Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

"chfn: PAM: System Error" Intermittently in Docker Hub Builds

Tags:

github

docker

Occasionally automated builds on the Docker Hub fail with PAM system errors like the following, which are from two separate builds:

     Preparing to unpack 
    .../mysql-server-5.5_5.5.38-0ubuntu0.14.04.1_amd64.deb ... 
    [91mchfn: PAM: System error 
    [0m 
    [91madduser: '/usr/bin/chfn -f MySQL Server mysql' returned error code 
     1. Exiting.
    [0m
    [91mdpkg: error processing archive 
     /var/cache/apt/archives/mysql-server-5.5_5.5.38-0ubuntu0.14.04.1_amd64.deb 
    (--unpack):
     subprocess new pre-installation script returned error exit status 1
    [0m

     Preparing to unpack 
    .../redis-server_2%3a2.8.4-2_amd64.deb ... 
    [91mchfn: PAM: System error 
    [0m 
    [91madduser: '/usr/bin/chfn -f redis server redis' returned error code 
     1. Exiting. 
    [0m 
    [91mdpkg: error processing archive 
    /var/cache/apt/archives/redis-server_2%3a2.8.4-2_amd64.deb (--unpack): 
     subprocess new pre-installation script returned error exit status 1 
    [0m

Interestingly, this failure only happens intermittently and with identical Dockerfiles. Is there any way around this?

like image 818
HTOK Avatar asked Aug 07 '14 22:08

HTOK

Video Answer

2 Answers

There is a workaround! It's a simple fix and doesn't appear to have any negative repercussions. Add the following symlink to the top of your Dockerfile:

RUN ln -s -f /bin/true /usr/bin/chfn

Subsequent builds should succeed.

like image 160
HTOK Avatar answered Dec 05 '22 21:12

HTOK

This is the result of some recent kernel updates (see Github Issue #6345)

The kernel was recently updated to allow containers to send audit events, but they need CAP_AUDIT_WRITE to be able to write an audit event. (git-bisect was used to track this bug down

Before, PAM detected the auditing was unavailable/disabled (non-fatal error). Now that its available, PAM detects the auditing system and tries to use it, but fails writing the audit event (fatal error).

Possible Solutions:

  1. Allow containers to have CAP_AUDIT_WRITE (the GitHub issue suggests this will be the default), but DockerHub doesn't let one grant this capability in their build system.

  2. Disable Auditing Support in PAM. Someone has posted docker image for CentOS 6.5 and Ubuntu 14.04 to rebuild PAM and disable auditing. For a basic of how to rebuild PAM, you can look at the relevant Dockerfiles for CentOS and Ubuntu)

  3. Disable /usr/bin/chfn by linking it to /bin/true (ln -s -f /bin/true /usr/bin/chfn)

like image 27
Reece45 Avatar answered Dec 05 '22 21:12

Reece45
Sign in to Comment

Related questions

Composer could not fetch github
Select * for Github GraphQL Search
How to get to a particular git tag
git: Commit multiple files but add messages
Setting up SSH keys for GitHub
repo init a particular commit
Git wont ignore /build/intermediates/ files even though I added build/ to .gitignore
ImportError: No module named numpy.distutils.core (Ubuntu xgboost installation)
How to upload or fix avatar in Packgist.org profile
How to Merge two different Git repositories?
Trigger Github Actions only when PR is merged
How to commit a folder to gitHub
Guidelines for hosting VisualStudio projects on github
git: I can add a directory, but at commit time I get "nothing to commit"
How does Github releases generate archive filenames?
Delete local Git branches if their remote-tracking references don't exist anymore [duplicate]
Should I push the Unity Library folder to Github
refusing to allow a Personal Access Token to create or update workflow
How to pull a pull request quickly locally
Configuring Eclipse / EGit to track an upstream repository

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!