On Tue, Mar 6, 2012 at 1:07 PM, Mauras Olivier <oliver.mau...@gmail.com> wrote: > > > On Tue, Mar 6, 2012 at 11:12 AM, Ramez Hanna <rha...@informatiq.org> wrote: >> >> On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov <i...@ilf.me> wrote: >> > Hi Mauras, >> > >> > Do you by any chance have an fstab file in your container's /etc >> > directory >> > that is trying to mount devpts fs also. I had this issue a week ago with >> > some of my SL6.2 containers on a fedora 16 host. After removing >> > everything >> > /dev/pts related from the fstab in the /etc directory of the containers, >> > everything magically worked. >> > >> > BR, >> > --ilf >> > >> > >> > On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: >> > >> > Hello, >> > >> > I've finally successfully migrated my SMACK setup over SElinux to >> > isolate my >> > containers - Thanks to the folks on #selinux@freenode - on a Scientific >> > Linux 6.2 host. (I may share my policy with some details if some of you >> > are >> > interested) >> > So far so good, after loads of hits and misses almost everything works >> > correctly. >> > >> > The only thing that is not, is the multiple devpts instances. It seems >> > that >> > when specifying "lxc.pts" option in the container config, ssh stops >> > working >> > while /dev/pts is correctly mounted _but_ is still showing pts devices >> > from >> > the host. >> > There's no specific selinux avc denials, and ssh rejects the shell >> > connection with that kind of errors found when /dev/pts is not correctly >> > mounted: >> > >> > sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No >> > such >> > file or directory >> > sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted >> > sshd[556]: error: open /dev/tty failed - could not set controlling tty: >> > No >> > such device or address >> > >> > As you may guess /dev/tty is present and /dev/pts is correclty mounted >> > as i >> > can do: ssh root@container "ls -la /dev/pts" >> > Only assigning the pts device for the shell doesn't... >> > >> > >> > Have any of you also hit this problem? Did you find a solution? >> > >> > >> > Regards, >> > Olivier >> > >> > >> > Ps: Using lxc 0.7.5 >> > >> > >> > ------------------------------------------------------------------------------ >> > Keep Your Developer Skills Current with LearnDevNow! >> > The most comprehensive online learning library for Microsoft developers >> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> > Metro Style Apps, more. Free future releases when you subscribe now! >> > http://p.sf.net/sfu/learndevnow-d2d >> > _______________________________________________ Lxc-users mailing list >> > Lxc-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/lxc-users >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > Keep Your Developer Skills Current with LearnDevNow! >> > The most comprehensive online learning library for Microsoft developers >> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> > Metro Style Apps, more. Free future releases when you subscribe now! >> > http://p.sf.net/sfu/learndevnow-d2d >> > _______________________________________________ >> > Lxc-users mailing list >> > Lxc-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/lxc-users >> > >> >> see my patch regarding f16 and my lxc-start-fedora script should give >> you an idea >> >> -- >> BR >> RH >> http://informatiq.org > > > Hi, > > Thanks for your reply, i actually looked at your patch, but i don't think > it's relevant to my problem as i don't start any getty in the container at > all. Now i may be missing something, if so please enlighten me. > > > Regards, > Olivier
in f16 systemd mounts /ev to devtmpfs no matter what you specify in your fstab the only case where it won't do that is when you have /dev already mounted on a separate block device (that's what my script does to avoid mounting /dev by systemd) if systemd mounts /dev then it has access to your host's devices and is sharing the ttys so for example if running lxc-start -n f16 it will not get you shell or any output from the container because the container is trying to access tty0 which is already in use by the host if you use the -d option then you don't get any access inside the container because lxc-console won't work again because getty will not start on tty1 or any other tty i am not sure if you can start the container or no could be sefull if you post full log of your lxc-start -- BR RH http://informatiq.org ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
