[Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
Mauras Olivier
oliver.mauras at gmail.com
Tue Mar 6 11:07:49 UTC 2012
On Tue, Mar 6, 2012 at 11:12 AM, Ramez Hanna <rhanna at informatiq.org> wrote:
> On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov <ilf at ilf.me> wrote:
> > Hi Mauras,
> >
> > Do you by any chance have an fstab file in your container's /etc
> directory
> > that is trying to mount devpts fs also. I had this issue a week ago with
> > some of my SL6.2 containers on a fedora 16 host. After removing
> everything
> > /dev/pts related from the fstab in the /etc directory of the containers,
> > everything magically worked.
> >
> > BR,
> > --ilf
> >
> >
> > On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote:
> >
> > Hello,
> >
> > I've finally successfully migrated my SMACK setup over SElinux to
> isolate my
> > containers - Thanks to the folks on #selinux at freenode - on a Scientific
> > Linux 6.2 host. (I may share my policy with some details if some of you
> are
> > interested)
> > So far so good, after loads of hits and misses almost everything works
> > correctly.
> >
> > The only thing that is not, is the multiple devpts instances. It seems
> that
> > when specifying "lxc.pts" option in the container config, ssh stops
> working
> > while /dev/pts is correctly mounted _but_ is still showing pts devices
> from
> > the host.
> > There's no specific selinux avc denials, and ssh rejects the shell
> > connection with that kind of errors found when /dev/pts is not correctly
> > mounted:
> >
> > sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No
> such
> > file or directory
> > sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted
> > sshd[556]: error: open /dev/tty failed - could not set controlling tty:
> No
> > such device or address
> >
> > As you may guess /dev/tty is present and /dev/pts is correclty mounted
> as i
> > can do: ssh root at container "ls -la /dev/pts"
> > Only assigning the pts device for the shell doesn't...
> >
> >
> > Have any of you also hit this problem? Did you find a solution?
> >
> >
> > Regards,
> > Olivier
> >
> >
> > Ps: Using lxc 0.7.5
> >
> >
> ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you subscribe now!
> > http://p.sf.net/sfu/learndevnow-d2d
> > _______________________________________________ Lxc-users mailing list
> > Lxc-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/lxc-users
> >
> >
> >
> ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you subscribe now!
> > http://p.sf.net/sfu/learndevnow-d2d
> > _______________________________________________
> > Lxc-users mailing list
> > Lxc-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/lxc-users
> >
>
> see my patch regarding f16 and my lxc-start-fedora script should give
> you an idea
>
> --
> BR
> RH
> http://informatiq.org
>
Hi,
Thanks for your reply, i actually looked at your patch, but i don't think
it's relevant to my problem as i don't start any getty in the container at
all. Now i may be missing something, if so please enlighten me.
Regards,
Olivier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20120306/b7e804ba/attachment.html>
More information about the lxc-users
mailing list