BUG in tty_open when using containers and ptrace

Grzegorz Nosek root at localdomain.pl
Tue Jul 14 22:42:53 PDT 2009


Hi,

On wto, lip 14, 2009 at 09:47:44 -0700, Sukadev Bhattiprolu wrote:
> I don't have any beyond what is in the lxc-source examples. Maybe
> Daniel Lezcano has some.

Just asking :)

> |BTW, where's the canonical source for ns_exec?
> 
> It is here: git://git.sr71.net/~hallyn/cr_tests.git

Thanks a lot.

> So I guess this is the first time we are trying this scenario out (i.e.
> it may not be a regression so we can't necessarily use git-bisect).
> 
> I am not too familiar with libvirt implementation, but do you think it
> is possible to repro this using ns_exec and fewer/minimal namespaces ?

I didn't try that, but regarding devpts the libvirt code does basically:

unshare(CLONE_NS)
mount --make-slave /
mount devpts /dev/pts -t devpts 

clone(all the namespace options including CLONE_NEWNS)
child:
 mount --move /the/above/dev/pts /dev/pts
 set up everything else

As the point of the bug is opening a pts when its other end is already
gone, I'm not sure we have to even do anything in the parent (maybe
open/close the ptm).

Will have a look today.

> We should be able to get a cross-namespace pty using ns_exec, but am not
> sure the set of namespaces need to be cloned -  would it be sufficient if
> we clone pid and mount namespaces and remount /dev/pts in child container ?

As my testcase doesn't know nor care about its pid, quite possibly we
would only need mount namespaces.

Best regards,
 Grzegorz Nosek


More information about the Containers mailing list