最初在 r/vmware 上提出的问题

Question

因此，这就是答案，最初由我在 reddit 上的 r/vmware 上发布，但我认为最好也将其发布在这里：

TLDR；

这是针对 Ubuntu 19/20 或任何其他系统上尝试访问共享虚拟机时崩溃（即/var/lib/vmware/bin/hostd）神秘崩溃的问题的简单修复。

cp /etc/pam.d/vmware-authd ~/vmware-authd.backup
sed  -e '/pam_cap/s/^.*$/# -- pam_cap does not work for multithreaded apps -- /' /etc/pam.d/common-auth | sudo tee /etc/pam.d/common-auth-mt
sudo -i -e 's/common-auth/common-auth-mt/' /etc/pam.d/vmware-authd

关于为什么这样做的详细信息，

罪魁祸首是 /etc/pam.d/common-auth包含的条目pam_cap.so。事实证明/usr/lib/vmware/bin/hostd这是一个多线程应用程序，并且pam_cap.so无法与它们一起使用：

描述

pam_cap PAM 模块设置当前进程的可继承功能。

功能是从 /etc/security/capability.conf 配置文件或使用 config= 选项指定的备用文件中读取的。

该模块不能被多线程应用程序调用。

（来源：pam_cap(8) 手册页）

事实证明hostd它是多线程的：P

因此，我们创建所有“common-*”文件的“多线程”版本（事实证明它只是 common-auth）并将其用于我们的多线程应用程序。

当然，您可以手动执行上面的 TLDR; 操作，如下所示：

❯ /bin/cat /etc/pam.d/vmware-authd

#%PAM-1.0
auth     include        common-auth-mt
account  include        common-account
password include        common-password
session  include        common-session

和

❯ cat common-auth-mt

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
auth    [success=1 default=ignore]  pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth    requisite           pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required            pam_permit.so
# and here are more per-package modules (the "Additional" block)
# -- pam_cap does not work for multithreaded apps --
# end of pam-auth-update config

希望这已经足够清楚了。

TLDR；

这是针对 Ubuntu 19/20 或任何其他系统上尝试访问共享虚拟机时崩溃（即/var/lib/vmware/bin/hostd）神秘崩溃的问题的简单修复。

cp /etc/pam.d/vmware-authd ~/vmware-authd.backup
sed  -e '/pam_cap/s/^.*$/# -- pam_cap does not work for multithreaded apps -- /' /etc/pam.d/common-auth | sudo tee /etc/pam.d/common-auth-mt
sudo -i -e 's/common-auth/common-auth-mt/' /etc/pam.d/vmware-authd

关于为什么这样做的详细信息，

罪魁祸首是 /etc/pam.d/common-auth包含的条目pam_cap.so。事实证明/usr/lib/vmware/bin/hostd这是一个多线程应用程序，并且pam_cap.so无法与它们一起使用：

描述

pam_cap PAM 模块设置当前进程的可继承功能。

功能是从 /etc/security/capability.conf 配置文件或使用 config= 选项指定的备用文件中读取的。

该模块不能被多线程应用程序调用。

（来源：pam_cap(8) 手册页）

事实证明hostd它是多线程的：P

因此，我们创建所有“common-*”文件的“多线程”版本（事实证明它只是 common-auth）并将其用于我们的多线程应用程序。

当然，您可以手动执行上面的 TLDR; 操作，如下所示：

❯ /bin/cat /etc/pam.d/vmware-authd

#%PAM-1.0
auth     include        common-auth-mt
account  include        common-account
password include        common-password
session  include        common-session

和

❯ cat common-auth-mt

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
auth    [success=1 default=ignore]  pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth    requisite           pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required            pam_permit.so
# and here are more per-package modules (the "Additional" block)
# -- pam_cap does not work for multithreaded apps --
# end of pam-auth-update config

希望这已经足够清楚了。

最初在 r/vmware 上提出的问题

最初在 r/vmware 上提出的问题

我对同一问题的重新表述：

答案1

TLDR；

关于为什么这样做的详细信息，

当然，您可以手动执行上面的 TLDR; 操作，如下所示：

更多信息

相关内容