From: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
To: Kay Sievers <kay.sievers-tD+1rO4QERM@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
Dave Hansen <haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Andy Whitcroft <apw-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org,
Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
Subject: Re: [RFC] fix devpts mount behavior
Date: Tue, 24 Jan 2012 17:16:01 -0600 [thread overview]
Message-ID: <20120124231601.GA4470@sergelap> (raw)
In-Reply-To: <CAPXgP13_gczQmG_USAp0p2AuTfxkzAvzHvjbZY_rbbLH-4rDyg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
Quoting Kay Sievers (kay.sievers-tD+1rO4QERM@public.gmane.org):
> On Tue, Jan 24, 2012 at 23:02, Serge E. Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> wrote:
> > Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
>
> >> It looks like relatively recent udev still creates /dev/ptmx and does
> >
> > Boy, it does, and it's stubborn about it. Removing the /lib/udev/rules.d
> > entry doesn't stop it. (this is after I've had an init job replace the
> > devtmpfs-created ptmx entry with a symlink)
>
> Udev has nothing to do with that. The kernel creates that device node.
> Udev does not carry any rules you could remove, to name device nodes,
> it only set permissions and creates symlinks to device nodes.
That's odd, because I was sure I deleted the node after the kernel created
it.
But it sounds like I must have done it wrong.
> It will never replace a kernel-created device node with a symlink,
> there is no way to express that. If you don't want a device node
> there, you need to change the kernel, to not export
> /sys/class/tty/ptmx/ the way it is today.
>
> > So current distros (well, Ubuntu and Fedora at least) would need to at least
> > (a) fix udev,
>
> To do what?
Nothing, as I'm sure you're right above :)
> > (b) change the default devpts mount (done from initramfs) to
> > add ptmxmode=666,
>
> > (c) (if not done in udev) create the /dev/ptmx symlink.
>
> Udev can only create symlinks to devices the driver-core creates, not
> to devices inside a custom filesystem.
I see.
> > For safety I'd recommend creating /dev/pts/ptmx with
> > DEVPTS_MULTIPLE_INSTANCES=n (or dropping that support), and by default
> > setting ptmxmode to 666 as that's what udev does.
>
> The mode for ptmx is set by the kernel itself, and does not even need
> udev to do that:
> $ cat /sys/class/tty/ptmx/uevent
> MAJOR=5
> MINOR=2
> DEVNAME=ptmx
> DEVMODE=0666
That has nothing to do with /dev/pts/ptmx, whose perms are set based on
the '-o ptmxmode=" argument, and default to 000 if not specified. If
/dev/ptmx is going to be a symlink to /dev/pts/ptmx, then we have to set
the /dev/pts/ptmx perms to not be 000, or users won't be able to create
ptys.
-serge
WARNING: multiple messages have this Message-ID (diff)
From: Serge Hallyn <serge.hallyn@canonical.com>
To: Kay Sievers <kay.sievers@vrfy.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
containers@lists.linux-foundation.org,
Dave Hansen <haveblue@us.ibm.com>,
linux-kernel@vger.kernel.org,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andy Whitcroft <apw@canonical.com>,
sukadev@linux.vnet.ibm.com,
Linus Torvalds <torvalds@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: [RFC] fix devpts mount behavior
Date: Tue, 24 Jan 2012 17:16:01 -0600 [thread overview]
Message-ID: <20120124231601.GA4470@sergelap> (raw)
In-Reply-To: <CAPXgP13_gczQmG_USAp0p2AuTfxkzAvzHvjbZY_rbbLH-4rDyg@mail.gmail.com>
Quoting Kay Sievers (kay.sievers@vrfy.org):
> On Tue, Jan 24, 2012 at 23:02, Serge E. Hallyn <serge@hallyn.com> wrote:
> > Quoting Eric W. Biederman (ebiederm@xmission.com):
>
> >> It looks like relatively recent udev still creates /dev/ptmx and does
> >
> > Boy, it does, and it's stubborn about it. Removing the /lib/udev/rules.d
> > entry doesn't stop it. (this is after I've had an init job replace the
> > devtmpfs-created ptmx entry with a symlink)
>
> Udev has nothing to do with that. The kernel creates that device node.
> Udev does not carry any rules you could remove, to name device nodes,
> it only set permissions and creates symlinks to device nodes.
That's odd, because I was sure I deleted the node after the kernel created
it.
But it sounds like I must have done it wrong.
> It will never replace a kernel-created device node with a symlink,
> there is no way to express that. If you don't want a device node
> there, you need to change the kernel, to not export
> /sys/class/tty/ptmx/ the way it is today.
>
> > So current distros (well, Ubuntu and Fedora at least) would need to at least
> > (a) fix udev,
>
> To do what?
Nothing, as I'm sure you're right above :)
> > (b) change the default devpts mount (done from initramfs) to
> > add ptmxmode=666,
>
> > (c) (if not done in udev) create the /dev/ptmx symlink.
>
> Udev can only create symlinks to devices the driver-core creates, not
> to devices inside a custom filesystem.
I see.
> > For safety I'd recommend creating /dev/pts/ptmx with
> > DEVPTS_MULTIPLE_INSTANCES=n (or dropping that support), and by default
> > setting ptmxmode to 666 as that's what udev does.
>
> The mode for ptmx is set by the kernel itself, and does not even need
> udev to do that:
> $ cat /sys/class/tty/ptmx/uevent
> MAJOR=5
> MINOR=2
> DEVNAME=ptmx
> DEVMODE=0666
That has nothing to do with /dev/pts/ptmx, whose perms are set based on
the '-o ptmxmode=" argument, and default to 000 if not specified. If
/dev/ptmx is going to be a symlink to /dev/pts/ptmx, then we have to set
the /dev/pts/ptmx perms to not be 000, or users won't be able to create
ptys.
-serge
next prev parent reply other threads:[~2012-01-24 23:16 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-24 0:05 [RFC] fix devpts mount behavior Serge Hallyn
2012-01-24 0:05 ` Serge Hallyn
2012-01-24 0:13 ` Linus Torvalds
2012-01-24 0:13 ` Linus Torvalds
[not found] ` <CA+55aFz9ofF+Ey8VCDS8UEf2XSw36kj2RhkHfFScuzLXMeNrkA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-01-24 0:25 ` Serge Hallyn
2012-01-24 0:25 ` Serge Hallyn
2012-01-24 0:41 ` Linus Torvalds
2012-01-24 0:41 ` Linus Torvalds
[not found] ` <CA+55aFzwOU137V6wtyBjessx05NJo2G4KV0rvTKWvC79A+o9iQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-01-24 1:07 ` Al Viro
2012-01-24 1:07 ` Al Viro
[not found] ` <20120124010758.GJ23916-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2012-01-24 18:21 ` Serge E. Hallyn
2012-01-24 18:21 ` Serge E. Hallyn
[not found] ` <20120124182116.GA11715-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
2012-01-24 20:16 ` Sukadev Bhattiprolu
2012-01-24 20:16 ` Sukadev Bhattiprolu
[not found] ` <20120124201600.GB20039-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2012-01-24 20:53 ` Serge E. Hallyn
2012-01-24 20:53 ` Serge E. Hallyn
2012-01-24 20:24 ` Eric W. Biederman
2012-01-24 20:24 ` Eric W. Biederman
[not found] ` <m1k44gj1cu.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-01-24 22:02 ` Serge E. Hallyn
2012-01-24 22:02 ` Serge E. Hallyn
[not found] ` <20120124220247.GA26353-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
2012-01-24 22:54 ` Kay Sievers
2012-01-24 22:54 ` Kay Sievers
[not found] ` <CAPXgP13_gczQmG_USAp0p2AuTfxkzAvzHvjbZY_rbbLH-4rDyg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-01-24 23:16 ` Serge Hallyn [this message]
2012-01-24 23:16 ` Serge Hallyn
2012-01-24 23:25 ` Sukadev Bhattiprolu
2012-01-24 23:25 ` Sukadev Bhattiprolu
[not found] ` <20120124232502.GA22218-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2012-01-24 23:29 ` Serge E. Hallyn
2012-01-24 23:29 ` Serge E. Hallyn
2012-01-24 23:27 ` Kay Sievers
2012-01-24 23:27 ` Kay Sievers
[not found] ` <CAPXgP12REAwmDORzdGJhsxZKU8nhiauCxoVdKa8Eifw4MWWtgA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-01-28 19:51 ` Serge Hallyn
2012-01-28 19:51 ` Serge Hallyn
2012-01-28 20:52 ` Eric W. Biederman
2012-01-28 20:52 ` Eric W. Biederman
[not found] ` <m139azpn2n.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-01-28 21:32 ` Kay Sievers
2012-01-28 21:32 ` Kay Sievers
2012-09-23 3:47 ` [PATCH 0/4] devpts: " Eric W. Biederman
2012-09-23 3:47 ` Eric W. Biederman
[not found] ` <87txup763i.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-23 3:48 ` [PATCH 1/4] devpts: Remove CONFIG_DEVPTS_MULTIPLE_INSTANCES Eric W. Biederman
2012-09-23 3:48 ` Eric W. Biederman
2012-09-23 3:49 ` [PATCH 2/4] devpts: Set the default permissions of /dev/pts/ptmx and /dev/ptmx to 0666 Eric W. Biederman
2012-09-23 3:49 ` Eric W. Biederman
2012-09-23 3:50 ` [PATCH 3/4] devpts: Make the newinstance option historical Eric W. Biederman
2012-09-23 3:50 ` Eric W. Biederman
[not found] ` <87d31d75yj.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-23 4:19 ` Al Viro
2012-09-23 4:19 ` Al Viro
[not found] ` <20120923041906.GM13973-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2012-09-23 4:46 ` Al Viro
2012-09-23 4:46 ` Al Viro
2012-09-23 5:59 ` Eric W. Biederman
2012-09-23 5:59 ` Eric W. Biederman
[not found] ` <87bogx5lg7.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-23 6:30 ` Al Viro
2012-09-23 6:30 ` Al Viro
[not found] ` <20120923063038.GO13973-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2012-09-23 6:34 ` Al Viro
2012-09-23 6:34 ` Al Viro
[not found] ` <20120923063445.GA26640-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2012-09-23 7:00 ` Eric W. Biederman
2012-09-23 7:00 ` Eric W. Biederman
2012-09-23 3:51 ` [PATCH 4/4] devpts: Update the documentation Eric W. Biederman
2012-09-23 3:51 ` Eric W. Biederman
2012-09-23 16:48 ` [PATCH 0/4] devpts: fix devpts mount behavior H. Peter Anvin
2012-09-23 16:48 ` H. Peter Anvin
[not found] ` <505F3D48.7080103-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2012-09-23 17:42 ` Eric W. Biederman
2012-09-23 17:42 ` Eric W. Biederman
[not found] ` <87txuo3abb.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-09-23 17:44 ` H. Peter Anvin
2012-09-23 17:44 ` H. Peter Anvin
2012-01-24 23:35 ` [RFC] " Eric W. Biederman
2012-01-24 23:35 ` Eric W. Biederman
2012-01-24 20:55 ` Sukadev Bhattiprolu
2012-01-24 20:55 ` Sukadev Bhattiprolu
[not found] ` <20120124205502.GC20039-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2012-01-24 21:19 ` Nick Bowler
2012-01-24 21:19 ` Nick Bowler
2012-01-24 0:26 ` Al Viro
2012-01-24 0:26 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120124231601.GA4470@sergelap \
--to=serge.hallyn-z7wlfzj8ewms+fvcfc7uqw@public.gmane.org \
--cc=apw-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=kay.sievers-tD+1rO4QERM@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.