On 10/30/2013 07:15 PM, Daniel P. Berrange wrote:
On Tue, Oct 29, 2013 at 03:37:51PM +0800, Gao feng wrote:
Now, /dev/console is linked to the /dev/pts/0, so for the process agetty, the tty device of agetty is pts/0. this will cause login container failed. since pts/0 is not in the /etc/securetty. so pam module pam_securetty will prevent the root user logging on the system.
this patch doesn't make /dev/console a symbol but binds /dev/pts/0 to it. so the tty device of agetty will be console. root can login the system successfully.
This only really fixes it for the first console. If the guest has multiple <console/> lines defined, we still have the same problem with securetty for other consoles.I'm wondering if
Oh, that's /dev/ttyN, not /dev/console. /dev/console is only one. In my container which running fedora18, the tty device of agetty is console 553 pts/0 Ss+ 0:00 /sbin/agetty --noclear -s console 115200 38400 9600 So, this patch resolves the problem I faced. if we found the ttyN devices also need to be bound to some pts devices, it's another patch. but actually, /dev/console is pointed to different tty devices in the view of different process. this linking/binding console to /dev/pts/0 behave may mess up something. and the multiple console setting seems doesn't work for container, only the first console is opened/listened.
there is any scope for just getting the securetty check todo the right thing by default for psuedo ttys.
Right now I don't face any problem, but I don't know if this will break something. and as I mention above, the linking /dev/console to /dev/pts/0 behave will break something too. I don't have any idea to implement the behave which /dev/console /dev/tty0 provides now. any idea? Thanks Gao