openpty() and jail in RELENG_7
Tom Evans
tevans.uk at googlemail.com
Wed Nov 7 02:43:11 PST 2007
On Tue, 2007-11-06 at 22:19 +0200, Dan Epure wrote:
> Hi All,
>
>
> I'm using on the host system (7.0-BETA2):
> #sysctl kern.pts.enable
> kern.pts.enable: 1
> I have no problem at all.
>
> The jail is also 7.0-BETA2
>
> The problem is inside the jail openpty() can not allocate the pty:
> === cut here ===
> debug1: monitor_child_preauth: test2 has been authenticated by privileged process
> debug1: PAM: reinitializing credentials
> debug1: Entering interactive session for SSH2.
> debug1: server_init_dispatch_20
> debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug1: session_new: init
> debug1: session_new: session 0
> debug1: session_open: channel 0
> debug1: session_open: session 0: link with channel 0
> debug1: server_input_channel_open: confirm session
> debug1: server_input_channel_req: channel 0 request pty-req reply 0
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req pty-req
> debug1: Allocating pty.
> debug1: session_new: init
> debug1: session_new: session 0
> openpty: No such file or directory
> session_pty_req: session 0 alloc failed
> debug1: server_input_channel_req: channel 0 request shell reply 0
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req shell
> === and here ===
> the ssh session just hangs. (no pty ?)
>
> I did not forget to mount devfs inside the jail.
> The jail is configured in rc.conf:
> === cut here ===
> jail_enable="YES"
> jail_list="test"
> jail_test_hostname="test.mydomain.org"
> jail_test_rootdir="/jails/test"
> jail_test_interface="bge0"
> jail_test_devfs_enable="YES"
> jail_test_ip="192.168.10.2"
> jail_set_hostname_allow="NO"
> jail_sysvipc_allow="NO"
> jail_socket_unixiproute_only="YES"
> === and here ===
> I think the problem is related to restrictions imposed by the jail.
>
> Please advise.
>
> Gepu
This is because you haven't been allocated a pty inside your jail.
Enable sshd inside your jail, ssh to your jail (which will allocate you
a pty). Then from inside your jail, you can use any pty-using
application you wish.
I am presuming you are doing something like 'jexec 1 /bin/csh' or
similar, and I'm only really repeating Xin Li's advice to me[1].
Cheers
Tom
[1]
http://lists.freebsd.org/pipermail/freebsd-jail/2007-October/000106.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20071107/cd8eefcb/attachment.pgp
More information about the freebsd-stable
mailing list