From: Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org,
"David C. Hansen"
<haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org,
sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org,
alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org,
xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org
Subject: Re: [PATCH 0/9] Multiple devpts instances
Date: Mon, 23 Feb 2009 22:19:34 +0100 [thread overview]
Message-ID: <49A312E6.9090900@free.fr> (raw)
In-Reply-To: <20090223205609.GA32351-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Serge E. Hallyn wrote:
> Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
>
>> Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org> writes:
>>
>>
>>> But if I am able to create a new instance of devpts for a container and modify
>>> the configuration of another devpts from this container, is it acceptable ? Can
>>> we convince people to use the containers for security and have anybody able to
>>> make a pty starvation from one container to another ?
>>>
>> I hardly how that is significant. Anyone can allocate the rest of the possible
>> pty's today. The situation does not get worse with devpts.
>>
>> If you want security and permission arguments get with Serge and finish
>> the uid namespace. The you will have a user that looks like root but
>> does not have permissions to do most things.
>>
>
> Right, and in particular the way it would partially solve this issue is
> that the procsys limit file would be owned by root in the initial uid
> namespace, so root in a child container would not be able to write to
> it.
>
> Defining a new mount option to set a per-sb limit seems useful though,
> as I could easily see wanting to limit containers (on a 1000-container
> system) to 3 ptys each for instance.
>
Yep, I changed my mind, I think Eric and HPA are right. devpts is a
file system and not a namespace even if the result is the same. That
makes sense to keep a global sysctl for the root container and handle
security problem with user namespace and mount option.
>>> If it is too much complicated to handle one value per new devpts instance, IMHO
>>> /proc/sys/kernel/pty/max should be, at least, read-only for the new instance, no?
>>>
>> No. Either we add a pty_max value to the filesystem like we did with ptmx
>> or we forget it.
>>
>
> -serge
>
>
>
next prev parent reply other threads:[~2009-02-23 21:19 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-15 5:30 [PATCH 0/9] Multiple devpts instances sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
[not found] ` <20081015053000.GA2039-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-15 5:33 ` [PATCH 1/9] Remove devpts_root global sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:33 ` [PATCH 2/9] Per-mount allocated_ptys sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:34 ` [PATCH 3/9] Per-mount 'config' object sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:35 ` [PATCH 4/9] Extract option parsing to new function sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:35 ` [PATCH 5/9] Add DEVPTS_MULTIPLE_INSTANCES config token sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:36 ` [PATCH 6/9] Define mknod_ptmx() sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:37 ` [PATCH 7/9] Define get_init_pts_sb() sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:37 ` [PATCH 8/9] Enable multiple instances of devpts sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:38 ` [PATCH 9/9] Document usage of multiple-instances " sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
[not found] ` <20081015053800.GI2215-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-15 18:57 ` Serge E. Hallyn
[not found] ` <20081015185722.GA30005-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-15 19:03 ` H. Peter Anvin
[not found] ` <48F63E76.3030907-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-10-15 19:48 ` Serge E. Hallyn
2008-10-16 15:19 ` [PATCH 0/9] Multiple devpts instances Serge E. Hallyn
2009-02-19 15:43 ` Daniel Lezcano
[not found] ` <499D7E13.10601-GANU6spQydw@public.gmane.org>
2009-02-19 17:32 ` H. Peter Anvin
[not found] ` <499D97B1.1090902-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2009-02-19 18:09 ` Daniel Lezcano
[not found] ` <499DA069.3040603-GANU6spQydw@public.gmane.org>
2009-02-19 19:58 ` H. Peter Anvin
[not found] ` <499DB9DA.2070301-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2009-02-19 22:28 ` Eric W. Biederman
[not found] ` <m1vdr6xdqv.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-20 4:22 ` H. Peter Anvin
2009-02-19 22:42 ` Daniel Lezcano
[not found] ` <499DE06E.4030108-GANU6spQydw@public.gmane.org>
2009-02-19 22:46 ` H. Peter Anvin
2009-02-19 23:59 ` Eric W. Biederman
[not found] ` <m1eixuvv00.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-23 20:56 ` Serge E. Hallyn
[not found] ` <20090223205609.GA32351-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-02-23 21:18 ` H. Peter Anvin
[not found] ` <49A31299.8040501-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2009-02-23 22:27 ` Serge E. Hallyn
2009-02-24 4:09 ` Eric W. Biederman
2009-02-23 21:19 ` Daniel Lezcano [this message]
[not found] ` <49A312E6.9090900-GANU6spQydw@public.gmane.org>
2009-02-23 21:23 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49A312E6.9090900@free.fr \
--to=daniel.lezcano-ganu6spqydw@public.gmane.org \
--cc=alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org \
--cc=bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.