Le 05/11/2012 23:36, Serge Hallyn a écrit :
> Quoting Thierry (mys...@cynetek.com):
>> Le 05/11/2012 22:25, Serge Hallyn a écrit :
>>> Quoting Thierry (mys...@cynetek.com):
>>>> lxc-start 1352149909.205 DEBUG lxc_conf - trying to mount
>>>> '/dev/vg1/debian-dev'->'/usr/lib/lxc/rootfs' with fstype '#
>>>> /etc/filesystems'
>>>> lxc-start 1352149909.205 DEBUG lxc_conf - mount failed with
>>>> error: No such device
>>> (And a bunch more) Does /dev/vg1/debian-dev exist on the host?
>>>
>>> -serge
>>>
>> yes. This device /dev/vg1/debian-dev is idem for config working and
>> config not working.
> Heh, sorry, I see :) Bogus fstype. I'm shuttling between too many things.
>
> Anyway I'm guessing the answer is in the kernel-hardened patches. Can you
> find anything in the audit logs?
Hello,
I'm testing with gentoo-sources kernel ( not patching with grsecurity)
and lxc-console not working.
tigra linux # zcat /proc/config.gz |grep -i 3.6.2
# Linux/x86_64 3.6.2-gentoo Kernel Configuration
tigra ~ # lxc-console -n debian-dev
Type <Ctrl+a q> to exit the console
Not prompt for logging.
>
> When you log in over ssh (when using devices.deny = a), what does
> 'ls -l /dev/tty?
root@debian-dev:~# ls -l /dev/tty*
crw-rw-rw- 1 root root 5, 0 Nov 1 16:41 /dev/tty
crw-rw-rw- 1 root root 4, 0 Nov 6 17:47 /dev/tty0
crw--w---- 1 root tty 3, 1 Nov 6 15:28 /dev/tty1
crw--w---- 1 root tty 3, 2 Nov 6 15:28 /dev/tty2
crw--w---- 1 root tty 3, 3 Nov 6 15:28 /dev/tty3
crw--w---- 1 root tty 3, 4 Nov 6 15:28 /dev/tty4
> /dev/console' show?
root@debian-dev:~# ls -l /dev/console
crw------- 1 root tty 3, 5 Nov 6 15:28 /dev/console
> What if you stop the getty on
> /dev/tty1 and (as root) try to read/write to it?
>
> -serge
>
getty is not executing on /dev/tty1 if cgroup.deny is activated.
simply read:
root@debian-dev:~# cat /dev/tty1
cat: /dev/tty1: Operation not permitted
simply write:
root@debian-dev:~# echo toto > /dev/tty1
-bash: /dev/tty1: Operation not permitted
and testing add allow all devices after starting by on host:
tigra ~ # echo "a *:* rwm" >
/sys/fs/cgroup/devices/lxc/debian-dev/devices.allow
and on guest:
root@debian-dev:~# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 17:45 ? 00:00:00 init [3]
root 214 1 0 17:45 ? 00:00:00 /usr/sbin/sshd
root 261 214 0 17:46 ? 00:00:00 sshd: root@pts/0
root 263 261 0 17:46 pts/0 00:00:00 -bash
root 507 263 0 18:16 pts/0 00:00:00 ps -ef
root@debian-dev:~# telinit q
root@debian-dev:~# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 17:45 ? 00:00:00 init [3]
root 214 1 0 17:45 ? 00:00:00 /usr/sbin/sshd
root 261 214 0 17:46 ? 00:00:00 sshd: root@pts/0
root 263 261 0 17:46 pts/0 00:00:00 -bash
root 509 1 0 18:16 ? 00:00:00 /sbin/getty 38400 console
root 510 1 0 18:16 tty1 00:00:00 /sbin/getty 38400 tty1 linux
root 511 1 0 18:16 tty2 00:00:00 /sbin/getty 38400 tty2 linux
root 512 1 0 18:16 tty3 00:00:00 /sbin/getty 38400 tty3 linux
root 513 1 0 18:16 tty4 00:00:00 /sbin/getty 38400 tty4 linux
root 514 263 0 18:16 pts/0 00:00:00 ps -ef
write simply on guset
root@debian-dev:~# echo toto > /dev/tty1
it's ok.
understand this problem. kernel or cgroup is bugged ???!!!!!
* Anglais - détecté
* Anglais
* Français
* Anglais
* Français
<javascript:void(0);>
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users