From mboxrd@z Thu Jan 1 00:00:00 1970 From: "H. Peter Anvin" Subject: Re: [PATCH 11/11][v3]: Enable multiple instances of devpts Date: Fri, 05 Sep 2008 10:24:18 -0700 Message-ID: <48C16B42.7030103@zytor.com> References: <20080904052718.GA3680@us.ibm.com> <20080904053551.GL3680@us.ibm.com> <48BF8283.7040601@zytor.com> <20080904155431.GA11174@us.ibm.com> <48C00698.8050803@zytor.com> <20080904172542.3ad7bb85@lxorguk.ukuu.org.uk> <48C01163.1050704@zytor.com> <20080904171828.GC11174@us.ibm.com> <48C01B58.2040006@zytor.com> <20080905020131.GA17535@us.ibm.com> <20080905132710.50018aef@lxorguk.ukuu.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20080905132710.50018aef-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Alan Cox Cc: kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org, sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org, bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org, containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org, xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org, ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org List-Id: containers.vger.kernel.org Alan Cox wrote: >> Does presence of /dev/pts/ptmx in single-instance case break userspace ? > > It changes the permssion rules and subverts any permissions and security > labels applied to the current node. > > If it was there and defaulted to no permission I doubt anything would > care - ie presence is not the problem, rights management is. It would be easy enough to have it default to mode 000 unless otherwise specified. For the default instance it is important that a remount can update the permissions (since the original mount will be the kernel version), but that's pretty straightforward. That might be the best option? -hpa