Daniel Lezcano <daniel.lezcano@xxxxxxx> writes: > But if I am able to create a new instance of devpts for a container and modify > the configuration of another devpts from this container, is it acceptable ? Can > we convince people to use the containers for security and have anybody able to > make a pty starvation from one container to another ? I hardly how that is significant. Anyone can allocate the rest of the possible pty's today. The situation does not get worse with devpts. If you want security and permission arguments get with Serge and finish the uid namespace. The you will have a user that looks like root but does not have permissions to do most things. > If it is too much complicated to handle one value per new devpts instance, IMHO > /proc/sys/kernel/pty/max should be, at least, read-only for the new instance, no? No. Either we add a pty_max value to the filesystem like we did with ptmx or we forget it. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
