From owner-freebsd-stable@FreeBSD.ORG Wed Nov 7 10:43:11 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 156C516A468 for ; Wed, 7 Nov 2007 10:43:11 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.242]) by mx1.freebsd.org (Postfix) with ESMTP id C47D613C480 for ; Wed, 7 Nov 2007 10:43:10 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: by an-out-0708.google.com with SMTP id c24so334363ana for ; Wed, 07 Nov 2007 02:43:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer; bh=jHtaRA8NYapNX0ZTipgvJieKMLsWT8N8/ynj7Ooz5xk=; b=ROitAjxbx0JR2lKXKKuNcd1AkJtrDX/yYkwYTo4SScezV7p0GGd9IyZLtVu187VlONSMmImOmZhXJi1gTcTUwKuk/4K1SSejA88LYR8o7gbOrxIJ06KvspLdP/raQTMUeGdx3wpMcRNLZZ4vV4KMUJHeT+3aCI19AT+lQn7paz0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer; b=GGSCWC352dtb1JLLgqCE+xhGpUniQuE16y+yHssny3r0RzdzTh2Tkd4/bKKfAauB7QWNiY8aDruzto16dgpEHPX5xkmZ+oYPZSe6SoJtv7Bhx7reEU8MVYJBjNOyfT8huT+Lrsfho/g6UjchRx4MoKRidXqPJLsQQZ/Aaa1P1xY= Received: by 10.100.106.1 with SMTP id e1mr10411974anc.1194432182716; Wed, 07 Nov 2007 02:43:02 -0800 (PST) Received: from ?127.0.0.1? ( [217.206.187.79]) by mx.google.com with ESMTPS id d23sm96180nfh.2007.11.07.02.43.00 (version=SSLv3 cipher=RC4-MD5); Wed, 07 Nov 2007 02:43:01 -0800 (PST) From: Tom Evans To: Dan Epure In-Reply-To: <20071106201948.GA6590@iogyte.ro> References: <20071106201948.GA6590@iogyte.ro> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-OgD3LNEicNDvQmPmXp/5" Date: Wed, 07 Nov 2007 10:42:58 +0000 Message-Id: <1194432178.64797.42.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.10.2 FreeBSD GNOME Team Port Cc: freebsd-stable@freebsd.org Subject: Re: openpty() and jail in RELENG_7 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2007 10:43:11 -0000 --=-OgD3LNEicNDvQmPmXp/5 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2007-11-06 at 22:19 +0200, Dan Epure wrote: > Hi All, >=20 >=20 > I'm using on the host system (7.0-BETA2): > #sysctl kern.pts.enable > kern.pts.enable: 1 > I have no problem at all. >=20 > The jail is also 7.0-BETA2 >=20 > The problem is inside the jail openpty() can not allocate the pty: > =3D=3D=3D cut here =3D=3D=3D > debug1: monitor_child_preauth: test2 has been authenticated by privileged= process > debug1: PAM: reinitializing credentials > debug1: Entering interactive session for SSH2. > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16= 384 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug1: server_input_channel_req: channel 0 request pty-req reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req pty-req > debug1: Allocating pty. > debug1: session_new: init > debug1: session_new: session 0 > openpty: No such file or directory > session_pty_req: session 0 alloc failed > debug1: server_input_channel_req: channel 0 request shell reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req shell > =3D=3D=3D and here =3D=3D=3D > the ssh session just hangs. (no pty ?)=20 >=20 > I did not forget to mount devfs inside the jail. > The jail is configured in rc.conf: > =3D=3D=3D cut here =3D=3D=3D > jail_enable=3D"YES" > jail_list=3D"test" > jail_test_hostname=3D"test.mydomain.org" > jail_test_rootdir=3D"/jails/test" > jail_test_interface=3D"bge0" > jail_test_devfs_enable=3D"YES" > jail_test_ip=3D"192.168.10.2" > jail_set_hostname_allow=3D"NO" > jail_sysvipc_allow=3D"NO" > jail_socket_unixiproute_only=3D"YES" > =3D=3D=3D and here =3D=3D=3D > I think the problem is related to restrictions imposed by the jail. >=20 > Please advise. >=20 > Gepu This is because you haven't been allocated a pty inside your jail. Enable sshd inside your jail, ssh to your jail (which will allocate you a pty). Then from inside your jail, you can use any pty-using application you wish.=20 I am presuming you are doing something like 'jexec 1 /bin/csh' or similar, and I'm only really repeating Xin Li's advice to me[1]. Cheers Tom [1] http://lists.freebsd.org/pipermail/freebsd-jail/2007-October/000106.html --=-OgD3LNEicNDvQmPmXp/5 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBHMZatlcRvFfyds/cRAs3yAKCdxrSTaQtt7Cqml5I2xVQ9jF0GQQCgi3lq p3dW/eAg+JmIH0RiRTRNuEA= =DOjo -----END PGP SIGNATURE----- --=-OgD3LNEicNDvQmPmXp/5--