[Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
Ramez Hanna
rhanna at informatiq.org
Tue Mar 6 10:12:41 UTC 2012
On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov <ilf at ilf.me> wrote:
> Hi Mauras,
>
> Do you by any chance have an fstab file in your container's /etc directory
> that is trying to mount devpts fs also. I had this issue a week ago with
> some of my SL6.2 containers on a fedora 16 host. After removing everything
> /dev/pts related from the fstab in the /etc directory of the containers,
> everything magically worked.
>
> BR,
> --ilf
>
>
> On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote:
>
> Hello,
>
> I've finally successfully migrated my SMACK setup over SElinux to isolate my
> containers - Thanks to the folks on #selinux at freenode - on a Scientific
> Linux 6.2 host. (I may share my policy with some details if some of you are
> interested)
> So far so good, after loads of hits and misses almost everything works
> correctly.
>
> The only thing that is not, is the multiple devpts instances. It seems that
> when specifying "lxc.pts" option in the container config, ssh stops working
> while /dev/pts is correctly mounted _but_ is still showing pts devices from
> the host.
> There's no specific selinux avc denials, and ssh rejects the shell
> connection with that kind of errors found when /dev/pts is not correctly
> mounted:
>
> sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such
> file or directory
> sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted
> sshd[556]: error: open /dev/tty failed - could not set controlling tty: No
> such device or address
>
> As you may guess /dev/tty is present and /dev/pts is correclty mounted as i
> can do: ssh root at container "ls -la /dev/pts"
> Only assigning the pts device for the shell doesn't...
>
>
> Have any of you also hit this problem? Did you find a solution?
>
>
> Regards,
> Olivier
>
>
> Ps: Using lxc 0.7.5
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________ Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
see my patch regarding f16 and my lxc-start-fedora script should give
you an idea
--
BR
RH
http://informatiq.org
More information about the lxc-users
mailing list