Re: [Lxc-users] centos6 container and root login
to be more precise, I've got after root/passwd phrase the option: Would you like to enter a security context? [N] Looks like selinux problem? Can you try disabling selinux in the host (and possibly in the guest as well) with setenforce 0. FWIW in my experience doing setenforce 0 in the host isn't enough for the guest to think selinux is disabled since libselinux::is_selinux_enabled() in the guest will check /proc/filesystems and see selinuxfs, thus reporting that it is on. (ie. check the output of sestatus in the guest). I had to disable it and reboot to make the guest think it is not enabled. How to disable it in that manner? In the container I did install policycoreutils (as shown at http://wiki.1tux.org/wiki/Centos6/Installation/Minimal_installation_using_yum I have only centos-release and the essential packages) and have # echo 0 selinux/enforce # cat etc/selinux/config SELINUX=disabled in the the lxc container I can do now [root@pgsql ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: disabled Policy version: 24 Policy from config file:targeted which disables selinux obviously. BTW, for root login all what I did was to disable all pam_selinux.so pam_loginuid.so lines in /etc/pam.d/login ! -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] centos6 container and root login
in the the lxc container I can do now [root@pgsql ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: disabled Policy version: 24 Policy from config file:targeted which disables selinux obviously. ... *not* Interesting, in the container: [root@pgsql ~]# setenforce 0 setenforce: setenforce() failed ??? not possible??? -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] centos6 container and root login
Am 23.10.2012 20:10, schrieb olx69: in the the lxc container I can do now [root@pgsql ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: disabled Policy version: 24 Policy from config file:targeted which disables selinux obviously. ... *not* Interesting, in the container: [root@pgsql ~]# setenforce 0 setenforce: setenforce() failed ??? not possible??? Even after more thinking about - do you mean disable SELinux on host? This would make sense for me, since the host kernel has SELinux - using the same kernel in a disabled container would disable it on host self also, probably not intentionally - isn't it? -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] centos6 container and root login
On Tue, 23 Oct 2012 20:03:33 +0200 olx69 ope-li...@gmx.de wrote: to be more precise, I've got after root/passwd phrase the option: Would you like to enter a security context? [N] Looks like selinux problem? Can you try disabling selinux in the host (and possibly in the guest as well) with setenforce 0. FWIW in my experience doing setenforce 0 in the host isn't enough for the guest to think selinux is disabled since libselinux::is_selinux_enabled() in the guest will check /proc/filesystems and see selinuxfs, thus reporting that it is on. (ie. check the output of sestatus in the guest). I had to disable it and reboot to make the guest think it is not enabled. How to disable it in that manner? In the container I did install policycoreutils (as shown at http://wiki.1tux.org/wiki/Centos6/Installation/Minimal_installation_using_yum I have only centos-release and the essential packages) and have # echo 0 selinux/enforce # cat etc/selinux/config SELINUX=disabled in the the lxc container I can do now [root@pgsql ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: disabled Policy version: 24 Policy from config file:targeted which disables selinux obviously. Not actually disabled yet, for example try changing roots password in the container and you will not be able to. Doing the change to the hosts /etc/selinux/config you showed and rebooting the host should disable it, not just set it to permissive. As long as sestatus shows like above (the SELinux status is enabled), programs in the guest still think its enabled regardless of what the config file says because they call the libselinux::is_selinux_enabled() function I mentioned above which checks to see if selinuxfs is in /proc/filesystems. BTW, for root login all what I did was to disable all pam_selinux.so pam_loginuid.so lines in /etc/pam.d/login ! Yes, you may also have to add lxc/tty1 or pts/0 (for libvirt) to $container/etc/securetty depending on how you have your ptys mapped. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] centos6 container and root login
Hello, basically I did follow http://wiki.1tux.org/wiki/Centos6/Installation/Minimal_installation_using_yum Additionally I added echo pts/0 /etc/securetty to the lxc container to allow root login, but it doesn't allow me this. Any hints for this? The goal is to run postgresql 9.x, bacula 5.x and others inside the lxc env. Thanks, Olaf -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] centos6 container and root login
On 10/22/2012 09:05 PM, olx69 wrote: Hello, basically I did follow http://wiki.1tux.org/wiki/Centos6/Installation/Minimal_installation_using_yum Additionally I added echo pts/0 /etc/securetty to the lxc container to allow root login, but it doesn't allow me this. Any hints for this? The goal is to run postgresql 9.x, bacula 5.x and You didn't paste error messages. others inside the lxc env. FYI I could not run psql inside container successfully, only with a very basic postgresql.conf. It was all about shared memory handling. See the list archives for the details. If I remember well, other people did not encounter the issue. tamas -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] centos6 container and root login
Hello, basically I did follow http://wiki.1tux.org/wiki/Centos6/Installation/Minimal_installation_using_yum Additionally I added echo pts/0 /etc/securetty to the lxc container to allow root login, but it doesn't allow me this. Any hints for this? The goal is to run postgresql 9.x, bacula 5.x and others inside the lxc env. to be more precise, I've got after root/passwd phrase the option: Would you like to enter a security context? [N] and then no login is possible. I've started the lxc with virsh -c lxc:/// start lxcvm virsh -c lxc:/// console lxcvm -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] centos6 container and root login
On Tue, 23 Oct 2012 03:15:06 +0700 Fajar A. Nugraha l...@fajar.net wrote: [...] to be more precise, I've got after root/passwd phrase the option: Would you like to enter a security context? [N] Looks like selinux problem? Can you try disabling selinux in the host (and possibly in the guest as well) with setenforce 0. FWIW in my experience doing setenforce 0 in the host isn't enough for the guest to think selinux is disabled since libselinux::is_selinux_enabled() in the guest will check /proc/filesystems and see selinuxfs, thus reporting that it is on. (ie. check the output of sestatus in the guest). I had to disable it and reboot to make the guest think it is not enabled. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] centos6 container and root login
basically I did follow http://wiki.1tux.org/wiki/Centos6/Installation/Minimal_installation_using_yum Additionally I added echo pts/0 /etc/securetty to the lxc container to allow root login, You shouldn't need that. So I will remove it. but it doesn't allow me this. Any hints for this? The goal is to run postgresql 9.x, bacula 5.x and others inside the lxc env. As papp mentioned, you'd probably have problems there (at least if the host is ubuntu) since postgres use shared memory and apparmor doesn't allow setting it. this is really sad, therefore I've to use a dedicated kvm instance which is another story ... to be more precise, I've got after root/passwd phrase the option: Would you like to enter a security context? [N] Looks like selinux problem? Can you try disabling selinux in the host (and possibly in the guest as well) with setenforce 0. I''ve seen this in some web articles but it doesn't help. Anway, I check it again. Thanks, Olaf -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
