I have installed fedora linux 30. I have installed Docker version 19.03.1, build 74b1e89. I have selinux set to enforcing.
I am trying to run a Oracle Linux based docker image. It tries to start sshd daemon service, but fails at RSA keygen.
I am not an expert with linux or selinux. But just guessing that key generation failed due to fedora selinux container policy. Can experts here help me work around this issue?
Docker container run output snippet
+ sed -i -e 's/#Port 22/Port 22/g' /etc/ssh/sshd_config
+ service sshd start
Generating SSH2 RSA host key: [FAILED]
Snippet from container - cat /etc/init.d/sshd
KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd
RSA1_KEY=/etc/ssh/ssh_host_key
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n $"Generating SSH2 RSA host key: "
rm -f $RSA_KEY
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
fi
success $"RSA key generation"
echo
else
failure $"RSA key generation"
echo
exit 1
fi
fi
}
Hi @chetanpatil1984 ! Welcome to the community! Please have a look at the introductory posts in the #start-here category if you havenāt had a chance to do so.
Iām not an expert as well, but as far as I know Fedoraās selinux restrictions donāt apply inside of container (where the key generation happens), only outside of it.
Something like that can happen, for example, if you mount some directory on your Fedora system as /etc of the container system.
Can you share exact command you use to start your container?
One more thing, why exactly do you want to run sshd insider your conеainer?
If itās to connect to container from outside, wouldnāt it be better to connect to your host system (Fedora) with ssh, and the connect to container?
And if itās for connecting from you host system, then docker has a special command for it, you donāt need to run sshd inside you container to do this.
Quick websearch for ārunning sshd inside of containerā produced this (as a second result, I must add):
Iām not a container expert, but once the container is deployed, is it possibile to edit the container content? Maybe edit the image before deploying a container? By injecting the modified script with a dockerfile? Or there is a way to use /bin/bash as the entrypoint?