[PATCH 11/11][v3]: Enable multiple instances of devpts

sukadev at us.ibm.com sukadev at us.ibm.com
Fri Sep 5 12:44:50 PDT 2008


H. Peter Anvin [hpa at zytor.com] wrote:
> Alan Cox wrote:
>>> Does presence of /dev/pts/ptmx in single-instance case break userspace ?
>> It changes the permssion rules and subverts any permissions and security
>> labels applied to the current node.
>> If it was there and defaulted to no permission I doubt anything would
>> care - ie presence is not the problem, rights management is.
>
> It would be easy enough to have it default to mode 000 unless otherwise 
> specified.  For the default instance it is important that a remount can 
> update the permissions (since the original mount will be the kernel 
> version), but that's pretty straightforward.

Agree in general. Not sure if you are implying remount is necessary just
to change permissions of pts/ptmx. Why not "chmod 0666 /dev/pts/ptmx" ?
The remount changes the 'ptmxmode' setting, but since the node exists,
the 'ptmxmode' setting is never used again and we need to chmod.

> That might be the best option?

For containers or multi-instance mode, I agree.

In mixed mode, one observation is if /dev/ptmx is changed to symlink, regular
(not container) startup scripts must chmod /dev/pts/ptmx on _every_ boot.

ptmx node in multi-instance mounts continue to get PTMX_DEFAULT_MODE
permissions (not 000) right ? (unless -o ptmxmode is specified)

Yes, I think its a good option.


More information about the Containers mailing list