[Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances

Iliyan Stoyanov ilf at ilf.me
Wed Mar 7 23:22:46 UTC 2012 

I'm glad in the end it worked out for you, I hope this thread helps some
other poor soul out there that decided to repeat our mistakes :).

Cheers,
--ilf

On Wed, 2012-03-07 at 13:01 +0100, Mauras Olivier wrote:

> I can say that it's true now :)
> I did multiple tests, and i've been induced in erroneous conclusions
> by having "newinstances" flag for devpts on the host.
> You're true you need to remove the devpts entry from the guest to make
> it work correctly.
> 
> Thanks again,
> Olivier
> 
> 
> On Tue, Mar 6, 2012 at 11:06 AM, Iliyan Stoyanov <ilf at ilf.me> wrote:
> 
>         Hi Mauras,
>         
>         Do you by any chance have an fstab file in your
>         container's /etc directory that is trying to mount devpts fs
>         also. I had this issue a week ago with some of my SL6.2
>         containers on a fedora 16 host. After removing
>         everything /dev/pts related from the fstab in the /etc
>         directory of the containers, everything magically worked.
>         
>         BR,
>         --ilf
>         
>         
>         
>         On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote:
>         
>         > Hello,
>         > 
>         > I've finally successfully migrated my SMACK setup over
>         > SElinux to isolate my containers - Thanks to the folks on
>         > #selinux at freenode - on a Scientific Linux 6.2 host. (I may
>         > share my policy with some details if some of you are
>         > interested)
>         > So far so good, after loads of hits and misses almost
>         > everything works correctly.
>         > 
>         > The only thing that is not, is the multiple devpts
>         > instances. It seems that when specifying "lxc.pts" option in
>         > the container config, ssh stops working while /dev/pts is
>         > correctly mounted _but_ is still showing pts devices from
>         > the host.
>         > There's no specific selinux avc denials, and ssh rejects the
>         > shell connection with that kind of errors found
>         > when /dev/pts is not correctly mounted:
>         > 
>         > sshd[552]: error: ssh_selinux_setup_pty:
>         > security_compute_relabel: No such file or directory
>         > sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted
>         > sshd[556]: error: open /dev/tty failed - could not set
>         > controlling tty: No such device or address
>         > 
>         > As you may guess /dev/tty is present and /dev/pts is
>         > correclty mounted as i can do: ssh root at container "ls
>         > -la /dev/pts"
>         > Only assigning the pts device for the shell doesn't...
>         > 
>         > 
>         > Have any of you also hit this problem? Did you find a
>         > solution?
>         > 
>         > 
>         > Regards,
>         > Olivier
>         > 
>         > 
>         > Ps: Using lxc 0.7.5
>         > 
>         > ------------------------------------------------------------------------------
>         > Keep Your Developer Skills Current with LearnDevNow!
>         > The most comprehensive online learning library for Microsoft developers
>         > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>         > Metro Style Apps, more. Free future releases when you subscribe now!
>         > http://p.sf.net/sfu/learndevnow-d2d
>         > _______________________________________________ Lxc-users mailing list Lxc-users at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20120308/630e7077/attachment.html>

More information about the lxc-users mailing list