<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="Content-Type">
<link href="chrome://translator/skin/popup.css" type="text/css"
rel="stylesheet">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Le 05/11/2012 23:36, Serge Hallyn a
écrit :<br>
</div>
<blockquote cite="mid:20121105223605.GA1517@sergelap" type="cite">
<pre wrap="">Quoting Thierry (<a class="moz-txt-link-abbreviated" href="mailto:mysolo@cynetek.com">mysolo@cynetek.com</a>):
</pre>
<blockquote type="cite">
<pre wrap="">Le 05/11/2012 22:25, Serge Hallyn a écrit :
</pre>
<blockquote type="cite">
<pre wrap="">Quoting Thierry (<a class="moz-txt-link-abbreviated" href="mailto:mysolo@cynetek.com">mysolo@cynetek.com</a>):
</pre>
<blockquote type="cite">
<pre wrap=""> lxc-start 1352149909.205 DEBUG lxc_conf - trying to mount '/dev/vg1/debian-dev'->'/usr/lib/lxc/rootfs' with fstype '# /etc/filesystems'
lxc-start 1352149909.205 DEBUG lxc_conf - mount failed with error: No such device
</pre>
</blockquote>
<pre wrap="">
(And a bunch more) Does /dev/vg1/debian-dev exist on the host?
-serge
</pre>
</blockquote>
<pre wrap="">
yes. This device /dev/vg1/debian-dev is idem for config working and
config not working.
</pre>
</blockquote>
<pre wrap="">
Heh, sorry, I see :) Bogus fstype. I'm shuttling between too many things.
Anyway I'm guessing the answer is in the kernel-hardened patches. Can you
find anything in the audit logs?
</pre>
</blockquote>
<br>
Hello,<br>
<br>
I'm testing with gentoo-sources kernel ( not patching with
grsecurity) and lxc-console not working.<br>
<br>
tigra linux # zcat /proc/config.gz |grep -i 3.6.2<br>
# Linux/x86_64 3.6.2-gentoo Kernel Configuration<br>
<br>
tigra ~ # lxc-console -n debian-dev<br>
<br>
Type <Ctrl+a q> to exit the console<br>
<br>
Not prompt for logging.<br>
<br>
<blockquote type="cite"><br>
<pre wrap="">When you log in over ssh (when using devices.deny = a), what does
'ls -l /dev/tty?</pre>
</blockquote>
root@debian-dev:~# ls -l /dev/tty*<br>
crw-rw-rw- 1 root root 5, 0 Nov 1 16:41 /dev/tty<br>
crw-rw-rw- 1 root root 4, 0 Nov 6 17:47 /dev/tty0<br>
crw--w---- 1 root tty 3, 1 Nov 6 15:28 /dev/tty1<br>
crw--w---- 1 root tty 3, 2 Nov 6 15:28 /dev/tty2<br>
crw--w---- 1 root tty 3, 3 Nov 6 15:28 /dev/tty3<br>
crw--w---- 1 root tty 3, 4 Nov 6 15:28 /dev/tty4<br>
<br>
<blockquote type="cite">
<pre wrap=""> /dev/console' show? </pre>
</blockquote>
<br>
root@debian-dev:~# ls -l /dev/console <br>
crw------- 1 root tty 3, 5 Nov 6 15:28 /dev/console<br>
<br>
<br>
<blockquote type="cite">
<pre wrap=""> What if you stop the getty on
/dev/tty1 and (as root) try to read/write to it?
-serge
</pre>
</blockquote>
<br>
getty is not executing on /dev/tty1 if cgroup.deny is activated.<br>
<br>
simply read: <br>
<br>
root@debian-dev:~# cat /dev/tty1 <br>
cat: /dev/tty1: Operation not permitted<br>
<br>
simply write:<br>
<br>
root@debian-dev:~# echo toto > /dev/tty1 <br>
-bash: /dev/tty1: Operation not permitted<br>
<br>
<br>
and testing add allow all devices after starting by on host:<br>
<br>
tigra ~ # echo "a *:* rwm" >
/sys/fs/cgroup/devices/lxc/debian-dev/devices.allow <br>
<br>
and on guest:<br>
<br>
root@debian-dev:~# ps -ef<br>
UID PID PPID C STIME TTY TIME CMD<br>
root 1 0 0 17:45 ? 00:00:00 init [3] <br>
root 214 1 0 17:45 ? 00:00:00 /usr/sbin/sshd<br>
root 261 214 0 17:46 ? 00:00:00 sshd: root@pts/0 <br>
root 263 261 0 17:46 pts/0 00:00:00 -bash<br>
root 507 263 0 18:16 pts/0 00:00:00 ps -ef<br>
root@debian-dev:~# telinit q<br>
root@debian-dev:~# ps -ef<br>
UID PID PPID C STIME TTY TIME CMD<br>
root 1 0 0 17:45 ? 00:00:00 init [3] <br>
root 214 1 0 17:45 ? 00:00:00 /usr/sbin/sshd<br>
root 261 214 0 17:46 ? 00:00:00 sshd: root@pts/0 <br>
root 263 261 0 17:46 pts/0 00:00:00 -bash<br>
root 509 1 0 18:16 ? 00:00:00 /sbin/getty 38400
console<br>
root 510 1 0 18:16 tty1 00:00:00 /sbin/getty 38400
tty1 linux<br>
root 511 1 0 18:16 tty2 00:00:00 /sbin/getty 38400
tty2 linux<br>
root 512 1 0 18:16 tty3 00:00:00 /sbin/getty 38400
tty3 linux<br>
root 513 1 0 18:16 tty4 00:00:00 /sbin/getty 38400
tty4 linux<br>
root 514 263 0 18:16 pts/0 00:00:00 ps -ef<br>
<br>
write simply on guset<br>
<br>
root@debian-dev:~# echo toto > /dev/tty1 <br>
<br>
it's ok. <br>
<br>
understand this problem. kernel or cgroup is bugged ???!!!!!<br>
<br>
<br>
<br>
<div style="top: 286px; max-width: 400px; max-height: 326px; bottom:
auto; left: 0px; right: auto; display: none;"
class="translator-theme-system" id="translator-popup">
<div id="translator-popup-toolbar">
<div id="translator-popup-title">
<div id="translator-popup-source-languages-wrapper">
<ul id="translator-popup-source-languages">
<li id="translator-popup-source-language-auto" code="auto">Anglais
- détecté</li>
<li code="en">Anglais</li>
<li code="fr">Français</li>
</ul>
<div id="translator-popup-source-languages-scroller"></div>
</div>
<div id="translator-popup-languages-direction"></div>
<div id="translator-popup-target-languages-wrapper">
<ul style="margin-top: -18px;"
id="translator-popup-target-languages">
<li code="en">Anglais</li>
<li code="fr">Français</li>
</ul>
<div id="translator-popup-target-languages-scroller"></div>
</div>
</div>
<div class="translator-popup-toolbar-spring"></div>
<a title="Copier le texte sélectionné dans le presse-papiers"
href="javascript:void(0);" id="translator-popup-button-copy"></a></div>
<div style="max-height: 276px; opacity: 1;"
class="translator-message-type-normal"
id="translator-popup-message"></div>
<div style="display: none;" id="translator-popup-notice"></div>
<textarea style="display: none;" id="translator-popup-textarea"></textarea></div>
<div style="bottom: auto; left: 0px; right: auto; top: 286px;
display: none;" title="Traduction en cours..."
class="translator-theme-system" id="translator-popup-loading"></div>
</body>
</html>