Re: [Lxc-users] connecting lxc-console is impossible after deny cgroup by default activated

Wed, 07 Nov 2012 10:25:21 -0800 

Le 07/11/2012 15:13, Serge Hallyn a écrit :
> Quoting Thierry (mys...@cynetek.com):
>> Le 05/11/2012 23:36, Serge Hallyn a écrit :
>>> Quoting Thierry (mys...@cynetek.com):
>>>> Le 05/11/2012 22:25, Serge Hallyn a écrit :
>>>>> Quoting Thierry (mys...@cynetek.com):
>>>>>>       lxc-start 1352149909.205 DEBUG    lxc_conf - trying to mount 
>>>>>> '/dev/vg1/debian-dev'->'/usr/lib/lxc/rootfs' with fstype '# 
>>>>>> /etc/filesystems'
>>>>>>       lxc-start 1352149909.205 DEBUG    lxc_conf - mount failed with 
>>>>>> error: No such device
>>>>> (And a bunch more)  Does /dev/vg1/debian-dev exist on the host?
>>>>>
>>>>> -serge
>>>>>
>>>> yes. This device /dev/vg1/debian-dev is idem for config working and
>>>> config not working.
>>> Heh, sorry, I see :)  Bogus fstype.  I'm shuttling between too many things.
>>>
>>> Anyway I'm guessing the answer is in the kernel-hardened patches.  Can you
>>> find anything in the audit logs?
>> Hello,
>>
>> I'm testing with gentoo-sources kernel ( not patching with grsecurity)
>> and lxc-console not working.
>>
>> tigra linux # zcat /proc/config.gz |grep -i 3.6.2
>> # Linux/x86_64 3.6.2-gentoo Kernel Configuration
>>
>> tigra ~ # lxc-console -n debian-dev
>>
>> Type <Ctrl+a q> to exit the console
>>
>> Not prompt for logging.
>>
>>> When you log in over ssh (when using devices.deny = a), what does
>>> 'ls -l /dev/tty?
>> root@debian-dev:~# ls -l /dev/tty*
>> crw-rw-rw- 1 root root 5, 0 Nov  1 16:41 /dev/tty
>> crw-rw-rw- 1 root root 4, 0 Nov  6 17:47 /dev/tty0
>> crw--w---- 1 root tty  3, 1 Nov  6 15:28 /dev/tty1
>> crw--w---- 1 root tty  3, 2 Nov  6 15:28 /dev/tty2
>> crw--w---- 1 root tty  3, 3 Nov  6 15:28 /dev/tty3
>> crw--w---- 1 root tty  3, 4 Nov  6 15:28 /dev/tty4
>>
>>>  /dev/console' show? 
>> root@debian-dev:~# ls -l /dev/console
>> crw------- 1 root tty 3, 5 Nov  6 15:28 /dev/console
> That's wrong.  What do they look like in the good case?

On guest working:

root@debian-dev:~#  ls -l /dev/tty*
crw-rw-rw- 1 root root 5, 0 Nov  1 16:41 /dev/tty
crw-rw-rw- 1 root root 4, 0 Nov  1 16:41 /dev/tty0
crw------- 1 root root 3, 1 Nov  7 17:29 /dev/tty1
crw------- 1 root root 3, 2 Nov  7 17:28 /dev/tty2
crw------- 1 root root 3, 3 Nov  7 17:28 /dev/tty3
crw------- 1 root root 3, 4 Nov  7 17:28 /dev/tty4


root@debian-dev:~#  ls -l /dev/console
crw------- 1 root root 3, 5 Nov  7 17:28 /dev/console


> is devtmpfs mounted in the container?

Yes if "cat /proc/mount" is good :)  but not mounted by conf or manually.

On guest not working

root@debian-dev:~# cat /proc/mounts
rootfs / rootfs rw 0 0
/dev/vg1/debian-dev / ext4 rw,relatime,data=ordered 0 0
/dev /dev/console devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty1 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty2 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty3 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty4 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600,ptmxmode=666 0 0
devpts /dev/ptmx devpts rw,relatime,mode=600,ptmxmode=666 0 0
tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0



On guest working

root@debian-dev:~# cat /proc/mounts
rootfs / rootfs rw 0 0
/dev/vg1/debian-dev / ext4 rw,relatime,data=ordered 0 0
/dev /dev/console devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty1 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty2 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty3 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
/dev /dev/tty4 devtmpfs
rw,relatime,size=8163156k,nr_inodes=2040789,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600,ptmxmode=666 0 0
devpts /dev/ptmx devpts rw,relatime,mode=600,ptmxmode=666 0 0
tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0



> I don't know why /dev/ttyN would NOT be overmounted in this case.

i don't no. Option of kernel.

This config is working on other gentoo with 3.4.0 kernel and lxc 0.8.0_rc2


  * Anglais - détecté
  * Anglais
  * Français

  * Anglais
  * Français

<javascript:void(0);>

------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Reply via email to