H. Peter Anvin [hpa@xxxxxxxxx] wrote: > Alan Cox wrote: >>> Does presence of /dev/pts/ptmx in single-instance case break userspace ? >> It changes the permssion rules and subverts any permissions and security >> labels applied to the current node. >> If it was there and defaulted to no permission I doubt anything would >> care - ie presence is not the problem, rights management is. > > It would be easy enough to have it default to mode 000 unless otherwise > specified. For the default instance it is important that a remount can > update the permissions (since the original mount will be the kernel > version), but that's pretty straightforward. Agree in general. Not sure if you are implying remount is necessary just to change permissions of pts/ptmx. Why not "chmod 0666 /dev/pts/ptmx" ? The remount changes the 'ptmxmode' setting, but since the node exists, the 'ptmxmode' setting is never used again and we need to chmod. > That might be the best option? For containers or multi-instance mode, I agree. In mixed mode, one observation is if /dev/ptmx is changed to symlink, regular (not container) startup scripts must chmod /dev/pts/ptmx on _every_ boot. ptmx node in multi-instance mounts continue to get PTMX_DEFAULT_MODE permissions (not 000) right ? (unless -o ptmxmode is specified) Yes, I think its a good option. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers