Hi,
in xibo 4.07(docker version) if I add to a layout a playlist with jpg images and want to publish the layout, I get the waiting for conversion error.
regards,
Manole
May your CMS tasks are not running properly.
Go to: https://yourcms.com/task/view
Check all tasks, but take a look in the Image Processing
task:
Tell us what you get after this.
is active but can’t see if is properly running.
if I upload the pictures directly on the layout is working properly but if I put it in a playlist I get the pending error.
in version 3.3.9 is working ok, only from version 4.x not anymore.
something wrong with cron in the version 4 container.
As a workaround commenting the module pam_loginuid.so inside /etc/pam.d/cron and restart cron helps
I use podman
podman exec -ti CONTAINER ID bash
sed -i '/session required pam_loginuid.so/c\#session required pam_loginuid.so' /etc/pam.d/cron
this works also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762157
change pam_loginuid.so from required to optional in the /etc/pam.d/cron configuration
1 Like
THANK ! YOU !
Was struggling on that for weeks (exact same symptoms and same OK versions, also using Podman)
Ping @natasha to see if that can be fixed in future releases.
I added --cap-add AUDIT_CONTROL to docker-compose.yml and for me is working
reference:
opened 04:32AM - 26 Jan 22 UTC
closed 06:54PM - 09 Feb 22 UTC
kind/bug
locked - please file new issue/PR
/kind bug
Regression
**Description**
I have a container with SSH runnin… g inside. I have added AUDIT_WRITE capability to the container. After updating podman to mainline, unable to SSH to the container.
**Steps to reproduce the issue:**
1. Add "AUDIT_WRITE" to the default_capabilities list in /usr/share/containers/containers.conf file
2. Put SELinux in Permissive mode
3. Start a container with public IP address and run sshd inside
4. Login to the container using the public IP address
**Describe the results you received:**
SSH connection breaks as soon after credentials is verified and PAM tries to open session.
/var/log/secure log
```
Jan 25 20:12:17 myhost sshd[278]: Accepted password for myuser from 1x.yy.aa.bb port 51250 ssh2
Jan 25 20:12:17 myhost sshd[278]: pam_loginuid(sshd:session): Error writing /proc/self/loginuid: Operation not permitted
Jan 25 20:12:17 myhost sshd[278]: pam_loginuid(sshd:session): set_loginuid failed
Jan 25 20:12:17 myhost sshd[278]: pam_unix(sshd:session): session opened for user myuser by (uid=0)
Jan 25 20:12:17 myhost sshd[278]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Jan 25 20:12:17 myhost sshd[280]: Received disconnect 1x.yy.aa.bb port 51250:11: disconnected by user
Jan 25 20:12:17 myhost sshd[280]: Disconnected from 1x.yy.aa.bb port 51250
```
SSH server logs when run in debug mode
```
debug1: userauth-request for user myuser service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: PAM: password authentication accepted for myuser
debug1: do_pam_account: called
Accepted password for appadmin from 1x.yy.aa.bb port 51228 ssh2
debug1: monitor_child_preauth: myuser has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: temporarily_use_uid: 1000/100 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support disabled
debug1: PAM: establishing credentials
PAM: pam_open_session(): Cannot make/remove an entry for the specified session
User child is on pid 311
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1000/100
debug1: rekey after 4294967296 blocks
debug1: rekey after 4294967296 blocks
debug1: ssh_packet_set_postauth: called
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: SELinux support disabled
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/2 for myuser from 1x.yy.aa.bb port 51228 id 0
debug1: Setting controlling tty using TIOCSCTTY.
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 312
debug1: session_exit_message: session 0 channel 0 pid 312
debug1: session_exit_message: release channel 0
debug1: session_by_tty: session 0 tty /dev/pts/2
debug1: session_pty_cleanup: session 0 release /dev/pts/2
Received disconnect from 1x.yy.aa.bb port 51228:11: disconnected by user
Disconnected from 1x.yy.aa.bb port 51228
debug1: do_cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: deleting credentials
```
**Describe the results you expected:**
SSH connection should work.
**Additional information you deem important (e.g. issue happens only occasionally):**
Always
**Output of `podman version`:**
```
Client: Podman Engine
Version: 4.0.0-dev
API Version: 4.0.0-dev
Go Version: go1.17.5
Git Commit: be722e59eca6cf4b8f9249825e044930d6534f74
Built: Mon Jan 24 12:57:44 2022
OS/Arch: linux/amd64
```
**Output of `podman info --debug`:**
```
host:
arch: amd64
buildahVersion: 1.24.0-dev
cgroupControllers:
- cpuset
- cpu
- cpuacct
- blkio
- memory
- devices
- freezer
- net_cls
- perf_event
- net_prio
- hugetlb
- pids
- rdma
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.29, commit: 0f5bee61b18d4581668e5bf18b910cda3cff5081'
cpus: 8
distribution:
distribution: '"rhel"'
version: "8.5"
eventLogger: file
hostname: myhost
idMappings:
gidmap: null
uidmap: null
kernel: 4.18.0-348.12.2.el8_5.x86_64
linkmode: dynamic
logDriver: journald
memFree: 14842597376
memTotal: 33511686144
networkBackend: cni
ociRuntime:
name: runc
package: runc-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64
path: /usr/bin/runc
version: |-
runc version 1.0.2
spec: 1.0.2-dev
go: go1.16.7
libseccomp: 2.5.2
os: linux
remoteSocket:
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_AUDIT_WRITE,CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64
version: |-
slirp4netns version 1.1.8
commit: d361001f495417b880f20329121e3aa431a8f90f
libslirp: 4.4.0
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.2
swapFree: 20002631680
swapTotal: 20002631680
uptime: 152h 25m 6s (Approximately 6.33 days)
plugins:
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
- filevol
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- registry.centos.org
- docker.io
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 4
paused: 0
running: 2
stopped: 2
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev,metacopy=on
graphRoot: /var/lib/containers/storage
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "true"
imageCopyTmpDir: /var/tmp
imageStore:
number: 5
runRoot: /run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 4.0.0-dev
Built: 1643057864
BuiltTime: Mon Jan 24 12:57:44 2022
GitCommit: be722e59eca6cf4b8f9249825e044930d6534f74
GoVersion: go1.17.5
OsArch: linux/amd64
Version: 4.0.0-dev
```
**Package info (e.g. output of `rpm -q podman` or `apt list podman`):**
```
Local podman build from mainline
```
**Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)**
Yes
**Additional environment details (AWS, VirtualBox, physical, etc.):**
RHEL 8.5 VM
So, that only concerns Podman users and not Docker ones, from what I understood ?
I think so.
just tested and if I start podman-compose through systemd service is also working without modifications.