On Sat, Jul 01, 2006 at 01:30:07PM +0300, Nikolay Kichukov wrote:
> Thanks Ben,
> That solves the error reporting. Are those limits only set outside of
> the guest and do they not apply per guest basis?
the problem is more that the pam inside the guest
tries to exceed given limits from the host
> Thanks,
> -Nik
>
> On Thu, 2006-06-15 at 11:08 -0400, Benoît des Ligneris wrote:
> > Hello,
> >
> > Quick and dirty solution : you can edit the
> > files that refer to pam_limits.so in your /etc/pam.d/
> >
> > Generally, system-auth is concerned. You simply have to comment the line
> > that refers to pam_limits
> > #session required pam_limits.so
> >
> >
> > The cause of the problem is that pam_limits try to set limits that are
> > already sets _outside_ of the guest.
> >
> > If you want to play with the limits sets, you can modifiy
> > /etc/security/limits.conf of the guest...
> >
> > [ All this was tested on a Mandriva guest but it sould be similar for
> > other systems ]
> >
> > Ben
> >
> >
> > Nikolay Kichukov a écrit :
> > > Hello everybody,
> > > I found out in thread
> > > http://list.linux-vserver.org/archive/vserver/msg10043.html that
> > > Thorsten Gunkel was having the same issue I experience right now with
> > > pam limits generating a lot of error output in the auth.log file on the
> > > guest.
> > >
> > > /var/log/auth.log :
> > >
> > > snip...
> > > Jun 15 14:09:01 vn pam_limits[20957]: setrlimit limit #12 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
this means, it is trying to set rlimit #12 to unlimited
(-1,-1) which very likely already got a limit from the
host
> > > Jun 15 14:09:01 vn CRON[20957]: (pam_unix) session closed for user root
> > > Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session opened for user
> > > venkas by (uid=0)
> > > Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #6 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #8 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #11 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20973]: setrlimit limit #12 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
same for limits #6,#8 and #11
HTH,
Herbert
> > > Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session opened for user
> > > venkas by (uid=0)
> > > Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #6 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #8 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #11 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20975]: setrlimit limit #12 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn CRON[20977]: (pam_unix) session opened for user
> > > venkas by (uid=0)
> > > Jun 15 14:10:01 vn CRON[20978]: (pam_unix) session opened for user
> > > psycho by (uid=0)
> > > Jun 15 14:10:01 vn CRON[20981]: (pam_unix) session opened for user
> > > o2crew by (uid=0)
> > > Jun 15 14:10:01 vn CRON[20982]: (pam_unix) session opened for user
> > > o2crew by (uid=0)
> > > Jun 15 14:10:01 vn CRON[20979]: (pam_unix) session opened for user
> > > o2crew by (uid=0)
> > > Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #6 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #6 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn CRON[20975]: (pam_unix) session closed for user venkas
> > > Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #6 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #6 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #6 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #8 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn CRON[20973]: (pam_unix) session closed for user venkas
> > > Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #8 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #8 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #8 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #8 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #11 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #11 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #11 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #11 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #11 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20977]: setrlimit limit #12 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20978]: setrlimit limit #12 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20981]: setrlimit limit #12 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20982]: setrlimit limit #12 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > Jun 15 14:10:01 vn pam_limits[20979]: setrlimit limit #12 to soft=-1,
> > > hard=-1 failed: Operation not permitted; uid=0 euid=0
> > > snip...
> > >
> > >
> > > I am running:
> > > Versions:
> > > Kernel: 2.6.16.11-vs2.1.1-rc19nevir
> > > VS-API: 0x000100ff
> > > util-vserver: 0.30.210; Jun 8 2006, 11:16:27
> > >
> > > Features:
> > > CC: gcc, gcc (GCC) 4.0.3 (Debian 4.0.3-1)
> > > CXX: g++, g++ (GCC) 4.0.3 (Debian 4.0.3-1)
> > > CPPFLAGS: ''
> > > CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W
> > > -funit-at-a-time'
> > > CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
> > > -fmessage-length=0 -funit-at-a-time'
> > > build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
> > > Use dietlibc: yes
> > > Build C++ programs: yes
> > > Build C99 programs: yes
> > > Available APIs: compat,v11,fscompat,v13,net,oldproc,olduts
> > > ext2fs Source: e2fsprogs
> > > syscall(2) invocation: alternative
> > > vserver(2) syscall#: 273/glibc
> > >
> > > Paths:
> > > prefix: /usr/local
> > > sysconf-Directory: /etc
> > > cfg-Directory: /etc/vservers
> > > initrd-Directory: $(sysconfdir)/init.d
> > > pkgstate-Directory: ${prefix}/var/run/vservers
> > > vserver-Rootdir: /var/lib/vservers/
> > >
> > >
> > > How can this problem be solved?
> > >
> > > Regards,
> > > -Nikolay Kichukov
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver@list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
> --
> ???????????? ?????? ????????????????, ?????? ??????????.
> ???? ???????????? ?????? ??????????, ???? ???????????? ?????? ????????????????...
> -?????????? ??????????
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sun Jul 2 16:23:33 2006