[Lxc-users] failed to create pty #0

Michael H. Warfield mhw at WittsEnd.com
Thu Jun 2 00:02:07 UTC 2011 

Hey guys!

I know, I know...  This is like 9 months old.  But I finally got caught
between a rock and a hard place on Fedora 15 and was researching that
problem (which others have pointed good pointers to on this list - thank
you very much - got me going again) and I kept constantly running into
this same damn problem.  Still.  So I finally had to drill into it.

On Mon, 2010-09-20 at 09:03 -0400, Michael H. Warfield wrote: 
> On Mon, 2010-09-20 at 05:29 -0400, lxc at jelmail.com wrote: 
> > Hi Daniel,
> 
> > I have tracked down this issue somewhat. It seems to be caused by shutting
> > down a container (not by lxc-stop) and is caused by the rc.shutdown script
> > present in Arch Linux.

> I've seen this problem too even when lxc-stop is used and the container
> is a Fedora container (mostly F12's).  If I shut down the container and
> stop it with lxc-stop then restart the container, I get that "failed to
> create pty #0) when sshing into the container.  I have to restart the
> host system once that's happened.

> > I don't know what specifically causes the problem because I haven't had
> > time to investigate but I do know that it's fixed by removing everything
> > from rc.shutdown onwards from the line containing "stat_busy “Saving System
> > Clock”" as suggested on lxc.teegra.net (I had done this on a prior
> > container but missed this step on a new one which is why the problem only
> > started happening recently).

> I'm going to have to see if there's something similar in the Fedora
> shutdown scripts.

> Interesting.  I hadn't tried using "lxc-stop" without shutting down the
> contained OS, so I hadn't narrowed it down that far.  Interesting.

I narrowed this down to a specific set of commands in the Fedora "halt"
script.  These are the buggers that are causing the problem...

# Remount read only anything that's left mounted. 
echo $"Remounting remaining filesystems readonly"
mount | awk '{ print $1,$3 }' | while read dev dir; do
    fstab-decode mount -n -o ro,remount $dev $dir
done

Comment those lines out.  Problem goes away.

Oh, I gotta bad feeling here.  We've been fighting this whole bloody
remount thing propagating back into the host and the random acts of
terrorism that lie therein for a long time.

Let's see...

mount | awk '{ print $1,$3 }'
rootfs /
/dev/sdb1 /
/dev/sda8 /srv/shared
none /dev/pts
none /proc
none /sys
none /dev/shm
devpts /dev/console
devpts /dev/tty1
devpts /dev/tty2
devpts /dev/tty3
devpts /dev/tty4
devpts /dev/tty5
devpts /dev/tty6
/proc/bus/usb /proc/bus/usb
none /proc/sys/fs/binfmt_misc

Yup...  Ok...  That doesn't take much guessing.  The container is
remounting the /dev/pts as ro and kiss it good by in the host.  Sigh.

I just got done testing this on an F15 host / F14 client w/ LXC 0.7.4.2.
2.6.38.6-27.fc15 kernel.  Probably not a lot we can do from user space.
That's some isolation we really need down in kernel land somewhere.

Yes, I can hear it now.  Old country doctor's advice.  Well, then, don't
do that.  But the fact is the container can do something horrible that
propagates back into the host.  Yes!  Now that I know what,
specifically, is causing this, I can correct it in the guest.  But a
rogue guest can do bad things.  This is not good.  The container should
NEVER have that kind of power to affect the host.


Regards,
Mike

> > So something in that shutdown file has the capacity to disable the host's
> > ability to start further containers and also disable the ability to ssh
> > into already running ones (thankfully, lxc-console still worked).
> 
> > John
> 
> Regards,
> Mike
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________ Lxc-users mailing list Lxc-users at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110601/687ef719/attachment.pgp>

More information about the lxc-users mailing list