Re: [Lxc-users] lxc-centos/lxc-rhel?
On Thu, 10 Oct 2013 21:58:58 +0200 Tamas Papp tom...@martos.bme.hu wrote: On 10/10/2013 08:56 PM, Dwight Engen wrote: Hmm not sure what could be the issue. I would start by running ssh -vv against the container and see where it is getting stuck. On the server: [...] It show up nothing to me. I agree that wasn't too helpful, but it shows there is nothing going wrong in the key exchange / authentication. There is strace log as well. This fork cycle is repeating: [...] Hmm, so for some reason /usr/bin/id -gn is being invoked over and over again? Do you have something in your login scripts that might do this? (ie. a quick google brought up http://stackoverflow.com/questions/5929552/ssh-command-execution-hangs-although-interactive-shell-functions-fine). Not sure where sshd is without seeing earlier in the strace. -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] cgroups permission problem
On Thu, 10 Oct 2013 09:03:36 -0500 Serge Hallyn serge.hal...@ubuntu.com wrote: Quoting John (j...@neutrondawn.com): I am in fact able to write to the file. its initial state is empty. The initial state of which file is empty - /cgroup/cpuset/lxc/cpuset.cpus, or /cgroup/cpuset/lxc/GE/cpuset.cpus? If the former, then that's the problem. That file should have been initialized earlier. /x/y/z/ is not allowed to use cpus which are John, are you perhaps running on an older kernel that doesn't have clone_children? lxc relies on this to propagate values down the heirarchy. not authorized for use by /x/y. On 2013-10-10 09:24, Serge Hallyn wrote: Quoting John (j...@neutrondawn.com): Greetings LXC, im having problems getting my container operational on centos. cgconfig and cgred are both running. the error is as follows during startup attempts: lxc-start 1381364626.764 DEBUGlxc_cgroup - cgroup_path_get: called for subsys cpuset name lxc/GE lxc-start 1381364626.764 DEBUGlxc_cgroup - using cgroup mounted at '/cgroup/cpuset' lxc-start 1381364626.764 DEBUGlxc_cgroup - cgroup_path_get: returning /cgroup/cpuset/lxc/GE for subsystem cpuset.cpus lxc-start 1381364626.764 ERRORlxc_cgroup - Permission denied - write /cgroup/cpuset/lxc/GE/cpuset.cpus : Permission denied lxc-start 1381364626.764 ERRORlxc_conf - Error setting cpuset.cpus to 0,1,2,3,4,5,6 for lxc/GE Whatis in /cgroup/cpuset/lxc/cpuset.cpus? Are you able to manually write to that file? -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-centos/lxc-rhel?
On Thu, 10 Oct 2013 18:21:31 +0200 Tamas Papp tom...@martos.bme.hu wrote: On 10/02/2013 05:41 PM, Dwight Engen wrote: On Mon, 30 Sep 2013 23:18:59 +0200 Tamas Papp tom...@martos.bme.hu wrote: On 09/30/2013 08:37 PM, Michael H. Warfield wrote: Dwight, Actually I have a problem with the Oracle template. I have a a couple of Oracle Linux containers and they are running fine. There are running Oracle Databases as well... But I cannot run anything through an ssh session noninteractively or copy files to the containers by scp as a destionation. Eg.: $ ssh container echo $ scp file container: It's waiting for something and I could not find out. Hi Tamas, sorry, I know you brought this up before and I wasn't sure if you got it solved or not. First off the host doesn't know the container by name so unless you've done something special the resolving of container isn't going to just work (ie. ping container should fail Yes, I know about that. This not that case:) to resolve to an IP). You can use a recent version of lxc-info to get the containers' IP. Here is a session I just did in Ubuntu that I think is similar to what you are trying to do: root@xubu:~# lxc-create -n ol -t oracle -- -u ftp://mymirror/ol-public-yum lots of output root@xubu:~# lxc-start -d -n ol wait a few seconds for it to start root@xubu:~# lxc-info -n ol state: RUNNING pid:8685 ip: 10.0.3.163 root@xubu:~# ssh 10.0.3.163 The authenticity of host '10.0.3.163 (10.0.3.163)' can't be established. RSA key fingerprint is 2c:1a:82:14:24:72:c5:41:db:3e:b8:65:f9:c6:7e:35. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.3.163' (RSA) to the list of known hosts. long pause here... root@10.0.3.163's password: [root@ol ~]# vi /etc/ssh/sshd_config set GSSAPIAuthentication no [root@ol ~]# halt container shuts down root@xubu:~# lxc-start -d -n ol root@xubu:~# ssh 10.0.3.163 root@10.0.3.163's password: Last login: Wed Oct 2 11:09:07 2013 from 10.0.3.1 [root@ol ~]# [root@ol ~]# exit logout Connection to 10.0.3.163 closed. root@xubu:~# scp 10.0.3.163:/etc/fstab . root@10.0.3.163's password: bash: scp: command not found This is because openssh-clients wasn't installed in the container, so we have to go install that. I think I should add that to be installed by default in the template [Good idea.] root@xubu:~# ssh 10.0.3.163 root@10.0.3.163's password: Last login: Wed Oct 2 11:11:38 2013 from 10.0.3.1 [root@ol ~]# echo 192.168.1.30 mymirror /etc/hosts [root@ol ~]# yum install openssh-clients lots of yum output [root@ol ~]# exit logout Connection to 10.0.3.163 closed. root@xubu:~# scp 10.0.3.163:/etc/fstab . root@10.0.3.163's password: fstab 100%0 0.0KB/s 00:00 root@xubu:~# root@xubu:~# scp fstab 10.0.3.163: root@10.0.3.163's password: fstab 100%0 0.0KB/s 00:00 So I hopefully your situation is similar and disabling the GSSAPIAuthentication or setting UseDNS no in the containers sshd_config will reduce the wait times. Also, the openssh-clients package has to be installed in the container for scp to work. For now you can manually install it in the container using yum or the -r option to the template when creating a new OL container. I'll submit a patch for the template that includes that package by default so scp in/out will work out of the box. Unfortunately disabling GSSAPI* and UseDNS options doesn't help. I experience the same problem. BTW, our system works fine, DNS is fine, Ubuntu and Debian containers, HW based OL installations and everything works as they expected. In fact OL containers are working fine, except this issue. For I can run Oracel DB inside one. If you tell me, how to debug, what to do, I can try that. Currently I'm out of ideas:/ Hmm not sure what could be the issue. I would start by running ssh -vv against the container and see where it is getting stuck. 10x tamas ps.: Sorry again and thanks for not forgetting this email;) -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-centos/lxc-rhel?
On Mon, 30 Sep 2013 23:18:59 +0200 Tamas Papp tom...@martos.bme.hu wrote: On 09/30/2013 08:37 PM, Michael H. Warfield wrote: Dwight, Actually I have a problem with the Oracle template. I have a a couple of Oracle Linux containers and they are running fine. There are running Oracle Databases as well... But I cannot run anything through an ssh session noninteractively or copy files to the containers by scp as a destionation. Eg.: $ ssh container echo $ scp file container: It's waiting for something and I could not find out. Hi Tamas, sorry, I know you brought this up before and I wasn't sure if you got it solved or not. First off the host doesn't know the container by name so unless you've done something special the resolving of container isn't going to just work (ie. ping container should fail to resolve to an IP). You can use a recent version of lxc-info to get the containers' IP. Here is a session I just did in Ubuntu that I think is similar to what you are trying to do: root@xubu:~# lxc-create -n ol -t oracle -- -u ftp://mymirror/ol-public-yum lots of output root@xubu:~# lxc-start -d -n ol wait a few seconds for it to start root@xubu:~# lxc-info -n ol state: RUNNING pid:8685 ip: 10.0.3.163 root@xubu:~# ssh 10.0.3.163 The authenticity of host '10.0.3.163 (10.0.3.163)' can't be established. RSA key fingerprint is 2c:1a:82:14:24:72:c5:41:db:3e:b8:65:f9:c6:7e:35. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.3.163' (RSA) to the list of known hosts. long pause here... root@10.0.3.163's password: [root@ol ~]# vi /etc/ssh/sshd_config set GSSAPIAuthentication no [root@ol ~]# halt container shuts down root@xubu:~# lxc-start -d -n ol root@xubu:~# ssh 10.0.3.163 root@10.0.3.163's password: Last login: Wed Oct 2 11:09:07 2013 from 10.0.3.1 [root@ol ~]# [root@ol ~]# exit logout Connection to 10.0.3.163 closed. root@xubu:~# scp 10.0.3.163:/etc/fstab . root@10.0.3.163's password: bash: scp: command not found This is because openssh-clients wasn't installed in the container, so we have to go install that. I think I should add that to be installed by default in the template root@xubu:~# ssh 10.0.3.163 root@10.0.3.163's password: Last login: Wed Oct 2 11:11:38 2013 from 10.0.3.1 [root@ol ~]# echo 192.168.1.30 mymirror /etc/hosts [root@ol ~]# yum install openssh-clients lots of yum output [root@ol ~]# exit logout Connection to 10.0.3.163 closed. root@xubu:~# scp 10.0.3.163:/etc/fstab . root@10.0.3.163's password: fstab 100%0 0.0KB/s 00:00 root@xubu:~# root@xubu:~# scp fstab 10.0.3.163: root@10.0.3.163's password: fstab 100%0 0.0KB/s 00:00 So I hopefully your situation is similar and disabling the GSSAPIAuthentication or setting UseDNS no in the containers sshd_config will reduce the wait times. Also, the openssh-clients package has to be installed in the container for scp to work. For now you can manually install it in the container using yum or the -r option to the template when creating a new OL container. I'll submit a patch for the template that includes that package by default so scp in/out will work out of the box. The system is Ubuntu (12.04 and 13.04). Don't you have this error? Thanks, tamas -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134791iu=/4140/ostg.clktrk ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-centos/lxc-rhel?
On Sat, 28 Sep 2013 09:52:15 +0700 Fajar A. Nugraha l...@fajar.net wrote: On Sat, Sep 28, 2013 at 3:03 AM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2013-09-27 at 10:38 +0700, Fajar A. Nugraha wrote: In particular, it solves the problem of mismatched rpmdb version (i.e. when installing centos5 on latest ubuntu) by doing yum install twice. I accomplished that with an rpm --rebuilddb sortly after installing the minimal packages. Unfortunatey using JUST that didn't work last time I tested installing Centos 5 from Ubuntu 12.04. So what I did was: - move rpmdb location to the correct place (Ubuntu put this in $HOME/.rpmdb) - try rpm --rebulddb - test with yum - if yum still complains, then reinstall a new environment using yum/rpm from the temporary environment. Hi guys, just wanted to mention in case it helps is that the way I solved the db version mismatch in the oracle linux template was to use db_dump | db_load. -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60133471iu=/4140/ostg.clktrk ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] copy from OEL template does not work
On Thu, 15 Aug 2013 19:56:10 +0200 Tamas Papp tom...@martos.bme.hu wrote: On 08/15/2013 06:37 PM, Dwight Engen wrote: On Thu, 15 Aug 2013 16:12:26 +0200 Tamas Papp tom...@martos.bme.hu wrote: hi, env: Linux virt101 3.8.0-27-generic #40-Ubuntu SMP Tue Jul 9 00:17:05 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux No LSB modules are available. Distributor ID:Ubuntu Description:Ubuntu 13.04 Release:13.04 Codename:raring ii lxc 0.9.0.0~staging~20130814-145 amd64 Linux Containers userspace tools I created the container with the official lxc-oracle script: $ lxc-create -n VM -t oracle LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID:OracleServer Description:Oracle Linux Server release 6.4 Release:6.4 Codename:n/a I copy a file from the container with scp. From top output: 31973 tompos20 0 120m 18m 1272 S 41.3 0.0 0:05.28 bash -c scp -f a.txt File: -rw-r--r-- 1 tompos tompos 0 Aug 15 09:42 /home/tompos/a.txt Usually I get a segfault after a time: [356314.564571] bash[6347]: segfault at 7fff110d1ff8 ip 7f30ec5bc2ea sp 7fff110d2000 error 6 in libc-2.12.so[7f30ec578000+18a000] Hi Tamas, I'm not certain I fully understand your scenario. It looks like you have an OL6.4 container on an Ubuntu host, and you are then trying to scp a file from out of the container into the host? Are you Exactly. Into the host or any other VM or (linux?) computer. I didn't tested other OS, like windows. doing the scp from inside the container or on the host? I connect with scp to the container: host:~$ scp container:a.txt . It looks like you called your container VM, not container. What does lxc-ls show? Are you sure the host has network connectivity with the container? (ie. are you resolving to the container? Can you ping it?) If you think its ssh protocol/authentication related you might try to just ssh in with -vv to see what is going on. BTW, the same is true for rsync. rsyncd is not run in the Oracle container by default, so unless you have enabled it I wouldn't expect it to work :) tamas -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Unable to create lxc CT on fedora 19
On Mon, 08 Jul 2013 10:05:49 -0400 Michael H. Warfield m...@wittsend.com wrote: On Sat, 2013-07-06 at 16:11 -0700, jjs - mainphrame wrote: All, Noob question here. I've been testing lxc on ubunbtu 13.04 and everything just works. However, all my attempts to create an lxc CT on fedora 19 have failed. The result is the same when attempting to create debian, ubuntu or fedora containers. What am I missing here? As it so happens, I just upgraded one of my F18 workstations to F19 over the weekend and had not gotten around to testing this yet. So I just tested. Spotted an immediate and obvious problem before I even started and fixed that before even making the attempt. 1) What version of lxc are you running? The stock lxc rpms from the repos are 0.8.0. Uh, oh. No, that's not gonna work at all. Version 0.8.0 is not compatible with the version of systemd that's shipped with F19 (or F18 for that matter). You need to upgrade lxc to at least 0.9.0 (current) and that's been discussed in several other threads. There are some prebuilt rpms floating around, though I typically build my own since I've done some work on the binaries and the Fedora template. I would highly recommend installing from some prebuilt rpms (or building your own) rather than from source compile and install. Just wanted to point out that make rpm from the sources works quite well for the building your own case :) No for testing... 2) The lxc-fedora template (even in 0.9.0) is busted, as I feared it would be, for Fedora 19 because the Fedora 19 release file is a -2 release and it's only looking for a -1 release. I saw that code a month ago and thought that can't be right but it hasn't busted until now. Nobody answered when I asked about that logic on the devel list back then so I guess it's one more thing on my list to fix. The whole retry logic in that template is wrong, IMNSHO. 3) The errors couldn't be the same because the template logic is different. No where in the Fedora template do we do a chroot .* mount.*proc. In fact, we don't even mount proc (which may be something else I should look into). That error on the chroot ... mount -t proc would have never shown up in an fedora create (but you would have blown up for the release download). 4) After installing lxc-0.9.0 on my F19 system AND hacking the bloody lxc-fedora template for the release extension, I was able to successfully install an F19 container on an F19 host. I'll try Ubuntu and Debian next. AFAICT, almost none of the other templates have allowed for cross distro container creation, which sucks. One more thing to work on. :-P Regards, Mike --- output follows --- [root@max ~]# lxc-create -n debian1 -t debian /usr/share/lxc/templates/lxc-debian is /usr/share/lxc/templates/lxc-debian debootstrap is /sbin/debootstrap Checking cache download in /var/cache/lxc/debian/rootfs-squeeze-amd64 ... Downloading debian minimal ... I: Retrieving Release W: Cannot check Release signature; keyring file not available /usr/share/keyrings/debian-archive-keyring.gpg I: Retrieving Packages I: Validating Packages I: Resolving dependencies of required packages... I: Resolving dependencies of base packages... I: Found additional required dependencies: insserv libbz2-1.0 libdb4.8 libslang2 ... snipped ... I: Extracting mount... I: Extracting util-linux... I: Extracting liblzma2... I: Extracting xz-utils... I: Extracting zlib1g... W: Failure trying to run: chroot /var/cache/lxc/debian/partial-squeeze-amd64 mount -t proc proc /proc W: See /var/cache/lxc/debian/partial-squeeze-amd64/debootstrap/debootstrap.log for details Failed to download the rootfs, aborting. Failed to download 'debian base' failed to install debian lxc-create: failed to execute template 'debian' lxc-create: aborted [root@max ~]# -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net
Re: [Lxc-users] Determine which veth interface belongs to which container
Hi guys, This is exactly the use case that I added lxc_cmd_get_config_item() for. Unfortunately it wasn't exposed yet, but since I saw your message I just proposed adding the ability to lxc-info over on the devel list. Hopefully this can do what you need. On Mon, 1 Jul 2013 10:26:44 -0500 Serge Hallyn serge.hal...@ubuntu.com wrote: You can probably correlate it using /sys/class/net/$veth/iflink, which should have consecutive values for link and peer. Quoting Yury Vidineev (ade...@yandex.ru): Thank you for the answer! It's almost exactly what I need. But is it possible to know name of interfaces without containers restart? On Monday, July 01, 2013 02:08:10 PM Claudio Kuenzler wrote: Hello Can anyone suggest me a way to determine which veth* interface belongs to which container? You have the possibility to add the veth interface name into the lxc config: lxc.network.veth.pair = veth0-$name Using this, you'll immediately know to which lxc container the interface belongs. -- Sincerely, Yury Vidineev -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Monitoring per container
On Sat, 11 May 2013 13:43:56 +0700 David Parks davidpark...@yahoo.com wrote: Does anyone have any pointers on how I might monitor things like CPU and DISK activity PER CONTAINER? (Ubuntu 12.10 server here) I saw something on You Tube using RHL that demoed it beautifully, but I'm looking for something a bit more rudimentary, maybe that I could plug into Nagios or use to just see how things look under load. Running top-like utilities on the host doesn't really split it up well enough by container, even htop with cgroups is difficult at best. Hi David, not sure it will have the exact information you're looking for, but you can check out lxc-top (part of the lua binding). It just uses info from cgroup though, so that may not be enough for you. -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Exiting container inside a screen session
On Fri, 1 Feb 2013 15:58:03 -0500 Martin Konečný martin.kone...@sourcefabric.org wrote: As you may know, screen overrides the shortcut Ctrl-a for it's own commands. I accidentally lxc-console'd into a container inside screen, and now I can't get out of it using Ctrl-a q since screen is intercepting this. Any tips? Martin You can change the escape lxc-console looks for with the -e option. From the manpage: For example to use Ctrl+b q as the escape sequence use -e '^b'. -- Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] centos6 container and root login
On Tue, 23 Oct 2012 20:03:33 +0200 olx69 ope-li...@gmx.de wrote: to be more precise, I've got after root/passwd phrase the option: Would you like to enter a security context? [N] Looks like selinux problem? Can you try disabling selinux in the host (and possibly in the guest as well) with setenforce 0. FWIW in my experience doing setenforce 0 in the host isn't enough for the guest to think selinux is disabled since libselinux::is_selinux_enabled() in the guest will check /proc/filesystems and see selinuxfs, thus reporting that it is on. (ie. check the output of sestatus in the guest). I had to disable it and reboot to make the guest think it is not enabled. How to disable it in that manner? In the container I did install policycoreutils (as shown at http://wiki.1tux.org/wiki/Centos6/Installation/Minimal_installation_using_yum I have only centos-release and the essential packages) and have # echo 0 selinux/enforce # cat etc/selinux/config SELINUX=disabled in the the lxc container I can do now [root@pgsql ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: disabled Policy version: 24 Policy from config file:targeted which disables selinux obviously. Not actually disabled yet, for example try changing roots password in the container and you will not be able to. Doing the change to the hosts /etc/selinux/config you showed and rebooting the host should disable it, not just set it to permissive. As long as sestatus shows like above (the SELinux status is enabled), programs in the guest still think its enabled regardless of what the config file says because they call the libselinux::is_selinux_enabled() function I mentioned above which checks to see if selinuxfs is in /proc/filesystems. BTW, for root login all what I did was to disable all pam_selinux.so pam_loginuid.so lines in /etc/pam.d/login ! Yes, you may also have to add lxc/tty1 or pts/0 (for libvirt) to $container/etc/securetty depending on how you have your ptys mapped. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problems starting OL6.3 lxc container
On Sun, 21 Oct 2012 16:27:01 +0700 Fajar A. Nugraha l...@fajar.net wrote: On Sun, Oct 21, 2012 at 4:23 PM, C. L. Martinez carlopm...@gmail.com wrote: On Sun, Oct 21, 2012 at 9:20 AM, Fajar A. Nugraha l...@fajar.net wrote: -- No, problem continues ... I have used this template to create my lxc container: In that I says use the unmodified config file first. For example, it says lxc.devttydir = lxc (which you commented out). If you HAVE used the default config file created by the template, but it still doesn't work, you should probably contact the template creator directly (it's on top of the template file) and ask them how to use the template. -- Fajar Yes, I have commented out because when I launch lxc-start, returns me this error: lxc-start 1350810587.498 ERRORlxc_confile - unknow key lxc.devttydir lxc-start 1350810587.498 ERRORlxc_start_ui - failed to read configuration file Looks like an old version problem. Did you know that the staging git repo on github is newer than released lxc version? I wouldn't be surprised if you need to recompile lxc -- using sources from that repo --- to get the template to work. Exactly. You are trying to use the template from git staging lxc which supports devttydir with older lxc-0.7.5 from OL6.3. If you want to use the oracle template, I would also recommend just building from the staging git repo: (git clone git://github.com/lxc/lxc; ./autogen; ./configure; make rpm). -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] centos6 container and root login
On Tue, 23 Oct 2012 03:15:06 +0700 Fajar A. Nugraha l...@fajar.net wrote: [...] to be more precise, I've got after root/passwd phrase the option: Would you like to enter a security context? [N] Looks like selinux problem? Can you try disabling selinux in the host (and possibly in the guest as well) with setenforce 0. FWIW in my experience doing setenforce 0 in the host isn't enough for the guest to think selinux is disabled since libselinux::is_selinux_enabled() in the guest will check /proc/filesystems and see selinuxfs, thus reporting that it is on. (ie. check the output of sestatus in the guest). I had to disable it and reboot to make the guest think it is not enabled. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
