openssh-unix-dev October 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: problem using sshd inside a LXC container

problem using sshd inside a LXC container

From: Hans Harder <hans_at_nospam>
Date: Mon Oct 24 2011 - 11:38:51 GMT
To: openssh-unix-dev@mindrot.org

Currently I have a RH6.1 host with selinux enabled
On this I am running a LXC container with ubuntu (without selinux) with
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009

when I try to do a ssh connection to the lxc container I get :
...
debug1: Next authentication method: password
root@192.168.2.11's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.2.11 closed by remote host.
Connection to 192.168.2.11 closed.
Transferred: sent 1728, received 1784 bytes, in 0.1 seconds
Bytes per second: sent 16426.3, received 16958.6
debug1: Exit status -1

Inside the container I can see an error in the auth.log:

Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session
opened for user root by (uid=0)
Oct 24 11:14:11 art01 sshd[1703]: fatal: ssh_selinux_getctxbyname:
ssh_selinux_getctxbyname: security_getenforce() failed
Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session
closed for user root

Now I assume I have a problem because inside the container selinux is
disabled...
If so, is there a way to tell the sshd inside the container to ignore
the selinux check....

Hans
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev