Le 05/11/2012 23:36, Serge Hallyn a écrit :
> Quoting Thierry (mys...@cynetek.com):
>> Le 05/11/2012 22:25, Serge Hallyn a écrit :
>>> Quoting Thierry (mys...@cynetek.com):
>>>>       lxc-start 1352149909.205 DEBUG    lxc_conf - trying to mount 
>>>> '/dev/vg1/debian-dev'->'/usr/lib/lxc/rootfs' with fstype '# 
>>>> /etc/filesystems'
>>>>       lxc-start 1352149909.205 DEBUG    lxc_conf - mount failed with 
>>>> error: No such device
>>> (And a bunch more)  Does /dev/vg1/debian-dev exist on the host?
>>>
>>> -serge
>>>
>> yes. This device /dev/vg1/debian-dev is idem for config working and
>> config not working.
> Heh, sorry, I see :)  Bogus fstype.  I'm shuttling between too many things.
>
> Anyway I'm guessing the answer is in the kernel-hardened patches.  Can you
> find anything in the audit logs?

Hello,

I'm testing with gentoo-sources kernel ( not patching with grsecurity)
and lxc-console not working.

tigra linux # zcat /proc/config.gz |grep -i 3.6.2
# Linux/x86_64 3.6.2-gentoo Kernel Configuration

tigra ~ # lxc-console -n debian-dev

Type <Ctrl+a q> to exit the console

Not prompt for logging.

>
> When you log in over ssh (when using devices.deny = a), what does
> 'ls -l /dev/tty?
root@debian-dev:~# ls -l /dev/tty*
crw-rw-rw- 1 root root 5, 0 Nov  1 16:41 /dev/tty
crw-rw-rw- 1 root root 4, 0 Nov  6 17:47 /dev/tty0
crw--w---- 1 root tty  3, 1 Nov  6 15:28 /dev/tty1
crw--w---- 1 root tty  3, 2 Nov  6 15:28 /dev/tty2
crw--w---- 1 root tty  3, 3 Nov  6 15:28 /dev/tty3
crw--w---- 1 root tty  3, 4 Nov  6 15:28 /dev/tty4

>  /dev/console' show? 

root@debian-dev:~# ls -l /dev/console
crw------- 1 root tty 3, 5 Nov  6 15:28 /dev/console


>  What if you stop the getty on
> /dev/tty1 and (as root) try to read/write to it?
>
> -serge
>

getty is not executing on /dev/tty1 if cgroup.deny is activated.

simply read:

root@debian-dev:~# cat /dev/tty1
cat: /dev/tty1: Operation not permitted

simply write:

root@debian-dev:~# echo toto > /dev/tty1
-bash: /dev/tty1: Operation not permitted


and testing add allow all devices after starting by on host:

tigra ~ # echo "a *:* rwm" >
/sys/fs/cgroup/devices/lxc/debian-dev/devices.allow

and on guest:

root@debian-dev:~# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 17:45 ?        00:00:00 init [3] 
root       214     1  0 17:45 ?        00:00:00 /usr/sbin/sshd
root       261   214  0 17:46 ?        00:00:00 sshd: root@pts/0
root       263   261  0 17:46 pts/0    00:00:00 -bash
root       507   263  0 18:16 pts/0    00:00:00 ps -ef
root@debian-dev:~# telinit q
root@debian-dev:~# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 17:45 ?        00:00:00 init [3] 
root       214     1  0 17:45 ?        00:00:00 /usr/sbin/sshd
root       261   214  0 17:46 ?        00:00:00 sshd: root@pts/0
root       263   261  0 17:46 pts/0    00:00:00 -bash
root       509     1  0 18:16 ?        00:00:00 /sbin/getty 38400 console
root       510     1  0 18:16 tty1     00:00:00 /sbin/getty 38400 tty1 linux
root       511     1  0 18:16 tty2     00:00:00 /sbin/getty 38400 tty2 linux
root       512     1  0 18:16 tty3     00:00:00 /sbin/getty 38400 tty3 linux
root       513     1  0 18:16 tty4     00:00:00 /sbin/getty 38400 tty4 linux
root       514   263  0 18:16 pts/0    00:00:00 ps -ef

write simply on guset

root@debian-dev:~# echo toto > /dev/tty1

it's ok.

understand this problem. kernel or cgroup is bugged ???!!!!!

 

  * Anglais - détecté
  * Anglais
  * Français

  * Anglais
  * Français

<javascript:void(0);>
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Reply via email to