Whish you a less buged 2012 year !
Like it's wrotten in the title, I would like to make my LXC container work on a GRSEC patched Kernel (I use version 2.6.32.52).
Before posting here I've been looking around on the net to see if someone had found a solution to this, but all I found was'nt working for me...
I patched my Debian 2.6.32.52 kernel with grsec and since then when I start lxc (lxc-start -n container) I got the following error message:
- Code: Select all
lxc-start: Operation not permitted - failed to umount 'dev/pts'
lxc-start: failed to setup the new pts instance
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'HTTP'
lxc-start: Device or resource busy - failed to remove cgroup '/cgroup/HTTP'
So I tried to compile the Kernel:
disabling RBAC
disabling CONFIG_PAX_KERNEXEC
enabling CONFIG_DEVPTS_MULTIPLE_INSTANCES
But I still have the same problems.
Today I noticed that I could see more being directly working on the physical machine. I can see a few messages like:
- Code: Select all
[65569.795891] grsec: use of CAP_SYS_ADMIN in chroot denied for /usr/bin/lc-start [lxc-start:2513] uid/euid:0/0 gid/egid:0:0, parent /usr/bin/lxc-start[lxc-start:2507] uid/euid:0/0 gid/egid:0/0
I may need to allow CAP_SYS_ADMIN to lxc-start or something like that but because I'm not a Kernel expert I would really appreciate a bit help or even some advices...
Thanks for your help,
ST