[Lxc-users] When SElinux is enabled, ssh connection is closed right after authentication.

Serge Hallyn serge.hallyn at canonical.com
Tue Apr 17 17:37:03 UTC 2012


Quoting David Kang (dkang at isi.edu):
> 
>  Hi,
> 
>  I'm trying to run LXC container with SELinux enabled.
> When SELinux is permissive, there is no problem.
> I can ssh into the LXC container.
> However, when SELinux is enabled, ssh connection to the LXC instance cannot be made.
> Right after authentication, it closes the connection.
> Any ssh connection that was done before SELinux is enabled still works fine even after
> SELinux gets enabled.
> However, with SELinux is enabled, no new ssh connection to the LXC container can be made.
> I believe it is related to sshd.
> Any idea how to fix it?

For now, I'd say add a selinux policy module to have /usr/bin/lxc-start
automatically enter a lxc_exec_t domain, and let that domain be unconfined.
The details of that are more suitable for a selinux mailing list.

Hopefully in a month or two I'll be able to send patches to support
per-container selinux domains and policies.

-serge




More information about the lxc-users mailing list