On Tue, 23 Oct 2012 20:03:33 +0200 olx69 <ope-li...@gmx.de> wrote: > >> > to be more precise, I've got after root/passwd phrase the > >> > option: > >> > > >> > Would you like to enter a security context? [N] > >> > >> Looks like selinux problem? Can you try disabling selinux in the > >> host (and possibly in the guest as well) with "setenforce 0". > > > >FWIW in my experience doing setenforce 0 in the host isn't enough > >for the guest to think selinux is disabled since > >libselinux::is_selinux_enabled() in the guest will > >check /proc/filesystems and see selinuxfs, thus reporting that it is > >on. (ie. check the output of sestatus in the guest). I had to > >disable it and reboot to make the guest think it is not enabled. > > How to disable it in that manner? > > In the container I did install policycoreutils (as shown at > http://wiki.1tux.org/wiki/Centos6/Installation/Minimal_installation_using_yum > I have only centos-release and the essential packages) and have > > # echo 0 >selinux/enforce > # cat etc/selinux/config > SELINUX=disabled > > in the the lxc container I can do now > > [root@pgsql ~]# sestatus > SELinux status: enabled > SELinuxfs mount: /selinux > Current mode: enforcing > Mode from config file: disabled > Policy version: 24 > Policy from config file: targeted > > which disables selinux obviously.
Not actually disabled yet, for example try changing roots password in the container and you will not be able to. Doing the change to the hosts /etc/selinux/config you showed and rebooting the host should disable it, not just set it to permissive. As long as sestatus shows like above (the SELinux status is enabled), programs in the guest still think its enabled regardless of what the config file says because they call the libselinux::is_selinux_enabled() function I mentioned above which checks to see if selinuxfs is in /proc/filesystems. > BTW, for root login all what I did was to disable all > pam_selinux.so pam_loginuid.so lines in /etc/pam.d/login ! Yes, you may also have to add lxc/tty1 or pts/0 (for libvirt) to $container/etc/securetty depending on how you have your ptys mapped. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
