From: ebiederm@xmission.com (Eric W. Biederman)
To: Glauber Costa <glommer@parallels.com>
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>,
cgroups@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
mtk.manpages@gmail.com, Serge Hallyn <serge.hallyn@canonical.com>,
linux-fsdevel@vger.kernel.org,
containers@lists.linux-foundation.org
Subject: Re: [PATCH 0/4] fix depvpts in user namespaces
Date: Fri, 15 Mar 2013 14:02:29 -0700 [thread overview]
Message-ID: <87txoce5qy.fsf@xmission.com> (raw)
In-Reply-To: <51433DBE.9020109@parallels.com> (Glauber Costa's message of "Fri, 15 Mar 2013 19:26:54 +0400")
Glauber Costa <glommer@parallels.com> writes:
> On 03/15/2013 07:21 PM, Serge Hallyn wrote:
>> Quoting Glauber Costa (glommer@parallels.com):
>>> On 03/15/2013 06:00 PM, Serge Hallyn wrote:
>>>> Quoting Eric W. Biederman (ebiederm@xmission.com):
>>>>> Glauber Costa <glommer@parallels.com> writes:
>>>>>
>> Well shoot, I can't find it right now. Not even in Eric's git tree.
>> IIRC upon lookup of /dev/pts it tried to find $rootfs/dev/pts/ptmx
>> and open that instead.
>>
> Which gives a very good explanation about why haven't I seen it =)
> Eric ?
It is definitely in the development branches of my git tree. I have
half a dozen patches that touch devpts. I believe the latest dev branch
I have published is userns-always-map-user-v110. And the code is in
there.
They have not reached the top of my queue in importance at this time,
and last time I was testing them there was a subtle race in something.
I expect it was just a change in pty layer that I haven't followed
closely enough.
> What it a /dev/ptmx already exist? will it use it? That would be bad,
> since that /dev/ptmx could be a host-side one. I actually believe
> linking to $rootfs/dev/pts/ptmx is more robust than my solution against
> remounts. So provided it can guarantee that the ptmx is not ever the
> root ptmx, I would ack that.
For those playing with udev, especially older udev where udev is still
udev and creates devices you can use the following udev rule to create
the pts/ptmx symlink.
KERNEL=="ptmx" NAME:="pts/ptmx" SYMLINK="ptmx"
Before we do anything clever in the kernel it is definitely worth seeing
how far we can take that little udev rule.
I have heard of no container that runs a distro's initrd, or uses the
distro's code to mount root. So containers even for old distro's can
and do tweak the distro's a little. It is worth keeping the tweaks
small but udev and their kin are an important bit of that.
As much as I hate the notion I suspect for most of device management
what we want is to act like devtmpfs, and run all of the device node
creation etc outside of the container (possibly even with bind mounts).
Acting like devtmpfs should be something that is possible with no kernel
changes. Whereas allowing unprivileged processes to create device
nodes probably has issues I haven't thought of yet.
Eric
next prev parent reply other threads:[~2013-03-15 21:02 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-15 9:13 [PATCH 0/4] fix depvpts in user namespaces Glauber Costa
[not found] ` <1363338823-25292-1-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 9:13 ` [PATCH 1/4] dev_cgroup: keep track of which cgroup is the root cgroup Glauber Costa
[not found] ` <1363338823-25292-2-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 14:07 ` Serge Hallyn
2013-03-15 14:43 ` Glauber Costa
2013-03-15 14:55 ` Serge Hallyn
2013-03-15 19:27 ` Aristeu Rozanski
2013-03-15 9:13 ` [PATCH 2/4] fs: allow dev accesses in userns in controlled situations Glauber Costa
2013-03-15 14:20 ` Serge Hallyn
2013-03-15 9:13 ` [PATCH 3/4] fs: allow mknod in user namespaces Glauber Costa
[not found] ` <1363338823-25292-4-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 14:37 ` Serge Hallyn
2013-03-15 14:49 ` Glauber Costa
[not found] ` <51433511.1020808-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 15:14 ` Serge Hallyn
2013-03-15 18:03 ` Vasily Kulikov
2013-03-15 20:43 ` Eric W. Biederman
2013-03-16 0:23 ` Serge Hallyn
2013-03-15 9:13 ` [PATCH 4/4] devpts: fix usage " Glauber Costa
[not found] ` <1363338823-25292-5-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 14:45 ` Serge Hallyn
2013-03-15 10:26 ` [PATCH 0/4] fix depvpts " Eric W. Biederman
[not found] ` <87boalt0vi.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-03-15 12:01 ` Glauber Costa
2013-03-15 14:00 ` Serge Hallyn
2013-03-15 14:42 ` Glauber Costa
[not found] ` <5143333E.1040100-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 15:21 ` Serge Hallyn
2013-03-15 15:26 ` Glauber Costa
[not found] ` <51433DBE.9020109-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 15:58 ` Serge Hallyn
2013-03-15 16:01 ` Glauber Costa
2013-03-15 21:02 ` Eric W. Biederman [this message]
2013-03-18 3:20 ` Serge Hallyn
2013-03-18 21:23 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87txoce5qy.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=cgroups@vger.kernel.org \
--cc=containers@lists.linux-foundation.org \
--cc=glommer@parallels.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=serge.hallyn@canonical.com \
--cc=serge.hallyn@ubuntu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox