Re: [Vserver] Help needed for a PAM module:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] Help needed for a PAM module

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Sat 14 Oct 2006 - 04:34:26 BST
Message-ID: <20061014033426.GC26188@MAIL.13thfloor.at>

On Sat, Oct 14, 2006 at 12:20:39AM +0200, Vincent Besse wrote:
>
> Hello,
>
> I'm writing a pam_vserver module, or should I say _try_ to write a
> pam_vserver module. My main goal is to have freeNX server running
> inside a vserver and log in directly through the SSH server on the
> host. You can get the code at
> http://sourceforge.net/projects/pam-vserver/
>
> Basically it does:
> chdir(/path/to/myvserver)
> chroot(/path/to/myvserver)
> vc_ctx_migrate(ctx_of_myvserver)
>
> myvserver must have been started before.
>
> When I do a 'ssh -X user@myhost' in a xterm, I'm well logged in
> myvserver but:
> - I have this line in /var/log/auth.log:
> Oct 13 22:41:51 myvserver sshd[5276]: error: /dev/pts/7: No such file or
> directory
> - some commands don't produce any output (i.e ps )
> - xterm fails with get_pty: not enough ptys ( DISPLAY=myserver:10.0
> nevertheless)
> - ipv4root is not set
>
> In myvserver, I have a second SSH server, listening on port 2222. Now,
> after being logged with the method above, I do a 'ssh -X -p 2222
> user@myvserver' and everything seems fine. I can launch xterms
> (DISPLAY=myvserver:11.0), ps is ok and ipv4root is set.
>
> I suppose the main problem relates to the fact that the host sshd can't
> find /dev/pts/* inside the vserver. I've tried to use ptsname() before
> the chroot() to get the name of the "calling" pty and re-create it in
> the vserver, but all I have is Inappropriate ioctl for device. Except
> ipv4root, there are no diffs in the /proc/*/{status,vinfo}.

yes, to be precise, the problem is this:

 - you reach the host and allocate a pty
 - then you enter a guest context
 - now you try to access the pty, which still
   belongs to the host (and gets denied)

check out util-vserver and/or have a chat with
Daniel Hokka Zakrisson (daniel_hozac) about the
stuff used/done in vlogin :)

> So there I'm a bit...lost :(
>
> Any help would be great.

HTH,
Herbert

> Best regards
>
> Vincent
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sat Oct 14 04:35:03 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 14 Oct 2006 - 04:35:06 BST by hypermail 2.1.8