mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-12 15:52:55 +00:00
Fix LXC container console device setup
The /dev/console device inside the container must NOT map to the real /dev/console device node, since this allows the container control over the current host console. A fun side effect of this is that starting a container containing a real Fedora OS will kill off your X server. Remove the /dev/console node, and replace it with a symlink to the primary console TTY * src/lxc/lxc_container.c: Replace /dev/console with a symlink to /dev/pty/0 * src/lxc/lxc_controller.c: Remove /dev/console from cgroups ACL
This commit is contained in:
Daniel P. Berrange
Daniel P. Berrange
parent
51c83a2b1a
commit
2fbec00203
@ -466,7 +466,6 @@ static int lxcContainerPopulateDevices(void)
|
||||
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL, 0666, "/dev/null" },
|
||||
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO, 0666, "/dev/zero" },
|
||||
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL, 0666, "/dev/full" },
|
||||
{ LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE, 0600, "/dev/console" },
|
||||
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM, 0666, "/dev/random" },
|
||||
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM, 0666, "/dev/urandom" },
|
||||
};
|
||||
@ -508,6 +507,11 @@ static int lxcContainerPopulateDevices(void)
|
||||
_("Failed to symlink /dev/pts/0 to /dev/tty1"));
|
||||
return -1;
|
||||
}
|
||||
if (symlink("/dev/pts/0", "/dev/console") < 0) {
|
||||
virReportSystemError(errno, "%s",
|
||||
_("Failed to symlink /dev/pts/0 to /dev/console"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -80,7 +80,6 @@ static int lxcSetContainerResources(virDomainDefPtr def)
|
||||
{'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
|
||||
{'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
|
||||
{'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
|
||||
{'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE},
|
||||
{'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
|
||||
{0, 0, 0}};
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user