Free Alpine Linux Shell Accounts

1111213141517»

Comments

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited February 2023

    Edited. . . .

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @terrorgen Please note 12, 13, and 14.

    fmt:~# apk update
    fetch http://mirror.fcix.net/alpine/edge/main/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/community/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/testing/x86_64/APKINDEX.tar.gz
    v20230208-1191-g04298fc7839 [http://mirror.fcix.net/alpine/edge/main]
    v20230208-1191-g04298fc7839 [http://mirror.fcix.net/alpine/edge/community]
    v20230208-1191-g04298fc7839 [http://mirror.fcix.net/alpine/edge/testing]
    OK: 25150 distinct packages available
    fmt:~# apk upgrade
    (1/21) Upgrading ncurses-terminfo-base (6.4_p20230211-r0 -> 6.4_p20230218-r3)
    (2/21) Installing libncursesw (6.4_p20230218-r3)
    (3/21) Upgrading libcurl (7.88.0-r1 -> 7.88.1-r1)
    (4/21) Upgrading curl (7.88.0-r1 -> 7.88.1-r1)
    (5/21) Upgrading curl-doc (7.88.0-r1 -> 7.88.1-r1)
    (6/21) Upgrading device-mapper-libs (2.03.18-r0 -> 2.03.19-r0)
    (7/21) Installing libpanelw (6.4_p20230218-r3)
    (8/21) Upgrading gdb (12.1-r4 -> 13.1-r2)
    (9/21) Upgrading gdb-doc (12.1-r4 -> 13.1-r2)
    (10/21) Upgrading linux-headers (6.1.11-r0 -> 6.2-r0)
    (11/21) Upgrading tar (1.34-r1 -> 1.34-r2)
    (12/21) Upgrading nix (2.12.0-r0 -> 2.13.2-r0)
    (13/21) Upgrading nix-openrc (2.12.0-r0 -> 2.13.2-r0)
    (14/21) Upgrading nix-doc (2.12.0-r0 -> 2.13.2-r0)
    (15/21) Upgrading tar-doc (1.34-r1 -> 1.34-r2)
    (16/21) Upgrading keyutils-libs (1.6.3-r1 -> 1.6.3-r2)
    (17/21) Upgrading xxd (9.0.1313-r1 -> 9.0.1337-r0)
    (18/21) Upgrading vim (9.0.1313-r1 -> 9.0.1337-r0)
    (19/21) Upgrading vim-doc (9.0.1313-r1 -> 9.0.1337-r0)
    (20/21) Upgrading harfbuzz (7.0.0-r1 -> 7.0.1-r0)
    (21/21) Purging ncurses-libs (6.4_p20230211-r0)
    Executing busybox-1.36.0-r4.trigger
    Executing mandoc-apropos-1.14.6-r6.trigger
    OK: 1332 MiB in 360 packages
    fmt:~# 
    
  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited February 2023

    @terrorgen said:
    Looks like I am still not able to start my container.

    @terrorgen said:
    Oh just found this from https://wiki.alpinelinux.org/wiki/LXD:

    If you plan to run systemd based Linux distributions (Debian, Ubuntu, etc.), add this to /etc/conf.d/lxc:

    systemd_container=yes
    and enable both lxc and lxd to start at boot:

     rc-update add lxc
     rc-update add lxd
     rc-update add lxcfs
    

    If you have problems, try to enable dbus:

    rc-update add dbus
    Reboot and lxd should be working.

    @Not_Oles you'll have to do this ☺️

    I'm not sure this is right, because we don't even have installed either the LXD package or the lxc command (which is part of LXD and not part of LXC). We do have the lxc and lxcfs packages installed, but they do not include the lxc command.

    fmt:~# apk info lxd
    lxd-5.0.2-r3 description:
    A container hypervisor and a new user experience for LXC - 'LTS' release channel
    
    lxd-5.0.2-r3 webpage:
    https://linuxcontainers.org/lxd/
    
    lxd-5.0.2-r3 installed size:
    43 MiB
    
    fmt:~# apk -e info lxd 
    fmt:~#                                # No output here means it's not installed.
    

    I tried commenting out bash and adding a line about systemd to my /home/notoles Debian LXC config.

    ~/.local/share/lxc/debian $ cat config
    # Template used to create this container: /usr/share/lxc/templates/lxc-download
    # Parameters passed to the template: --dist debian --release sid --arch amd64
    # For additional config options, please look at lxc.container.conf(5)
    
    # Uncomment the following line to support nesting containers:
    #lxc.include = /usr/share/lxc/config/nesting.conf
    # (Be aware this has security implications)
    
    # Distribution configuration
    lxc.include = /usr/share/lxc/config/common.conf
    lxc.include = /usr/share/lxc/config/userns.conf
    lxc.arch = linux64
    
    # Container specific configuration
    lxc.include = /etc/lxc/default.conf
    lxc.idmap = u 0 1000000000 65536
    lxc.idmap = g 0 1000000000 65536
    lxc.rootfs.path = dir:/home/notoles/.local/share/lxc/debian/rootfs
    lxc.uts.name = debian
    
    # Network configuration
    lxc.net.0.ipv4.address = 192.168.188.11/24
    lxc.net.0.ipv4.gateway = 192.168.188.1
    
    lxc.net.0.ipv6.address = 2602:fba1:999:1c00:11::/64
    lxc.net.0.ipv6.gateway = 2602:fba1:999:1c00::
    # lxc.init.cmd = /bin/bash
    systemd_container=yes
    ~/.local/share/lxc/debian $ 
    

    The result was these errors:

    fmt:~$ lxc-start -F -n debian
    Failed to find module 'autofs4'
    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
    [!!!!!!] Failed to mount API filesystems.
    Exiting PID 1...
    fmt:~$ 
    

    If there is no way to get Alpine's LXC without LXD to run an unprivileged container for a systemd OS, then, yes, maybe we should install LXD.

    I looked at https://wiki.alpinelinux.org/wiki/LXC. This page suggests stopping and disabling systemd-networkd inside a privileged container:

    lxc-attach -n bullseye
    systemctl stop systemd-networkd
    systemctl disable systemd-networkd
    reboot
    

    I will check to see if starting the unprivileged container with bash and then stopping/disabling systemd-networkd is enough to get an unprivileged Debian container to start in the usual way, without setting PID 1 as bash.

    By the way, where / how did you get your nix LXC image? Nix doesn't seem to be on the linuxcontainers.org image server.

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny seems pretty sure that systemd won't work inside the LXC containers:

    @yoursunny said: systemd in the container will not work, so the entry process is changed to bash.

    @terrorgen Did you try changing the entry process to bash for your nix container?

    Do you guys understand how/why making unprivileged containers with LXD as explained in https://wiki.alpinelinux.org/wiki/LXD could enable systemd to work inside those containers when getting systemd working might not be possible inside unprivileged containers made with lxc-create? What's the difference between LXD's lxc command and LXC's lxc-create command that allows systemd to work with unprivileged LXD containers but not with unprivileged LXC containers?

  • edited February 2023

    @Not_Oles said: I'm not sure this is right, because we don't even have installed either the LXD package or the lxc command (which is part of LXD and not part of LXC). We do have the lxc and lxcfs packages installed, but they do not include the lxc command.

    But /etc/conf.d/lxc does exist, so it may not have to do with LXD.

    @Not_Oles said: @terrorgen Did you try changing the entry process to bash for your nix container?

    That won't work. NixOS is heavily dependant on systemd to get things working. Also, LXC "boots" the container by starting /sbin/init inside the container. In a NixOS container this is actually a generated bash script, which among other things contains the system configuration that will be activated at "boot". My init script is throwing errors because it cannot find a proper sys mount.

    @Not_Oles said: What's the difference between LXD's lxc command and LXC's lxc-create

    My understanding is, LXD's lxc command is a higher level management tool that abstracts away the lower level configuration of lxc-*. It can also manage VMs. I don't claim to be an expert for either, though.

    @Not_Oles said: By the way, where / how did you get your nix LXC image?

    Found a guide that downloads the rootfs tarball from NixOS's own repository. NixOS developers decided against publishing them to linuxcontainers.org because it seems counterintuitive.

    I personally have a NixOS LXC container running in my homelab Proxmox server, so I know it can be done.

    The all seeing eye sees everything...

  • So it just clicked that most of my problems (besides cgroup delegation) is permissions:

    ❯ lxc-start nixos -F
    lxc-start: nixos: ../src/lxc/utils.c: safe_mount: 1220 Resource busy - Failed to mount "sys" onto "/usr/lib/lxc/rootfs/dev/.lxc/sys"
    
    <<< NixOS Stage 2 >>>
    
    install: cannot change permissions of '/tmp': Operation not permitted
    running activation script...
    ln: failed to create symbolic link '/bin/.sh.tmp': Permission denied
    mv: cannot stat '/bin/.sh.tmp': No such file or directory
    Activation script snippet 'binsh' failed (1)
    install: cannot change permissions of '/root': Operation not permitted
    mkdir /var/lib: Permission denied at /nix/store/snb4523ghvw9917q15j401fz26d5plh3-update-users-groups.pl line 17.
    Activation script snippet 'users' failed (13)
    setting up /etc...
    Died at /nix/store/rg5rf512szdxmnj9qal3wfdnpfsx38qi-setup-etc.pl line 27.
    Activation script snippet 'etc' failed (13)
    /nix/store/8ndxpvlgfjbbas506vqrad69rzjzxwsp-nixos-system-nixos-23.05pre452927.6ccc4a59c3f/activate: line 129: /etc/shadow: No such file or directory
    Activation script snippet 'hashes' failed (1)
    ln: failed to create symbolic link '/sbin/init': Permission denied
    Activation script snippet 'installInitScript' failed (1)
    install: cannot create directory '/nix/var': Permission denied
    install: cannot create directory '/nix/var': Permission denied
    /nix/store/8ndxpvlgfjbbas506vqrad69rzjzxwsp-nixos-system-nixos-23.05pre452927.6ccc4a59c3f/activate: line 167: /root/.nix-channels: Permission denied
    Activation script snippet 'nix' failed (1)
    mkdir: cannot create directory '/usr/bin': Permission denied
    ln: failed to create symbolic link '/usr/bin/.env.tmp': No such file or directory
    mv: cannot stat '/usr/bin/.env.tmp': No such file or directory
    Activation script snippet 'usrbinenv' failed (1)
    mkdir: cannot create directory '/var/tmp': Permission denied
    mkdir: cannot create directory '/var/empty': Permission denied
    find: '/var/empty': No such file or directory
    chmod: cannot access '/var/empty': No such file or directory
    chown: invalid user: 'root:root'
    Activation script snippet 'var' failed (1)
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:messagebus'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    chown: invalid user: 'root:root'
    Activation script snippet 'wrappers' failed (1)
    mkdir: cannot create directory '/nix/var': Permission denied
    ln: failed to create symbolic link '/nix/var/nix/gcroots/current-system': No such file or directory
    cp: cannot create regular file '/etc/nixos/configuration.nix': Permission denied
    terminate called after throwing an instance of 'nix::Error'
      what():  error: cannot determine user's home directory
    /nix/store/l411104qj58cq7f1gg2wiryi0lzly5jk-local-cmds: line 17:   132 Aborted                 /nix/store/nnznavnhyli08264apz6lanbjza48si1-nix-2.13.2/bin/nix-store --load-db < /nix-path-registration
    terminate called after throwing an instance of 'nix::Error'
      what():  error: cannot determine user's home directory
    /nix/store/l411104qj58cq7f1gg2wiryi0lzly5jk-local-cmds: line 20:   133 Aborted                 /nix/store/nnznavnhyli08264apz6lanbjza48si1-nix-2.13.2/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
    unpacking the NixOS/Nixpkgs sources...
    mkdir: cannot create directory '/nix/var': Permission denied
    terminate called after throwing an instance of 'nix::Error'
      what():  error: cannot determine user's home directory
    /nix/store/l411104qj58cq7f1gg2wiryi0lzly5jk-local-cmds: line 32:   135 Aborted                 /nix/store/nnznavnhyli08264apz6lanbjza48si1-nix-2.13.2/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels -i /nix/store/70hcm36cm9v6wwvl224w2zvxvshrh1ff-nixos-23.05pre452927.6ccc4a59c3f --quiet --option build-use-substitutes false
    mkdir: cannot create directory '/root/.nix-defexpr': Permission denied
    ln: failed to create symbolic link '/root/.nix-defexpr/channels': No such file or directory
    mkdir: cannot create directory '/var/lib': Permission denied
    touch: cannot touch '/var/lib/nixos/did-channel-init': No such file or directory
    /sbin/init: line 130: /etc/machine-id: Permission denied
    starting systemd...
    Failed to find module 'autofs4'
    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
    [!!!!!!] Failed to mount API filesystems.
    Exiting PID 1...
    

    Comparing notes between my homelab NixOS container vs MetalVPS's...

    rootfs permission in my homelab is set to uid:100000 and gid:100000, which maps to root:root in the container.

    Whereas my rootfs' permission in MetalVPS is set to my uid:gid.
    so I did a tweak in my config file:

    lxc.idmap = u 0 1015 1
    lxc.idmap = g 0 1015 1
    lxc.idmap = u 1 1015000000 65535
    lxc.idmap = g 1 1015000000 65535
    

    so the container root is myself in MetalVPS.

    solved most of the permission issues above.

    now this is how it looks like:

    ❯ lxc-start nixos -F
    lxc-start: nixos: ../src/lxc/utils.c: safe_mount: 1220 Resource busy - Failed to mount "sys" onto "/usr/lib/lxc/rootfs/dev/.lxc/sys"
    
    <<< NixOS Stage 2 >>>
    
    running activation script...
    setting up /etc...
    starting systemd...
    Failed to find module 'autofs4'
    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
    [!!!!!!] Failed to mount API filesystems.
    Exiting PID 1...
    
    Thanked by (1)Not_Oles

    The all seeing eye sees everything...

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @terrorgen said: So it just clicked that most of my problems (besides cgroup delegation) is permissions

    I did a tweak in my config file:

    lxc.idmap = u 0 1015 1
    lxc.idmap = g 0 1015 1
    lxc.idmap = u 1 1015000000 65535
    lxc.idmap = g 1 1015000000 65535
    so the container root is myself in MetalVPS.

    Congrats on figuring out the permissions issues!

    @terrorgen said: Failed to find module 'autofs4'
    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
    [!!!!!!] Failed to mount API filesystems.
    Exiting PID 1...

    Looks just like the errors I am seeing when starting a Debian container:

    @Not_Oles said:
    fmt:~$ lxc-start -F -n debian
    Failed to find module 'autofs4'
    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
    [!!!!!!] Failed to mount API filesystems.
    Exiting PID 1...
    fmt:~$

    @terrorgen I will look at this some more, including your suggested changes to the node configuration and raising the number of containers permission limit.

    Now that you fixed your user permissions, might starting with bash as PID 1 work? And be helpful?

  • @Not_Oles said: Now that you fixed your user permissions, might starting with bash as PID 1 work?

    it may boot successfully but because systemd is heavily relied upon by NixOS, it won't be any useful.

    @Not_Oles said: And be helpful?

    I am sorry if I am not being helpful.

    Thanked by (1)Not_Oles

    The all seeing eye sees everything...

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @terrorgen said: @Not_Oles said: And be helpful?

    I am sorry if I am not being helpful.

    You are always very helpful!

    I meant: "Now that you fixed your user permissions, might starting with bash as PID 1 work? And be helpful to you?" :)

    Thanked by (1)terrorgen
  • Thanked by (1)Not_Oles

    The all seeing eye sees everything...

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @terrorgen said:
    Oh just found this from https://wiki.alpinelinux.org/wiki/LXD:

    If you plan to run systemd based Linux distributions (Debian, Ubuntu, etc.), add this to /etc/conf.d/lxc:

    systemd_container=yes
    and enable both lxc and lxd to start at boot:

     rc-update add lxc
     rc-update add lxd
     rc-update add lxcfs
    

    If you have problems, try to enable dbus:

    rc-update add dbus
    Reboot and lxd should be working.

    fmt:~# date 
    Thu Feb 23 00:35:42 UTC 2023
    fmt:~# cat /etc/conf.d/lxc
    # Configuration for /etc/init.d/lxc[.*]
    
    # Enable cgroup for systemd-based containers.
    #systemd_container=no
    systemd_container=yes
    
    # autostart groups (comma separated)
    #lxc_group="onboot"
    
    # Directory for containers' logs (used for symlinked runscripts lxc.*).
    #logdir="/var/log/lxc"
    fmt:~# 
    
    fmt:~# rc-update add lxc
     * service lxc added to runlevel default
    fmt:~# rc-update add lxd
     * rc-update: service `lxd' does not exist
    fmt:~# rc-update add lxcfs
     * service lxcfs added to runlevel default
    fmt:~# rc-update add dbus
     * rc-update: service `dbus' does not exist
    fmt:~# 
    

    Do we need to apk add lxd and apk add dbus plus enable both before rebooting, or is it worth while to try just adding lxc and lxcfs to runlevel default?

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited February 2023

    Okay, at the link you posted @stgraber says:

    Basically you’d need root to crate you a /sys/fs/cgroup/user.doskanoness cgroup or something similar, then chown it over to you and move your shell’s PID into it.

    At that point, lxc-start should be able to detect that and since you now own that cgroup, will be able to create its own entries in there for the container.

    I'd want to read about making cgroups, but it looks like we could do it. Do you want to go ahead with cgroups, or stay awhile longer on the present path? Should we (1) go ahead and reboot, (2) add lxd and dbus and then reboot, (3) revert the changes I just made to /etc/conf.d/lxc and the rc scripts, (4) work on the cgroups, or (5) some combination? :)

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Cgroup comparison between fmt (Alpine) and ex100 (Debian sid):

    fmt:/sys/fs/cgroup# ls
    blkio       cpuacct     devices     hugetlb     net_cls     openrc      pids
    cpu         cpuset      freezer     memory      net_prio    perf_event  unified
    fmt:/sys/fs/cgroup# 
    
    root@sid /sys/fs/cgroup # ls
    cgroup.controllers      cpu.pressure           io.cost.qos       proc-sys-fs-binfmt_misc.mount
    cgroup.max.depth        cpuset.cpus.effective  io.pressure       sys-fs-fuse-connections.mount
    cgroup.max.descendants  cpuset.mems.effective  io.stat           sys-kernel-config.mount
    cgroup.pressure         cpu.stat               memory.numa_stat  sys-kernel-debug.mount
    cgroup.procs            dev-hugepages.mount    memory.pressure   sys-kernel-tracing.mount
    cgroup.stat             dev-mqueue.mount       memory.reclaim    system.slice
    cgroup.subtree_control  init.scope             memory.stat       user.slice
    cgroup.threads          io.cost.model          misc.capacity
    root@sid /sys/fs/cgroup # 
    
  • Let's go ahead and reboot and see if it works! If it doesn't after the reboot, we'll try something else :)

    Thanked by (1)Not_Oles

    The all seeing eye sees everything...

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Hi @terrorgen!

    Reboot:

    fmt:~# date | tee reboot-time
    Thu Feb 23 16:53:45 UTC 2023
    fmt:~# reboot
    

    Following the reboot:

    fmt:~$ lxc-start -n debian -F
    Failed to find module 'autofs4'
    systemd 252.5-2 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
    Detected virtualization lxc.
    Detected architecture x86-64.
    
    Welcome to Debian GNU/Linux bookworm/sid!
    
    Initializing machine ID from random generator.
    Failed to create /init.scope control group: Permission denied
    Failed to allocate manager object: Permission denied
    [!!!!!!] Failed to allocate manager object.
    Exiting PID 1...
    fmt:~$ 
    
  • We got progress!
    same error message here.

    ~ terrorgen@fmt
    ❯ lxc-start nixos -F
    lxc-start: nixos: ../src/lxc/utils.c: safe_mount: 1220 Resource busy - Failed to mount "sys" onto "/usr/lib/lxc/rootfs/dev/.lxc/sys"
    
    <<< NixOS Stage 2 >>>
    
    running activation script...
    setting up /etc...
    starting systemd...
    Failed to find module 'autofs4'
    systemd 252.4 running in system mode (+PAM +AUDIT -SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK -XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified)
    Detected virtualization lxc.
    Detected architecture x86-64.
    
    Welcome to NixOS 23.05 (Stoat)!
    
    Failed to create /init.scope control group: Permission denied
    Failed to allocate manager object: Permission denied
    [!!!!!!] Failed to allocate manager object.
    Exiting PID 1...
    
    ~ terrorgen@fmt
    ❯
    
    Thanked by (1)Not_Oles

    The all seeing eye sees everything...

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Welp, for whatever it's worth:

    Unpriviliged container wont start - Failed to allocate manager object

    Same errors in Arch Linux:

    Failed to create /init.scope control group: Permission denied
    Failed to allocate manager object: Permission denied
    [!!!!!!] Failed to allocate manager object.
    Exiting PID 1...
    

    Solution proposed as:

    OK - I figured it out after stepping away from it and trying fresh this morning. I had an issue in my /etc/pam.d/system-login file. I fixed the cgfs line to read like this:

    session optional pam_cgfs.so -c freezer,memory,name=systemd,unified

    Here is our /etc/pam.d/system-login:

    fmt:~# cat -n /etc/pam.d/system-login
         1  #%PAM-1.0
         2
         3  auth       required   pam_faillock.so      preauth
         4  auth       required   pam_shells.so
         5  auth       requisite  pam_nologin.so
         6  auth       include    base-auth
         7  auth       [default=die] pam_faillock.so   authfail
         8  auth       required   pam_faillock.so      authsucc
         9
        10
        11  account    required   pam_access.so
        12  account    required   pam_nologin.so
        13  account    include    base-auth
        14
        15  password   include    base-auth
        16
        17  session    include    base-auth
        18  session    include    base-session
        19  session    optional   pam_loginuid.so
        20  session    optional   pam_motd.so          motd=/etc/motd
        21  session    optional   pam_mail.so          dir=/var/mail standard quiet
        22  -session   optional   pam_ck_connector.so  nox11
        23  session    required   pam_env.so
    fmt:~# 
    

    We don't have a pam_cgfs line in our /etc/pam.d/system-login.

    I found a Debian libpam-cgfs package and a Github repo for pam_cgfs.c which seems to be part of LXC. Apparently, Alpine might not have the separate package.

    fmt:~# apk search libpam-cgfs
    fmt:~# 
    

    Maybe I could try adding the suggested pam_cgfs line, but I don't understand it enough yet. Ideas?

  • Worth a shot.

    Thanked by (1)Not_Oles

    The all seeing eye sees everything...

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @terrorgen said:
    Worth a shot.

    I tried adding the suggested line to /etc/pam.d/system-login and then rebooting.

    That addition produced these errors, which seem to be the same:

    fmt:~$ lxc-start -n debian -F
    Failed to find module 'autofs4'
    systemd 252.5-2 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
    Detected virtualization lxc.
    Detected architecture x86-64.
    
    Welcome to Debian GNU/Linux bookworm/sid!
    
    Failed to create /init.scope control group: Permission denied
    Failed to allocate manager object: Permission denied
    [!!!!!!] Failed to allocate manager object.
    Exiting PID 1...
    fmt:~$ 
    

    So I reverted the change and rebooted. Restarted the networking and ndpresponder. :)

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    I logged in and nobody was around. So. . . . :)

    fmt:~# apk update
    fetch http://mirror.fcix.net/alpine/edge/main/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/community/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/testing/x86_64/APKINDEX.tar.gz
    v20230208-1434-g480cc47561e [http://mirror.fcix.net/alpine/edge/main]
    v20230208-1455-g29db802ccd8 [http://mirror.fcix.net/alpine/edge/community]
    v20230208-1454-ge4e3135b82a [http://mirror.fcix.net/alpine/edge/testing]
    OK: 25183 distinct packages available
    fmt:~# apk upgrade
    (1/15) Upgrading libmagic (5.44-r0 -> 5.44-r2)
    (2/15) Upgrading file (5.44-r0 -> 5.44-r2)
    (3/15) Upgrading libblkid (2.38.1-r4 -> 2.38.1-r5)
    (4/15) Upgrading libuuid (2.38.1-r4 -> 2.38.1-r5)
    (5/15) Upgrading file-doc (5.44-r0 -> 5.44-r2)
    (6/15) Upgrading sqlite-libs (3.40.1-r0 -> 3.41.0-r0)
    (7/15) Upgrading linux-lts (6.1.12-r0 -> 6.1.13-r0)
    (8/15) Upgrading linux-lts-doc (6.1.12-r0 -> 6.1.13-r0)
    (9/15) Upgrading shadow-libs (4.13-r1 -> 4.13-r2)
    (10/15) Upgrading shadow-subids (4.13-r1 -> 4.13-r2)
    (11/15) Upgrading nasm (2.16.01-r0 -> 2.16.01-r1)
    (12/15) Upgrading nasm-doc (2.16.01-r0 -> 2.16.01-r1)
    (13/15) Upgrading blkid (2.38.1-r4 -> 2.38.1-r5)
    (14/15) Upgrading libmount (2.38.1-r4 -> 2.38.1-r5)
    (15/15) Upgrading glib (2.74.5-r0 -> 2.74.6-r0)
    Executing busybox-1.36.0-r4.trigger
    Executing kmod-30-r1.trigger
    Executing mkinitfs-3.7.0-r3.trigger
    ==> initramfs: creating /boot/initramfs-lts
    Executing mandoc-apropos-1.14.6-r6.trigger
    Executing syslinux-6.04_pre1-r11.trigger
    /boot is device /dev/sdc1
    OK: 1332 MiB in 360 packages
    fmt:~# uname -r
    6.1.12-0-lts
    fmt:~# reboot
    
    fmt:~# date -u
    Sat Feb 25 02:19:33 UTC 2023
    fmt:~# uname -r
    6.1.13-0-lts
    fmt:~# 
    
    fmt:~$ lxc-start -n alpine
    fmt:~$ lxc-attach -n alpine
    / # ping -c 2 -4 icanhazip.com
    PING icanhazip.com (104.18.114.97): 56 data bytes
    64 bytes from 104.18.114.97: seq=0 ttl=59 time=1.653 ms
    64 bytes from 104.18.114.97: seq=1 ttl=59 time=1.680 ms
    
    --- icanhazip.com ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 1.653/1.666/1.680 ms
    / # ping -c 2 -6 icanhazip.com
    PING icanhazip.com (2606:4700::6812:7361): 56 data bytes
    64 bytes from 2606:4700::6812:7361: seq=0 ttl=59 time=1.268 ms
    64 bytes from 2606:4700::6812:7361: seq=1 ttl=59 time=1.304 ms
    
    --- icanhazip.com ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 1.268/1.286/1.304 ms
    / # 
    
    Thanked by (1)terrorgen
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Now that I blew my budget on the i9-12900K EX100 I got from Hetzner I regretfully have had to ask @Cloudie to cancel this server. The next payment is due March 3. I don't know exactly when the cancellation will occur.

    @yoursunny @terrorgen @subenhon You guys have been using the fmt server lately. I don't know whether @Cloudie would allow it, and I don't know what the price might be, but perhaps one or the group of you might want to take over the server? You could try contacting @Cloudie, perhaps via Route48's Discord.

    Guys who have been using this server are warmly invited to request accounts in the above linked EX100 thread. I realize the EX100 is in Finland instead of California, and that makes a big latency difference. Another big difference is that the Helsinki server runs Debian sid and not Alpine.

    I hope the EX100 will stay around for awhile! I'm not planning to cancel it. I'm looking forward to seeing you guys in Helsinki! <3

  • 😬
    At least the other server has systemd.

    Thanked by (1)Not_Oles

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said:
    😬
    At least the other server has systemd.

    https://busybox.net/kill_it_with_fire.txt :)

  • @Not_Oles said:

    @terrorgen said:

    @Not_Oles said: @terrorgen Did you try it too?

    Hey Tom, just trying it and looks like you need to add me to /etc/sub{u,g}id

    Hi! Okay, added to /etc/sub*id and also to /etc/lxc/lxc-usernet. Please let me know if you need anything else. Have fun!

    Can you add me too

    Teehee!

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited February 2023

    @Nubuki said:

    @Not_Oles said:

    @terrorgen said:

    @Not_Oles said: @terrorgen Did you try it too?

    Hey Tom, just trying it and looks like you need to add me to /etc/sub{u,g}id

    Hi! Okay, added to /etc/sub*id and also to /etc/lxc/lxc-usernet. Please let me know if you need anything else. Have fun!

    Can you add me too

    Let's please get this server cleaned up and back to @Cloudie. When I have a chance, I will try adding you on the EX100 if that's okay with you.

  • If possible, I would like to get one.
    pm key

  • @zudaz said:
    If possible, I would like to get one.
    pm key

    Congrats on your first post

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @zudaz said:
    If possible, I would like to get one.
    pm key

    @Not_Oles said: Let's please get this server cleaned up and back to @Cloudie.

    Hi @zudaz! Sorry, but this server has been returned to @Cloudie. Welcome to LES! If you want to post a little about who and where you are and about what you are doing, I am sure everybody would be interested. It's a nice group here at LES! Best wishes! Tom

Sign In or Register to comment.