Sharing SSSD socket from Host to Podman container #24522
Unanswered
sabivijayan
asked this question in
Q&A
Replies: 1 comment 1 reply
-
|
Could be SELinux issue? |
Beta Was this translation helpful? Give feedback.
1 reply
-
The selinux is not enabled on the host or container level. At Host level:[root@m86zxa50a ~]# sestatus |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I have an environment as below.
VM Host + Podman + MariaDB inside Podman
I have added the host to the domain and all features of SSSD is working on the host. Then I mounted /var/lib/sss directory to the podman container with other mount points as shown below to enable pam authentication on the container. The commands like ID and GETENT are working on the container as it just uses nss service. But for authentication, it fails as it uses the pam service and the service expects the sockets to be with root:root permissions to start with.
But as I mounted the volume from the host, the permissions are as below. so due to this, it always fails with below error.
podman container create
--name ${dbname}-mariadb
--network=host
--hostname $(hostname)
-v /opt/mariadb/rsyslog:/run/rsyslog
-v /opt/mariadb/data/${dbname}:/var/lib/mysql
-v /opt/mariadb/log/${dbname}:/var/lib/mysql-log
-v /opt/mariadb/temp/${dbname}:/var/lib/mysql/temp
-v /opt/mariadb/data/${dbname}/encryption:/etc/mysql/encryption
-v /opt/mariadb/data/${dbname}/ssl:/etc/mysql/ssl
-v /var/lib/sss:/var/lib/sss:z
-e MARIADB_ROOT_PASSWORD="/var/lib/mysql/rootpasswd"
...
In the Container:
[root@m86zxa50a mysql]# cd /var/lib/sss/
[root@m86zxa50a sss]# ls -ltr
total 32
drwx------. 2 nobody nobody 4096 May 20 07:29 keytabs
drwxr-xr-x. 2 nobody nobody 4096 May 20 07:29 gpo_cache
drwxr-x--x. 2 nobody nobody 4096 May 20 07:29 deskprofile
drwx------. 2 nobody nobody 4096 Nov 10 22:24 secrets
drwxr-xr-x. 3 nobody nobody 4096 Nov 10 22:25 pipes
drwxrwxr-x. 2 nobody nobody 4096 Nov 10 22:25 mc
drwxr-xr-x. 3 nobody nobody 4096 Nov 10 22:33 pubconf
drwx------. 2 nobody nobody 4096 Nov 10 22:40 db
[root@m86zxa50a sss]#
[root@m86zxa50a sss]# cd pipes/
[root@m86zxa50a pipes]# ls -ltr
total 4
drwxr-x---. 2 nobody nobody 4096 Nov 10 22:25 private
srw-rw-rw- 1 nobody nobody 0 Nov 10 22:25 pam
srw-rw-rw- 1 nobody nobody 0 Nov 10 22:25 nss
srw-rw-rw- 1 nobody nobody 0 Nov 10 22:25 pac
The error from /var/log/authlog:
Nov 10 22:40:14 m86zxa50a su: pam_sss(su:session): Request to sssd failed. Cannot get stat of SSSD socket.
Nov 10 22:40:37 m86zxa50a auth_pam_tool: pam_sss(mysql:auth): Request to sssd failed. Cannot get stat of SSSD socket.
Nov 10 22:40:37 m86zxa50a auth_pam_tool: pam_sss(mysql:auth): Request to sssd failed. Cannot get stat of SSSD socket.
Can you please help ?
Best Regards,
Sabi
Beta Was this translation helpful? Give feedback.
All reactions