Description of problem: Running sshd in podman fails. This was not an issue in the older versions (in RHEL8). Version-Release number of selected component (if applicable): podman-3.0.0-0.20rc1.el9.x86_64 How reproducible: always Steps to Reproduce: 1. podman run -p 22000:22 --expose=22 -it centos:7 /bin/bash -c "yum install -y openssh-server && ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' && /usr/sbin/sshd -Dd" 2. in other window, connect and authenticate (enter wrong password): ssh localhost -p 22000 Actual results: connection fails, the std error of first window ends with debug1: PAM: password authentication failed for root: Authentication failure Failed password for root from 10.88.0.1 port 55440 ssh2 linux_audit_write_entry failed: Operation not permitted debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 70 linux_audit_write_entry failed: Operation not permitted Expected results: the connection is accepted authentication is prompted Additional info: The sshd attempts to write audit message, which fails. This worked in the past and this is a regression.
This looks like us dropping the Audit capability - tagging Dan Walsh to confirm
Yes we have dropped the audit_write capability by default. Since this is a very rare case and can easily be fixed by adding it on the command line podman run --cap-add AUDIT_WRITE -p 22000:22 --expose=22 -it centos:7 /bin/bash -c "yum install -y openssh-server && ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' && /usr/sbin/sshd -Dd"
BTW, if you want the old behaviour you can add the CAP back into /etc/containers/containers.conf (Based on /usr/share/containers/containers.conf).