[Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances

Wed Mar 7 12:01:39 UTC 2012

I can say that it's true now :)
I did multiple tests, and i've been induced in erroneous conclusions by
having "newinstances" flag for devpts on the host.
You're true you need to remove the devpts entry from the guest to make it
work correctly.

Thanks again,
Olivier

On Tue, Mar 6, 2012 at 11:06 AM, Iliyan Stoyanov <ilf at ilf.me> wrote:

> **
> Hi Mauras,
>
> Do you by any chance have an fstab file in your container's /etc directory
> that is trying to mount devpts fs also. I had this issue a week ago with
> some of my SL6.2 containers on a fedora 16 host. After removing everything
> /dev/pts related from the fstab in the /etc directory of the containers,
> everything magically worked.
>
> BR,
> --ilf
>
>
> On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote:
>
> Hello,
>
> I've finally successfully migrated my SMACK setup over SElinux to isolate
> my containers - Thanks to the folks on #selinux at freenode - on a
> Scientific Linux 6.2 host. (I may share my policy with some details if some
> of you are interested)
> So far so good, after loads of hits and misses almost everything works
> correctly.
>
> The only thing that is not, is the multiple devpts instances. It seems
> that when specifying "lxc.pts" option in the container config, ssh stops
> working while /dev/pts is correctly mounted _but_ is still showing pts
> devices from the host.
> There's no specific selinux avc denials, and ssh rejects the shell
> connection with that kind of errors found when /dev/pts is not correctly
> mounted:
>
> sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such
> file or directory
> sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted
> sshd[556]: error: open /dev/tty failed - could not set controlling tty: No
> such device or address
>
> As you may guess /dev/tty is present and /dev/pts is correclty mounted as
> i can do: ssh root at container "ls -la /dev/pts"
> Only assigning the pts device for the shell doesn't...
>
>
> Have any of you also hit this problem? Did you find a solution?
>
>
> Regards,
> Olivier
>
>
> Ps: Using lxc 0.7.5
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________ Lxc-users mailing list Lxc-users at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20120307/db7b5941/attachment.html>