From: sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org
To: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
Cc: kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org,
sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org,
bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org,
containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org,
xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org,
Alan Cox <alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org
Subject: Re: [PATCH 11/11][v3]: Enable multiple instances of devpts
Date: Fri, 5 Sep 2008 12:44:50 -0700 [thread overview]
Message-ID: <20080905194450.GA18119@us.ibm.com> (raw)
In-Reply-To: <48C16B42.7030103-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
H. Peter Anvin [hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org] wrote:
> Alan Cox wrote:
>>> Does presence of /dev/pts/ptmx in single-instance case break userspace ?
>> It changes the permssion rules and subverts any permissions and security
>> labels applied to the current node.
>> If it was there and defaulted to no permission I doubt anything would
>> care - ie presence is not the problem, rights management is.
>
> It would be easy enough to have it default to mode 000 unless otherwise
> specified. For the default instance it is important that a remount can
> update the permissions (since the original mount will be the kernel
> version), but that's pretty straightforward.
Agree in general. Not sure if you are implying remount is necessary just
to change permissions of pts/ptmx. Why not "chmod 0666 /dev/pts/ptmx" ?
The remount changes the 'ptmxmode' setting, but since the node exists,
the 'ptmxmode' setting is never used again and we need to chmod.
> That might be the best option?
For containers or multi-instance mode, I agree.
In mixed mode, one observation is if /dev/ptmx is changed to symlink, regular
(not container) startup scripts must chmod /dev/pts/ptmx on _every_ boot.
ptmx node in multi-instance mounts continue to get PTMX_DEFAULT_MODE
permissions (not 000) right ? (unless -o ptmxmode is specified)
Yes, I think its a good option.
next prev parent reply other threads:[~2008-09-05 19:44 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-04 5:27 [PATCH 0/11][v3]: Enable multiple mounts of devpts sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080904052718.GA3680-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-04 5:29 ` [PATCH 1/11][v3]: Move tty lookup/reopen to tty_open sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:30 ` [PATCH 2/11][v3]: Add an instance parameter devpts interfaces sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:31 ` [PATCH 3/11][v3]: Simplify devpts_get_tty() sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:32 ` [PATCH 4/11][v3]: Simplify devpts_pty_new() sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:32 ` [PATCH 5/11][v3]: Simplify devpts_pty_kill sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:33 ` [PATCH 6/11][v3]: Remove devpts_root global sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:33 ` [PATCH 7/11][v3]: Per-mount allocated_ptys sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:34 ` [PATCH 8/11][v3]: Per-mount 'config' object sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:34 ` [PATCH 9/11][v3]: Extract option parsing to new function sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:35 ` [PATCH 10/11][v3]: Ability to internally create ptmx sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 5:35 ` [PATCH 11/11][v3]: Enable multiple instances of devpts sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080904053551.GL3680-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-04 6:38 ` H. Peter Anvin
[not found] ` <48BF8283.7040601-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-04 15:54 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080904155431.GA11174-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-04 16:02 ` H. Peter Anvin
[not found] ` <48C00698.8050803-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-04 16:25 ` Alan Cox
[not found] ` <20080904172542.3ad7bb85-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2008-09-04 16:48 ` H. Peter Anvin
[not found] ` <48C01163.1050704-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-04 17:18 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080904171828.GC11174-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-04 17:31 ` H. Peter Anvin
[not found] ` <48C01B58.2040006-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-05 2:01 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20080905020131.GA17535-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-05 2:08 ` H. Peter Anvin
2008-09-05 12:27 ` Alan Cox
[not found] ` <20080905132710.50018aef-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2008-09-05 17:24 ` H. Peter Anvin
[not found] ` <48C16B42.7030103-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-05 19:44 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA [this message]
[not found] ` <20080905194450.GA18119-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-09-06 14:05 ` H. Peter Anvin
[not found] ` <48C28E3D.6060404-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-09-06 21:45 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2008-09-04 16:08 ` [PATCH 0/11][v3]: Enable multiple mounts " sukadev-r/Jw6+rmf7HQT0dZR+AlfA
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080905194450.GA18119@us.ibm.com \
--to=sukadev-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org \
--cc=bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox