Upgrade Problem with /etc/security/limits.conf at LXC container

I’m currently running the latest version 140.00beta01 with default settings inside an LXC container on AlmaLinux 9.6.

Everything works flawlessly under normal operation.

---

However, during certain PHP or Nginx updates, I noticed that the following lines are added to /etc/security/limits.conf within the LXC container:

Code (Text):

nginx soft memlock 715128832
nginx hard memlock 715128832
* soft memlock 22347776
* hard memlock 22347776

This seemingly minor change leads to a critical issue: after logging out of the container, you can no longer log in again via SSH or console. The container remains accessible only from the host system using direct access.

Logs & Errors

Here’s what appears in /var/log/messages when trying to log in:

Code (Text):

May 29 09:28:12 server systemd[1]: Starting User Manager for UID 0...
May 29 09:28:12 server systemd[74693]: PAM failed: Permission denied
May 29 09:28:12 server systemd[74693]: user@0.service: Failed to set up PAM session: Operation not permitted
May 29 09:28:12 server systemd[74693]: user@0.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
May 29 09:28:12 server systemd[1]: user@0.service: Main process exited, code=exited, status=224/PAM
May 29 09:28:12 server systemd[1]: user@0.service: Failed with result 'exit-code'.
May 29 09:28:12 server systemd[1]: Failed to start User Manager for UID 0.

And in /var/log/secure during SSH login (similar when using the console):

Code (Text):

May 29 09:28:12 server sshd[74688]: Accepted password for root from x.x.x.x port 59871 ssh2
May 29 09:28:12 server sshd[74688]: pam_limits(sshd:session): Could not set limit for 'memlock': Operation not permitted
May 29 09:28:12 server systemd[74693]: pam_limits(systemd-user:session): Could not set limit for 'memlock': Operation not permitted
May 29 09:28:12 server systemd[74693]: pam_unix(systemd-user:session): session opened for user root(uid=0) by (uid=0)
May 29 09:28:12 server sshd[74688]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)
May 29 09:28:12 server sshd[74688]: error: PAM: pam_open_session(): Permission denied

Resolution

After some hard time investigating, I found that simply commenting out the added memlock lines in /etc/security/limits.conf and restarting the container immediately restored normal login functionality.

Suggestion

I wanted to share this in case others encounter the same issue. It may also be worth reviewing what exactly gets modified in limits.conf during updates — especially in LXC environments where certain capabilities (like memlock) may not be permitted, depending on the container’s configuration.

Interestingly, we have another Centmin Mod installation running in a similar LXC setup where these memlock lines were not inserted, and the problem did not occur — though this behavior could easily change with a future Nginx or PHP update.

Final Note

Despite this hiccup, I want to emphasize that Centmin Mod remains an outstanding, stable solution — especially considering the turbulent changes around CentOS, Nginx, and other integrated components in recent years.

Thanks for your continued hard work and professionalism — it’s very much appreciated!

 

The same output at both of them:

Code (Text):

[16:16][root@server ~]# /usr/bin/systemd-detect-virt
lxc
[16:16][root@server ~]# virt-what
lxc

 

Thank you!

Now that know how to easily solve it, t's not that big problem any more. But when we had seen it the first time a year ago, we recreated the whole container because we couldn't find the problem.