Am Montag, 20. November 2006 10:29 schrieb Oliver Heinz:
> Am Sonntag, 19. November 2006 15:32 schrieb Rik Bobbaers:
> > might be a good idea!:)
> >
> > let me know if that fixes the problem. could you give me the grsec
> > config part of your kernel?
>
Seems the listbot ate my first mail, but anyway: I just tested with the old
kernel 2.6.12.5-vs2.0 and the problem is still there, so i hast to be
util-vserver0.30.211 related.
So definitely no grsec problem.
Those old suse 9.0 platforms are doomed anyway, so if you don't consider this
a general problem we should leave it as it is. But if you want to dig further
into this issue just tell me what to to and i am pleased to assist you.
Thanks so far,
Oliver
> > tnx!
> >
> > Oliver Heinz wrote:
> > > Am Samstag, 18. November 2006 21:46 schrieb Herbert Poetzl:
> > >> On Sat, Nov 18, 2006 at 01:05:48PM +0100, Oliver Heinz wrote:
> > >>> Am Freitag, 17. November 2006 18:48 schrieb Oliver Heinz:
> > >>>> Am Freitag, 17. November 2006 17:49 schrieb Herbert Poetzl:
> > >>>>> On Fri, Nov 17, 2006 at 11:05:52AM +0100, Oliver Heinz wrote:
> > >>>>>> Am Donnerstag, 16. November 2006 13:11 schrieb Daniel Hokka
> > >
> > > Zakrisson:
> > >>>>>>> Oliver Heinz wrote:
> > >>>>>>>> Hello,
> > >>>>>>>>
> > >>>>>>>> yesterday I upgraded my development server from
> > >>>>>>>> vmlinuz-2.6.12.5-vs2.0 to 2.6.17.14-grsec2.1.9-vs2.0.2.1 and
> > >>>>>>>> util-vserver from util-vserver-0.30.210 to
> > >>>>>>>> util-vserver-0.30.211.
> > >>>>>>>>
> > >>>>>>>> All Debian/Ubuntu guests are running fine, but for the old
> > >>>>>>>> Suse9.0 guest when entering via vserver servername enter i get
> > >>>>>>>> an error:
> > >>>>>>>>
> > >>>>>>>> root@gobi:/usr/src/packages# vserver dakar enter vlogin:
> > >>>>>>>> openpty(): No such file or directory
> > >>>>>>>> root@gobi:/usr/src/packages#
> > >>>>>>>>
> > >>>>>>>> Any Idea what's wrong? Entering via ssh works fine, all
> > >>>>>>>> services are running, so it's not a major issue, just annoing.
> > >>>>>>>
> > >>>>>>> Does it have /dev/ptmx and a mounted /dev/pts? When you log in
> > >>>>>>> through ssh, what tty are you on?
> > >>>>>>
> > >>>>>> dakar:~ # w
> > >>>>>> 10:56:59 up 1 day, 1:03, 2 users, load average: 0.16, 0.16,
> > >>>>>> 0.29 USER TTY LOGIN@ IDLE JCPU PCPU WHAT
> > >>>>>> oheinz ttyp1 10:28 11:22 0.10s 0.10s -bash
> > >>>>>> root ttyp2 10:56 0.00s 0.04s 0.00s w
> > >>>>>
> > >>>>> ~~~~~~~~~
> > >>>>> looks like legacy ptys .. haven't seen them
> > >>>>> for some time now, not sure that is related though ..
> > >>>>
> > >>>> I was wondering too, when I ssh to a real physical host with suse
> > >>>> 9.0 and kernel 2.4 I get ptys
> > >>>>
> > >>>>> what does /dev contain in your guest?
> > >>>
> > >>> Just those few devices that are SuSE default ;-)
> > >>>
> > >>> - I tried to attach the List but: Message body is too big and nobody
> > >>> approved it yet. Is there someting special you are interessted?
> > >>> ttys?pts?
> > >>
> > >> ahem, this is what your guest should actually have in its
> > >> /dev, nothing more ...
> > >>
> > >> # ls /dev
> > >> console full log= null ptmx pts/ random tty urandom zero
> > >>
> > >> maybe an additional hdv1, but that's it, everything
> > >> else is not required and reduces your guest's security
> > >> which is why the tools do not put stuff there besides
> > >> the entries listed above ...
> > >
> > > Thanks for that advice, but this vserver is an internal development
> > > platform for a real server, which (of course) does have all those /dev
> > > entries . So security in this guest is not an issue.
> > >
> > > But it probably is not a good idea to have all that static dev entries
> > > that are for 2.4 kernels running with a 2.6 vserver enabled kernel,
> > > idn't it.
> > >
> > > So I did remove all that crap, left only
> > >
> > > crw------- 1 root tty 5, 1 2006-11-19 15:14 console
> > > crw-rw-rw- 1 root root 1, 7 2005-07-12 14:14 full
> > > prw------- 1 root root 0 2006-11-19 15:14 initctl
> > > crw-rw-rw- 1 root root 1, 3 2005-07-12 14:14 null
> > > crw-rw-rw- 1 root tty 5, 2 2006-11-19 15:12 ptmx
> > > drwxr-xr-x 2 root root 4096 2006-11-15 18:34 pts
> > > crw-rw-rw- 1 root root 1, 8 2005-07-12 14:14 random
> > > crw-rw-rw- 1 root tty 5, 0 2006-11-19 15:04 tty
> > > -rw-r--r-- 1 root root 582 2006-11-19 15:13 tty10
> > > cr--r--r-- 1 root root 1, 9 2006-11-15 18:34 urandom
> > > crw-rw-rw- 1 root root 1, 5 2005-07-12 14:14 zero
> > >
> > >
> > > But now I get an:
> > > root@gobi:~# vserver dakar enter
> > > vlogin: ioctl(): Not a typewriter
> > > root@gobi:~#
> > >
> > >
> > > and login via ssh is now broken too :-(
> > > Nov 19 15:08:56 dakar sshd[1912]: error: openpty: No such file or
> > > directory Nov 19 15:08:56 dakar sshd[1912]: error: session_pty_req:
> > > session 0 alloc failed
> > >
> > > Should I check with an non grsec vserver-kernel? Maybe it's grsec
> > > related?
> > >
> > > Thanks so far,
> > > Oliver
> > >
> > >> best,
> > >> Herbert
> > >>
> > >>> TIA,
> > >>> Oliver
> > >>>
> > >>>>> TIA,
> > >>>>> Herbert
> > >>>>>
> > >>>>>> dakar:~ # mount
> > >>>>>> /dev/hda2 on / type reiserfs (rw)
> > >>>>>> proc on /proc type proc (rw)
> > >>>>>> devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
> > >>>>>>
> > >>>>>> dakar:~ # ls -la /dev/ptmx
> > >>>>>> crw-rw-rw- 1 root tty 5, 2 Sep 23 2003 /dev/ptmx
> > >>>>>>
> > >>>>>>
> > >>>>>> Thanks so far,
> > >>>>>> Oliver
> > >>>>>> _______________________________________________
> > >>>>>> Vserver mailing list
> > >>>>>> Vserver@list.linux-vserver.org
> > >>>>>> http://list.linux-vserver.org/mailman/listinfo/vserver
> > >>>
> > >>> _______________________________________________
> > >>> Vserver mailing list
> > >>> Vserver@list.linux-vserver.org
> > >>> http://list.linux-vserver.org/mailman/listinfo/vserver
> > >
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver@list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Nov 20 17:20:58 2006