> > 1. /dev/ptmx would have to change to a symlink, ptmx -> pts/ptmx. > > IIRC, /dev/tty also needs a similar symlink. Making them symlinks is asking for trouble because some code does go around using stat and the like and tools like MAKEDEV have definite ideas. For /dev/tty the definition is precisely that it is your controlling tty. No reference to namespace and a task whose controlling tty is in a different namespace should still open the controlling tty not some parallel in another universe when you open /dev/tty. If you want to make sure the controlling tty is in the right namespace that can be done in userspace when transferring control into a namespace. In many cases I doubt that is even what is wanted. > > 2. Permissions on /dev/ptmx would not be persistent, and would have to > > be set via devpts mount options (unless they're 0666 root.tty, which > > would presumably be the default.) > > 3. The /proc/sys/kernel/pty limit would be global; a per-filesystem > > limit could be added on top or instead (presumably via a filesystem > > mount options.) > > > > I worry #1 would have substantial user-space impact, but I don't see a way > > around it, since there would be no obvious way to associate /dev/ptmx with > > a filesystem. /dev/tty and /dev/ptmx already primarily operate by identifying a device and switching the work to that. Actually putting a bit of namespace logic in the driver code so the actual files stay as expected (device nodes etc) seems a *lot* simpler than trying to do symlink hacks. Alan _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers