Hi sailors!
I use Gentoo with many kernel configuration options disabled, so I am not sure what is causing this behavior.
The SSH daemon in the docker container kept rejecting incoming connections from the SDK.
The container produces no standard logs, so I added a custom log device to the container with:
[root@host ~]# socat unix-listen:/proc/$(pgrep -f sshd_config_engine)/root/dev/log,fork -
<86>Jun 16 12:55:05 sshd[120]: Accepted publickey for mersdk from 172.19.0.1 port 42130 ssh2: RSA SHA256:VoxluqaHrQICYwyJbOGAEPpaLthHT2NyNTmoT9yrjkA
<86>Jun 16 12:55:05 sshd[120]: pam_unix(sshd:session): session opened for user mersdk by (uid=0)
<83>Jun 16 12:55:05 sshd[120]: pam_loginuid(sshd:session): Error writing /proc/self/loginuid: Operation not permitted
<83>Jun 16 12:55:05 sshd[120]: pam_loginuid(sshd:session): set_loginuid failed
<83>Jun 16 12:55:05 sshd[120]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Searching online hinted for enabling CONFIG_AUDIT and CONFIG_AUDIT_SYSCALL kernel config options, but these were already enabled, and it said EPERM (Operation not permitted), not ENOENT (No such file or directory), and manipulating /proc/self/loginuid works outside docker (I think so). The thread suggested disabling pam_loginuid module, so I finally managed to get the Build Engine to work by executing:
[root@host ~]# docker exec sailfish-sdk-build-engine_arusekk sed -i /loginuid/d /etc/pam.d/sshd
Hope this workaround helps someone!
I also hope that this can help the SDK developers if they want to make the docker version of build engine more portable.