This discussion is archived
10 Replies Latest reply: Nov 3, 2012 5:20 AM by jwmitchell RSS

LXC and X

jwmitchell Newbie
Currently Being Moderated
I've been able to successfuly bring up an OL6 container on an OL6 host. lxc-console works great to connect. SSH worked great until I installed the xorg-x11-xauth.x86_64 package in the container. Now everytime I connect to the container via ssh -x root@host I get the following error displayed on the console in the container:

[root@host ~]# Unable to get valid context for root
Last login: Wed Oct 24 21:53:20 2012
/usr/bin/xauth: error while loading shared libraries: libXau.so.6: cannot open shared object file: Permissiion denied
-bash: cannot set terminal process group (-1): Inapproppriate ioctl for device
-base: no job control in this shell

After this point the containers console is completely messed up its impossible to use. Only solution is to use lxc-kill to stop the container

And the ssh session which was attempting to be established just hangs as well.

I've googled around a lot but can't seem to find this exact issue. I've read several posts of people tunneling X over SSH in a container so I can't figure out what I'm doing wrong. Here is the config for the container:

lxc.utsname = elevendbc1
#lxc.tty = 4
lxc.tty = 1
lxc.pts = 1024
lxc.rootfs = /container/elevendbc1
lxc.mount = /etc/lxc/elevendbc1/fstab
#networking
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = virbr0
lxc.network.name = eth0
lxc.network.mtu = 1500
#cgroups
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
  • 1. Re: LXC and X
    Dude! Guru
    Currently Being Moderated
    A lowercase x in ssh -x like you have specified disabled X forwarding. Regarding the permission problem, have you checked if SELinux could be the reason?
  • 2. Re: LXC and X
    jwmitchell Newbie
    Currently Being Moderated
    Yes, typo on the -x when creating the post. It's correct on the command line.

    As for SELinux, it was already disabled in the container. I also disabled it on the host, which removed one of the errors. This is what's now displayed on the console of the container:

    -bash: cannot set terminal process group (-1): Inapproppriate ioctl for device
    -bash: no job control in this shell
  • 3. Re: LXC and X
    Dude! Guru
    Currently Being Moderated
    What is X server are you running on your client?
  • 4. Re: LXC and X
    jwmitchell Newbie
    Currently Being Moderated
    Tried cygwin/X and MobaXterm. Same results with both.
  • 5. Re: LXC and X
    Dude! Guru
    Currently Being Moderated
    Looking at your config file:

    #lxc.tty = 4
    lxc.tty = 1

    What happens if you change it back to 4?
  • 6. Re: LXC and X
    jwmitchell Newbie
    Currently Being Moderated
    Doesn't make a difference. I've tried several different numbers, including 0, but nothing's helped. In fact 0 disabled the console.

    Might be something with the distro - I've read blogs showing this successfully working on gentoo and archlinux. Following those articles still produces the same results for me on OL63. My ultimate goal was to use the containers to play with RAC. I liked that containers are much lighter weight than VirtualBox since my computer isn't the beefiest. Maybe in the next release....
  • 7. Re: LXC and X
    jwmitchell Newbie
    Currently Being Moderated
    Ok, so I found that if I comment out the line
    lxc.pts=1024
    from the containers config file and the line
    devpts /container/elevenbc1/dev/pts devpts defaults 0 0
    from the containers fstab file, X over SSH works. From what I read, these two lines give the container a private pts filesystem. Not sure why this helps, but hopefully it will save someone else hours of frustration.
  • 8. Re: LXC and X
    jwmitchell Newbie
    Currently Being Moderated
    While researching this further, I came across the following, which seems to describe the issue and solution:

    http://www.cs.fsu.edu/~baker/devices/lxr/http/source/linux/Documentation/filesystems/devpts.txt

    To summarize, the devpts filesystem now supports to modes - single instance (legacy) and multi-instance. Multi-instance mode is enabled if
    - CONFIG_DEVPTS_MULTIPLE_INSTANCES=y, and
    - '-o newinstance' mount option is specified while mounting devpts

    1. Is CONFIG_DEVPTS_MULTIPLE_INSTANCES=Y a compile time setting of the kernel? Was EUK2 kernel compiled with this setting?

    2. Which script on the host should be modified to include the mount option "-o newinstance" flag? I thought perhaps it might occur in the sysinit script but a search for devpts didn't yield any results. I ended up adding it to fstab but it didn't seem to do anything.
  • 9. Re: LXC and X
    Dude! Guru
    Currently Being Moderated
    I was actually looking into CONFIG_DEVPTS_MULTIPLE_INSTANCES prior to my last response, and therefore did not bother to mention it.
    It is enabled in the 2.6.29 mainstream and UEK2 kernel.

    To find out if you have it enabled in your current kernel:

    <pre>
    # grep "CONFIG_DEVPTS" /boot/config-$(uname -r)
    </pre>

    You might also want to check the mount (8) man page under "newinstance".
  • 10. Re: LXC and X
    jwmitchell Newbie
    Currently Being Moderated
    So this seems to fix it. Do it to a non-running container.

    To the containers fstab, add newinstance to the options. I also added ptmxmode=0666 but the permissions weren't set accordingly.
    devpts  dev/pts  devpts  newinstance,ptmxmode=0666 0 0 
    Then:

    rm {container_rootfs}/dev/ptmx
    mknod -m 666 {container_rootfs}/dev/pts/ptmx
    ln {container_rootfs}/dev/pts/ptmx {container_rootfs}/dev/ptmx
    rm {container_rootfs}/dev/pts/ptmx

    Also disable SELinux. Restart the container and X should be happy.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points