Discussion:
[lxc-users] PAM-CGFS[xxx]: Failed to get list of controllers
Richard Hector
2018-07-08 14:08:03 UTC
Permalink
Hi all,

I'm seeing this in auth.log on an lxc host (no lxd).

"PAM-CGFS[xxx]: Failed to get list of controllers"

This is on a host I didn't set up; I've inherited maintenance for it,
and recently added logcheck.

On another host, which I did set up, I don't see that. I have noticed
that the problem host has libpam-cgfs installed, whereas the other one
doesn't.

Both hosts are running Debian stretch, and IIRC both were upgraded from
jessie.

Any tips on what's causing this, and whether it's a problem?

Thanks,

Richard
Christian Brauner
2018-07-09 09:45:34 UTC
Permalink
Post by Richard Hector
Hi all,
I'm seeing this in auth.log on an lxc host (no lxd).
"PAM-CGFS[xxx]: Failed to get list of controllers"
This is on a host I didn't set up; I've inherited maintenance for it,
and recently added logcheck.
On another host, which I did set up, I don't see that. I have noticed
that the problem host has libpam-cgfs installed, whereas the other one
doesn't.
Both hosts are running Debian stretch, and IIRC both were upgraded from
jessie.
Any tips on what's causing this, and whether it's a problem?
So, first of all let's determine if you need the pam module at all. :)
- Do you run unprivileged containers as an unprivileged user on the
affected host? If not, you can remove the pam module.
- What version is the package the pam module is installed from. It might
just be that it can't really handle the empty unified cgroup hierarchy
because it is too old.

Christian
Richard Hector
2018-09-09 13:20:53 UTC
Permalink
Post by Christian Brauner
Post by Richard Hector
Hi all,
I'm seeing this in auth.log on an lxc host (no lxd).
"PAM-CGFS[xxx]: Failed to get list of controllers"
This is on a host I didn't set up; I've inherited maintenance for it,
and recently added logcheck.
On another host, which I did set up, I don't see that. I have noticed
that the problem host has libpam-cgfs installed, whereas the other one
doesn't.
Both hosts are running Debian stretch, and IIRC both were upgraded from
jessie.
Any tips on what's causing this, and whether it's a problem?
So, first of all let's determine if you need the pam module at all. :)
- Do you run unprivileged containers as an unprivileged user on the
affected host? If not, you can remove the pam module.
- What version is the package the pam module is installed from. It might
just be that it can't really handle the empty unified cgroup hierarchy
because it is too old.
Apologies for not replying at the time - I just found this again ...

I believe I solved it by removing libpam-cgfs.

Thanks for your help :-)

Richard

Loading...