remove nologin-file so we can test pam

see: dev-sec/ansible-collection-hardening#690
Signed-off-by: Sebastian Gumprich <[email protected]>

alpine-ansible-latest/Dockerfile

@@ -7,4 +7,7 @@ RUN apk add --update ansible
 RUN mkdir -p /etc/ansible \
  && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

amazon2-ansible-latest/Dockerfile

@@ -27,4 +27,7 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

amazon2023-ansible-latest/Dockerfile

@@ -35,5 +35,8 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 VOLUME ["/sys/fs/cgroup"]
 CMD [ "ansible-playbook", "--version" ]

arch-ansible-latest/Dockerfile

@@ -47,4 +47,7 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "s/^# \(%${SUDO_GROUP} ALL=(ALL:ALL) NOPASSWD: ALL\)/\\1/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

centos7-ansible-latest/Dockerfile

@@ -55,5 +55,8 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 VOLUME ["/sys/fs/cgroup"]
 CMD [ "ansible-playbook", "--version" ]

centos8-ansible-latest/Dockerfile

@@ -50,5 +50,8 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 VOLUME ["/sys/fs/cgroup"]
 CMD [ "ansible-playbook", "--version" ]

centosstream8-ansible-latest/Dockerfile

@@ -50,5 +50,8 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 VOLUME ["/sys/fs/cgroup"]
 CMD [ "ansible-playbook", "--version" ]

centosstream9-ansible-latest/Dockerfile

@@ -48,5 +48,8 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 VOLUME ["/sys/fs/cgroup"]
 CMD [ "ansible-playbook", "--version" ]

debian10-ansible-latest/Dockerfile

@@ -34,4 +34,7 @@ RUN set -xe \
 # Make sure systemd doesn't start agettys on tty[1-6].
 RUN rm -f /lib/systemd/system/multi-user.target.wants/getty.target
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

debian11-ansible-latest/Dockerfile

@@ -31,4 +31,7 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

debian12-ansible-latest/Dockerfile

@@ -35,4 +35,7 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

fedora37-ansible-latest/Dockerfile

@@ -31,4 +31,7 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

fedora38-ansible-latest/Dockerfile

@@ -31,4 +31,7 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

opensuse_tumbleweed-ansible-latest/Dockerfile

@@ -25,5 +25,8 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "s/^# \(%${SUDO_GROUP} ALL=(ALL:ALL) NOPASSWD: ALL\)/\\1/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 VOLUME ["/sys/fs/cgroup", "/run"]
 CMD [ "ansible-playbook", "--version" ]

openwrt-ansible-latest/Dockerfile

@@ -31,4 +31,7 @@ RUN set -xe \
 RUN opkg remove --autoremove \
  python3-pip shadow-groupadd shadow-useradd shadow-usermod sed
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

oracle7-ansible-latest/Dockerfile

@@ -35,5 +35,8 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 VOLUME ["/sys/fs/cgroup"]
 CMD [ "ansible-playbook", "--version" ]

rocky8-ansible-latest/Dockerfile

@@ -50,5 +50,8 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 VOLUME ["/sys/fs/cgroup"]
 CMD [ "ansible-playbook", "--version" ]

rocky9-ansible-latest/Dockerfile

@@ -17,15 +17,6 @@ RUN yum makecache --timer \
  python3-pip \
  && yum clean all
 
-RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
-rm -f /lib/systemd/system/multi-user.target.wants/*;\
-rm -f /etc/systemd/system/*.wants/*;\
-rm -f /lib/systemd/system/local-fs.target.wants/*; \
-rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
-rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
-rm -f /lib/systemd/system/basic.target.wants/*;\
-rm -f /lib/systemd/system/anaconda.target.wants/*;
-
 # upgrade pip because of the rust dependency error
 RUN pip3 install --upgrade pip
 
@@ -51,5 +42,8 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 VOLUME ["/sys/fs/cgroup"]
 CMD [ "ansible-playbook", "--version" ]

ubuntu1804-ansible-latest/Dockerfile

@@ -37,4 +37,7 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

ubuntu2004-ansible-latest/Dockerfile

@@ -36,4 +36,7 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]

ubuntu2204-ansible-latest/Dockerfile

@@ -37,4 +37,7 @@ RUN set -xe \
  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
 
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
 CMD [ "ansible-playbook", "--version" ]