FS#74591 - [qemu-system-ppc][sudo] Resource limits file prevents sudo from working in container
Attached to Project:
Arch Linux
Opened by Nathan Chancellor (nathanchance) - Saturday, 30 April 2022, 00:41 GMT
Last edited by David Runge (dvzrv) - Monday, 02 May 2022, 13:34 GMT
Opened by Nathan Chancellor (nathanchance) - Saturday, 30 April 2022, 00:41 GMT
Last edited by David Runge (dvzrv) - Monday, 02 May 2022, 13:34 GMT
|
Details
Description:
The source limits file that is included with qemu-system-ppc 7.0.0-8 prevents sudo from working. Steps to reproduce: I initially noticed this in a Docker container build. $ podman run --rm -ti docker.io/archlinux # sed -i "/\[testing\]/,/Include/"'s/^#//' /etc/pacman.conf # sed -i "/\[community-testing\]/,/Include/"'s/^#//' /etc/pacman.conf # pacman -Syyu --noconfirm ... # pacman -S --noconfirm sudo ... # sudo echo works works # pacman -S --noconfirm qemu-system-ppc ... # sudo echo works sudo: pam_open_session: Permission denied sudo: policy plugin failed session initialization # sed -i 's;* ;#* ;g' /etc/security/limits.d/95-qemu-system-ppc.conf # sudo echo works works |
This task depends upon
Closed by David Runge (dvzrv)
Monday, 02 May 2022, 13:34 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with qemu-system-ppc 7.0.0-9
Monday, 02 May 2022, 13:34 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with qemu-system-ppc 7.0.0-9
I can not reproduce this in a systemd-nspawn container running Arch. Could you provide some information on how this behaves for you in regards to the limits reported by the system?
E.g. please show the output of ulimit -a for before and after the installation of qemu-system-ppc (for me the reported max locked memory for root does not change)
Before:
# ulimit -a
real-time non-blocking time (microseconds, -R) unlimited
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 1030301
max locked memory (kbytes, -l) 8192
max memory size (kbytes, -m) unlimited
open files (-n) 524288
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 1030301
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
After:
# ulimit -a
real-time non-blocking time (microseconds, -R) unlimited
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 1030301
max locked memory (kbytes, -l) 8192
max memory size (kbytes, -m) unlimited
open files (-n) 524288
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 1030301
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
If there is any other information I can provide, please let me know. For what it's worth, I have never had any problems starting qemu-system-ppc on an Arch system before, usually with half a gigabyte or a couple gigabytes of RAM, so I wondered why the resource limits file is even necessary but I drive QEMU by itself, not through libvirt.