[Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances

Mauras Olivier oliver.mauras at gmail.com
Tue Mar 6 09:54:50 UTC 2012


Hello,

I've finally successfully migrated my SMACK setup over SElinux to isolate
my containers - Thanks to the folks on #selinux at freenode - on a Scientific
Linux 6.2 host. (I may share my policy with some details if some of you are
interested)
So far so good, after loads of hits and misses almost everything works
correctly.

The only thing that is not, is the multiple devpts instances. It seems that
when specifying "lxc.pts" option in the container config, ssh stops working
while /dev/pts is correctly mounted _but_ is still showing pts devices from
the host.
There's no specific selinux avc denials, and ssh rejects the shell
connection with that kind of errors found when /dev/pts is not correctly
mounted:

sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such
file or directory
sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted
sshd[556]: error: open /dev/tty failed - could not set controlling tty: No
such device or address

As you may guess /dev/tty is present and /dev/pts is correclty mounted as i
can do: ssh root at container "ls -la /dev/pts"
Only assigning the pts device for the shell doesn't...


Have any of you also hit this problem? Did you find a solution?


Regards,
Olivier


Ps: Using lxc 0.7.5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20120306/3bc0914d/attachment.html>


More information about the lxc-users mailing list