SUSE/3.6.10-0.3.1 Firefox/3.6.10 With init=/bin/systemd the login ends up with pam_loginuid(sshd:session): Cannot open /proc/self/loginuid: Read-only file system pam_loginuid(sshd:session): set_loginuid failed PAM: pam_open_session(): Cannot make/remove an entry for the specified session The reason is because /proc is mounted as ro when using systemd as init system. Usage of classic sysvinit or /bin/bash leaves /proc as rw system. However when I type exec systemd from that init bash shell, the system starts with read-only proc. There are two workarounds: * disable pam_loginuid.so from /etc/pam.d/* * remount /proc as rw after start systemd-13-2.1.x86_64 Reproducible: Always Steps to Reproduce: 1. boot with init=/bin/systemd Actual Results: proc on /proc type proc (ro,relatime) Expected Results: /proc is mounted according /etc/fstab - proc /proc proc defaults 0 0 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c1
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c2
Kay Sievers
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c3
--- Comment #3 from Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c4
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c
Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c5
Kay Sievers
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c6
--- Comment #6 from Michal Vyskocil
Weird.
You don't have any 'hardened' system, or changed permissions, right?
PERMISSION_SECURITY="easy local" in /etc/sysconfig/security and no changed in /etc/permissions*.
What happens if you comment-out the /proc line in /etc/fstab?
Will check that.
Also make sure you have a recent 'mkinitrd'. /proc should be mounted from initramfs already.
It already is - after init=/bin/bash I have read write /proc, it became read-only after exec systemd, when exec /sbin/init don't do that. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c7
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c8
--- Comment #8 from Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c9
--- Comment #9 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c10
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c11
--- Comment #11 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c12
Michal Vyskocil
One more point for reproduction: Michal, are you using NetworkManager? I'm using a fixed static IP with traditional scripts.
No NM, I use the DHCP+ifup/ifdown on my desktop. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c13
Petr Uzel
The following sequence reproduces the problem under systemd
# mount | grep /proc proc on /proc type proc (rw,relatime) # mkdir /root/proc # mount -o bind /proc /root/proc # mount -o remount,ro /root/proc # mount | grep proc proc on /proc type proc (ro,relatime) proc on /root/proc type proc (ro,relatime)
The reason might be the fact, there's no information about bind mount in /etc/mtab, as it's only link to /proc/mounts. The upper sequence did not work on 11.3 with linked mtab: mount -o remount,ro ends with mount: /root/proc is busy.
Yes; man 8 mount: ---- Note that behavior of the remount operation depends on the /etc/mtab file. The first command stores the 'bind' flag to the /etc/mtab file and the second command reads the flag from the file. If you have a system without the /etc/mtab file or if you explicitly define source and target for the remount command (then mount(8) does not read /etc/mtab), then you have to use bind flag (or option) for the remount command too. For example: mount --bind olddir newdir mount -o remount,ro,bind olddir newdir ----
I assume we need recent util-linux to make it work, Petr?
Please try to change the ntp.service: --- ntp.orig 2010-12-06 16:09:14.433023504 +0100 +++ ntp 2010-12-06 16:09:23.965026074 +0100 @@ -112,7 +112,7 @@ # prepare_chroot is called on every "start", but we need to mount only once if ! grep -q " ${CHROOT_PREFIX}/proc proc " /proc/mounts; then mount -o bind /proc ${CHROOT_PREFIX}/proc 2>/dev/null - mount -o remount,ro,nosuid,nodev ${CHROOT_PREFIX}/proc 2>/dev/null + mount -o remount,ro,nosuid,nodev,bind ${CHROOT_PREFIX}/proc 2>/dev/null fi NTPD_OPTIONS="${NTPD_OPTIONS} -i ${CHROOT_PREFIX}" } -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c14
--- Comment #14 from Kay Sievers
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c15
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c16
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c17
Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c18
Peter Varkoly
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c19
Christian Wittmer
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c20
--- Comment #20 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c25
Christian Wittmer
---SNIP--- --- ntp.orig 2010-12-06 16:09:14.433023504 +0100 +++ ntp 2010-12-06 16:09:23.965026074 +0100 @@ -112,7 +112,7 @@ # prepare_chroot is called on every "start", but we need to mount only once if ! grep -q " ${CHROOT_PREFIX}/proc proc " /proc/mounts; then mount -o bind /proc ${CHROOT_PREFIX}/proc 2>/dev/null - mount -o remount,ro,nosuid,nodev ${CHROOT_PREFIX}/proc 2>/dev/null + mount -o remount,ro,nosuid,nodev,bind ${CHROOT_PREFIX}/proc 2>/dev/null fi NTPD_OPTIONS="${NTPD_OPTIONS} -i ${CHROOT_PREFIX}" }
This does not fix the problem on Starto V-PowerServer. After starting ntp you can not login via ssh: Mar 13 13:40:34 h2009499 sshd[3614]: pam_loginuid(sshd:session): Cannot open /proc/self/loginuid: Read-only file system Mar 13 13:40:34 h2009499 sshd[3614]: pam_loginuid(sshd:session): set_loginuid failed I need to patch /etc/init/ntp: --- ntp.init.orig 2012-03-12 15:30:21.000000000 +0100 2 +++ ntp.init 2012-03-13 13:42:01.000000000 +0100 3 @@ -116,6 +116,7 @@ 4 if ! grep -q " ${CHROOT_PREFIX}/proc proc " /proc/mounts; then 5 mount -o bind /proc ${CHROOT_PREFIX}/proc 2>/dev/null 6 mount -o remount,ro,nosuid,nodev,bind ${CHROOT_PREFIX}/proc 2>/dev/null 7 + mount -o remount,rw /proc 2>/dev/null 8 fi 9 NTPD_OPTIONS="${NTPD_OPTIONS} -i ${CHROOT_PREFIX}" 10 } -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c27
--- Comment #27 from Peter Varkoly
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c29
--- Comment #29 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=656509
https://bugzilla.novell.com/show_bug.cgi?id=656509#c30
--- Comment #30 from Bernhard Wiedemann
http://bugzilla.novell.com/show_bug.cgi?id=656509
William Byrne
http://bugzilla.novell.com/show_bug.cgi?id=656509
--- Comment #32 from William Byrne
http://bugzilla.novell.com/show_bug.cgi?id=656509
Peter Varkoly
participants (1)
-
bugzilla_noreply@novell.com