[Lxc-users] connecting lxc-console is impossible after deny cgroup by default activated
Thierry
mysolo at cynetek.com
Wed Nov 7 18:23:13 UTC 2012
Le 07/11/2012 15:13, Serge Hallyn a écrit :
> Quoting Thierry (mysolo at cynetek.com):
>> Le 05/11/2012 23:36, Serge Hallyn a écrit :
>>> Quoting Thierry (mysolo at cynetek.com):
>>>> Le 05/11/2012 22:25, Serge Hallyn a écrit :
>>>>> Quoting Thierry (mysolo at cynetek.com):
>>>>>> lxc-start 1352149909.205 DEBUG lxc_conf - trying to mount '/dev/vg1/debian-dev'->'/usr/lib/lxc/rootfs' with fstype '# /etc/filesystems'
>>>>>> lxc-start 1352149909.205 DEBUG lxc_conf - mount failed with error: No such device
>>>>> (And a bunch more) Does /dev/vg1/debian-dev exist on the host?
>>>>>
>>>>> -serge
>>>>>
>>>> yes. This device /dev/vg1/debian-dev is idem for config working and
>>>> config not working.
>>> Heh, sorry, I see :) Bogus fstype. I'm shuttling between too many things.
>>>
>>> Anyway I'm guessing the answer is in the kernel-hardened patches. Can you
>>> find anything in the audit logs?
>> Hello,
>>
>> I'm testing with gentoo-sources kernel ( not patching with grsecurity)
>> and lxc-console not working.
>>
>> tigra linux # zcat /proc/config.gz |grep -i 3.6.2
>> # Linux/x86_64 3.6.2-gentoo Kernel Configuration
>>
>> tigra ~ # lxc-console -n debian-dev
>>
>> Type <Ctrl+a q> to exit the console
>>
>> Not prompt for logging.
>>
>>> When you log in over ssh (when using devices.deny = a), what does
>>> 'ls -l /dev/tty?
>> root at debian-dev:~# ls -l /dev/tty*
>> crw-rw-rw- 1 root root 5, 0 Nov 1 16:41 /dev/tty
>> crw-rw-rw- 1 root root 4, 0 Nov 6 17:47 /dev/tty0
>> crw--w---- 1 root tty 3, 1 Nov 6 15:28 /dev/tty1
>> crw--w---- 1 root tty 3, 2 Nov 6 15:28 /dev/tty2
>> crw--w---- 1 root tty 3, 3 Nov 6 15:28 /dev/tty3
>> crw--w---- 1 root tty 3, 4 Nov 6 15:28 /dev/tty4
>>
>>> /dev/console' show?
>> root at debian-dev:~# ls -l /dev/console
>> crw------- 1 root tty 3, 5 Nov 6 15:28 /dev/console
> That's wrong. What do they look like in the good case?
On guest working:
root at debian-dev:~# ls -l /dev/tty*
crw-rw-rw- 1 root root 5, 0 Nov 1 16:41 /dev/tty
crw-rw-rw- 1 root root 4, 0 Nov 1 16:41 /dev/tty0
crw------- 1 root root 3, 1 Nov 7 17:29 /dev/tty1
crw------- 1 root root 3, 2 Nov 7 17:28 /dev/tty2
crw------- 1 root root 3, 3 Nov 7 17:28 /dev/tty3
crw------- 1 root root 3, 4 Nov 7 17:28 /dev/tty4
root at debian-dev:~# ls -l /dev/console
crw------- 1 root root 3, 5 Nov 7 17:28 /dev/console
> is devtmpfs mounted in the container?
Yes if "cat /proc/mount" is good :) but not mounted by conf or manually.
On guest not working
root at debian-dev:~# cat /proc/mounts
rootfs / rootfs rw 0 0
/dev/vg1/debian-dev / ext4 rw,relatime,data=ordered 0 0
/dev /dev/console devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty1 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty2 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty3 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty4 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600,ptmxmode=666 0 0
devpts /dev/ptmx devpts rw,relatime,mode=600,ptmxmode=666 0 0
tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
On guest working
root at debian-dev:~# cat /proc/mounts
rootfs / rootfs rw 0 0
/dev/vg1/debian-dev / ext4 rw,relatime,data=ordered 0 0
/dev /dev/console devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty1 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty2 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty3 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty4 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600,ptmxmode=666 0 0
devpts /dev/ptmx devpts rw,relatime,mode=600,ptmxmode=666 0 0
tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
> I don't know why /dev/ttyN would NOT be overmounted in this case.
i don't no. Option of kernel.
This config is working on other gentoo with 3.4.0 kernel and lxc 0.8.0_rc2
* Anglais - détecté
* Anglais
* Français
* Anglais
* Français
<javascript:void(0);>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20121107/0605dfec/attachment.html>
More information about the lxc-users
mailing list