[SOLVED] The system has no more ptys.

U

upnort

Member
Proxmox Subscriber
Apr 26, 2018
111
10
23
Greetings,

I am running Proxmox 5.1 fully updated with a CentOS 7 container, fully updated. I have a shell script in the CentOS container that uses the expect command. Up until about a month ago the script ran just fine. Today the script failed with:

Code: 
The system has no more ptys.

Digging a little seems to indicate that /dev/pts in the CentOS container is not getting bind mounted to the Proxmox host. Notably, there is no gid=5 mount option in the container's /dev/pts options. Group ID 5 is the tty group. I suspect that this absense is why the expect script now fails when run as non-root.

Has anything changed the past few weeks in Proxmox that would cause this error message?

Thanks much. :)

Edit: I also notice in the container that /dev/ptmx is owned root:root rather than root:tty, as in the Proxmox host.
 
Last edited:
With some digging I narrowed the cause to the lxc-pve-3.0.0 package from March 30. Reverting to lxc-pve-2.1.1 resolves the issue.

With lxc-pve-3.0.0 the containers do not inherit gid=5. With lxc-pve-2.1.1 the containers inherit gid=5, which seems correct to me.

The jump from lxc 2.1.1 to 3.0.0 is significant. Are there security issues apt pinning and running lxc-pve-2.1.1?

Perhaps this quirk affects other users. I would be grateful if a developer provided comment.

Thanks much. :)
 
There was a change to support mounting without gid=5 for unprivileged containers which have gid 5 not mapped. Upstream has already fixed this in the git-master branch, and we'll probably build a fixed package soon.
 
Thank you for replying and confirming!

In this one instance I am using the non-subscription repo, which I realize is, nominally, a testing point for the subscription repo, but I am surprised a *.0 package was pushed so shortly after release from upstream. The upstream 3.0.0 version was released March 27 and the lxc-pve package was released March 30. :)

I will be watching for an update to lxc-pve.

I do not yet have a subscription, but was the 3.0.0 package pushed to the subscription repo?
 
lxc-pve >= 3.0.0-3 should be available in the pvetest repository fixing this issue, please test.
 
Thank you Wolfgang. I tested lxc-pve_3.0.0-3. The test container correctly bind mounted /dev/pts with gid=5. With that mount option, the original expect script works too.

Note: On the Proxmox host, /dev/ptmx has root:tty ownership. On the guest the ownership is root:root. I don't know if the guest ownership should be the same as the host.
 
It would probably be better that way, but given that it's using 0666 permissions it shouldn't be much of an issue for 99% of the cases. I'll ask upstream.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back