From: sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org
To: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
Cc: kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org,
sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org,
bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org,
containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org,
xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org,
Alan Cox <alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org
Subject: Re: [PATCH 11/11][v3]: Enable multiple instances of devpts
Date: Fri, 5 Sep 2008 12:44:50 -0700 [thread overview]
Message-ID: <20080905194450.GA18119@us.ibm.com> (raw)
In-Reply-To: <48C16B42.7030103-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
H. Peter Anvin [hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org] wrote:
> Alan Cox wrote:
>>> Does presence of /dev/pts/ptmx in single-instance case break userspace ?
>> It changes the permssion rules and subverts any permissions and security
>> labels applied to the current node.
>> If it was there and defaulted to no permission I doubt anything would
>> care - ie presence is not the problem, rights management is.
>
> It would be easy enough to have it default to mode 000 unless otherwise
> specified. For the default instance it is important that a remount can
> update the permissions (since the original mount will be the kernel
> version), but that's pretty straightforward.
Agree in general. Not sure if you are implying remount is necessary just
to change permissions of pts/ptmx. Why not "chmod 0666 /dev/pts/ptmx" ?
The remount changes the 'ptmxmode' setting, but since the node exists,
the 'ptmxmode' setting is never used again and we need to chmod.
> That might be the best option?
For containers or multi-instance mode, I agree.
In mixed mode, one observation is if /dev/ptmx is changed to symlink, regular
(not container) startup scripts must chmod /dev/pts/ptmx on _every_ boot.
ptmx node in multi-instance mounts continue to get PTMX_DEFAULT_MODE
permissions (not 000) right ? (unless -o ptmxmode is specified)
Yes, I think its a good option.
next prev parent reply other threads:[~2008-09-05 19:44 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-04 5:27 [PATCH 0/11][v3]: Enable multiple mounts of devpts sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080904052718.GA3680-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-04 5:29 ` [PATCH 1/11][v3]: Move tty lookup/reopen to tty_open sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:30 ` [PATCH 2/11][v3]: Add an instance parameter devpts interfaces sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:31 ` [PATCH 3/11][v3]: Simplify devpts_get_tty() sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:32 ` [PATCH 4/11][v3]: Simplify devpts_pty_new() sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:32 ` [PATCH 5/11][v3]: Simplify devpts_pty_kill sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:33 ` [PATCH 6/11][v3]: Remove devpts_root global sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:33 ` [PATCH 7/11][v3]: Per-mount allocated_ptys sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:34 ` [PATCH 8/11][v3]: Per-mount 'config' object sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:34 ` [PATCH 9/11][v3]: Extract option parsing to new function sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:35 ` [PATCH 10/11][v3]: Ability to internally create ptmx sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:35 ` [PATCH 11/11][v3]: Enable multiple instances of devpts sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080904053551.GL3680-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-04 6:38 ` H. Peter Anvin
[not found] ` <48BF8283.7040601-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-04 15:54 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080904155431.GA11174-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-04 16:02 ` H. Peter Anvin
[not found] ` <48C00698.8050803-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-04 16:25 ` Alan Cox
[not found] ` <20080904172542.3ad7bb85-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2008-09-04 16:48 ` H. Peter Anvin
[not found] ` <48C01163.1050704-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-04 17:18 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080904171828.GC11174-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-04 17:31 ` H. Peter Anvin
[not found] ` <48C01B58.2040006-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-05 2:01 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080905020131.GA17535-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-05 2:08 ` H. Peter Anvin
2008-09-05 12:27 ` Alan Cox
[not found] ` <20080905132710.50018aef-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2008-09-05 17:24 ` H. Peter Anvin
[not found] ` <48C16B42.7030103-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-05 19:44 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA [this message]
[not found] ` <20080905194450.GA18119-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-06 14:05 ` H. Peter Anvin
[not found] ` <48C28E3D.6060404-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-06 21:45 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 16:08 ` [PATCH 0/11][v3]: Enable multiple mounts " sukadev-r/Jw6+rmf7HQT0dZR+AlfA
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080905194450.GA18119@us.ibm.com \
--to=sukadev-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org \
--cc=bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.