Hello,
I've finally successfully migrated my SMACK setup over SElinux to isolate
my containers - Thanks to the folks on #selinux@freenode - on a Scientific
Linux 6.2 host. (I may share my policy with some details if some of you are
interested)
So far so good, after loads of hits and misses almost everything works
correctly.
The only thing that is not, is the multiple devpts instances. It seems that
when specifying "lxc.pts" option in the container config, ssh stops working
while /dev/pts is correctly mounted _but_ is still showing pts devices from
the host.
There's no specific selinux avc denials, and ssh rejects the shell
connection with that kind of errors found when /dev/pts is not correctly
mounted:
sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such
file or directory
sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted
sshd[556]: error: open /dev/tty failed - could not set controlling tty: No
such device or address
As you may guess /dev/tty is present and /dev/pts is correclty mounted as i
can do: ssh root@container "ls -la /dev/pts"
Only assigning the pts device for the shell doesn't...
Have any of you also hit this problem? Did you find a solution?
Regards,
Olivier
Ps: Using lxc 0.7.5
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
