On 10/30/2013 07:15 PM, Daniel P. Berrange wrote: > On Tue, Oct 29, 2013 at 03:37:51PM +0800, Gao feng wrote: >> Now, /dev/console is linked to the /dev/pts/0, >> so for the process agetty, the tty device of >> agetty is pts/0. this will cause login container >> failed. >> since pts/0 is not in the /etc/securetty. so >> pam module pam_securetty will prevent the root >> user logging on the system. >> >> this patch doesn't make /dev/console a symbol but >> binds /dev/pts/0 to it. so the tty device of >> agetty will be console. root can login the system >> successfully. > > This only really fixes it for the first console. If the guest > has multiple <console/> lines defined, we still have the same > problem with securetty for other consoles.I'm wondering if Oh, that's /dev/ttyN, not /dev/console. /dev/console is only one. In my container which running fedora18, the tty device of agetty is console 553 pts/0 Ss+ 0:00 /sbin/agetty --noclear -s console 115200 38400 9600 So, this patch resolves the problem I faced. if we found the ttyN devices also need to be bound to some pts devices, it's another patch. but actually, /dev/console is pointed to different tty devices in the view of different process. this linking/binding console to /dev/pts/0 behave may mess up something. and the multiple console setting seems doesn't work for container, only the first console is opened/listened. > there is any scope for just getting the securetty check todo > the right thing by default for psuedo ttys. > Right now I don't face any problem, but I don't know if this will break something. and as I mention above, the linking /dev/console to /dev/pts/0 behave will break something too. I don't have any idea to implement the behave which /dev/console /dev/tty0 provides now. any idea? Thanks Gao -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list