problem using sshd inside a LXC container
Darren Tucker
dtucker at zip.com.au
Tue Oct 25 14:28:17 EST 2011
On 24/10/11 10:38 PM, Hans Harder wrote:
> Currently I have a RH6.1 host with selinux enabled
> On this I am running a LXC container with ubuntu (without selinux) with
> OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
[...]
> Now I assume I have a problem because inside the container selinux is
> disabled...
> If so, is there a way to tell the sshd inside the container to ignore
> the selinux check....
sshd has no knobs for this. The code in openbsd-compat/port-linux.c
looks roughly like this (assuming it's not been changed by debian or
ubuntu):
r = get_default_context(sename, NULL, &sc);
if (r != 0) {
switch (security_getenforce()) {
case -1:
fatal("%s: ssh_selinux_getctxbyname: "
"security_getenforce() failed", __func__);
so if you could get get_default_context() to return zero then it won't
fatal out, but I don't know enough selinux and/or lxc to know if that's
possible. Failing that, you'd probably have to hack sshd.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list