From 2fbec002031934c0e5ad660c6af6e34a2647ed3d Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <dan@berrange.com>
Date: Fri, 5 Nov 2010 13:27:34 +0000
Subject: [PATCH] Fix LXC container console device setup

The /dev/console device inside the container must NOT map
to the real /dev/console device node, since this allows the
container control over the current host console. A fun side
effect of this is that starting a container containing a
real Fedora OS will kill off your X server.

Remove the /dev/console node, and replace it with a symlink
to the primary console TTY

* src/lxc/lxc_container.c: Replace /dev/console with a
  symlink to /dev/pty/0
* src/lxc/lxc_controller.c: Remove /dev/console from cgroups
  ACL
---
 src/lxc/lxc_container.c  | 6 +++++-
 src/lxc/lxc_controller.c | 1 -
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 0e06a2dcd0..7013667de3 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -466,7 +466,6 @@ static int lxcContainerPopulateDevices(void)
         { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL, 0666, "/dev/null" },
         { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO, 0666, "/dev/zero" },
         { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL, 0666, "/dev/full" },
-        { LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE, 0600, "/dev/console" },
         { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM, 0666, "/dev/random" },
         { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM, 0666, "/dev/urandom" },
     };
@@ -508,6 +507,11 @@ static int lxcContainerPopulateDevices(void)
                              _("Failed to symlink /dev/pts/0 to /dev/tty1"));
         return -1;
     }
+    if (symlink("/dev/pts/0", "/dev/console") < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Failed to symlink /dev/pts/0 to /dev/console"));
+        return -1;
+    }
 
     return 0;
 }
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index eb0148e4b7..478f0d1ff5 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -80,7 +80,6 @@ static int lxcSetContainerResources(virDomainDefPtr def)
         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
         {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
-        {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_CONSOLE},
         {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
         {0,   0, 0}};
 
-- 
2.39.5