host - ubuntu cosmic with 4.18.0-11 kernel / systemd 239-7 / apparmor 2.12
There is no issue with creating a root password via
passwd in an unprivileged container but very curiously it is not possible to create a password the same way for a privileged container (tried centos 7 and ubuntu cosmic),
The error reads
passwd: System error
passwd: Authentication token manipulation error
journalctl -f it reports
passwd: PAM audit_log_acct_message() failed: Operation not permitted
chroot /srv/lxc/container/rootfs passwd but that is not working for either unprivileged or privileged container.
Now why would setting a password in an unprivileged container work but not in a privileged one and how to remedy, or is it a (nother systemd) bug perhaps?
This sounds similar of an issue also considering the patch - removing
NoNewPrivileges=true and adding
lxc.cap.keep = CAP_AUDIT_WRITE but the container would not boot.