[libvirt] [PATCH] Fix LXC container console device setup
From: Daniel P. Berrange <dan(a)berrange.com>
The /dev/console device inside the container must NOT map
to the real /dev/console device node, since this allows the
container control over the current host console. A fun side
effect of this is that starting a container containing a
real Fedora OS will kill off your X server.
Remove the /dev/console node, and replace it with a symlink
to the primary console TTY
* src/lxc/lxc_container.c: Replace /dev/console with a
symlink to /dev/pty/0
* src/lxc/lxc_controller.c: Remove /dev/console from cgroups
ACL
---
src/lxc/lxc_container.c | 6 +++++-
src/lxc/lxc_controller.c | 1 -
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 0e06a2d..7013667 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -466,7 +466,6 @@ static int lxcContainerPopulateDevices(void)
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL, 0666, "/dev/null" },
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO, 0666, "/dev/zero" },
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL, 0666, "/dev/full" },
- { LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE, 0600, "/dev/console" },
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM, 0666, "/dev/random" },
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM, 0666, "/dev/urandom" },
};
@@ -508,6 +507,11 @@ static int lxcContainerPopulateDevices(void)
_("Failed to symlink /dev/pts/0 to /dev/tty1"));
return -1;
}
+ if (symlink("/dev/pts/0", "/dev/console") < 0) {
+ virReportSystemError(errno, "%s",
+ _("Failed to symlink /dev/pts/0 to
/dev/console"));
+ return -1;
+ }
return 0;
}
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index eb0148e..478f0d1 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -80,7 +80,6 @@ static int lxcSetContainerResources(virDomainDefPtr def)
{'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
{'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
{'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
- {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE},
{'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
{0, 0, 0}};
--
1.7.2.3