Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> writes: >> One piece of the puzzle is that we should be able to allow unprivileged >> device node creation and access for any device on any filesystem >> for which it unprivileged access is safe. > > Which devices are "safe" is policy for all interesting and useful cases, > as are file permissions, security tags, chroot considerations and the > like. > > It's a complete non starter. There are a handful of device nodes that the kernel creates with mode 0666. Esentially it is just /dev/tty /dev/null /dev/zero and a few others. Enourmous numbers of programs won't work without them. Making them both interesting and useful. In very peculiar cases I can see not wanting to have access to generally safe devices, like in other peculiar cases we don't have want access to the network stack. As for the general case device nodes for real hardware in a container which I think is the "interesting" case you were referring to. I personally find that case icky and boring. The sanest way I can think of handling real hardware device nodes is a tmpfs (acting like devtmpfs) mounted on /dev in the containers mount namespace, but also visible outside to the global root mounted somewhere interesting. We have a fuse filesystem pretending to be sysfs and relaying file accesses from the real sysfs for just the devices that we want to allow to that container. Then to add a device in a container the managing daemon makes the devices available in the pretend sysfs, calls mknod on the tmpfs and fakes the uevents. The only case I don't see that truly covering is keeping the stat data the same for files of migrated applications. Shrug perhaps that will just have to be handled with another synthesized uevent. Hey userspace I just hot-unplugged and hot-plugged your kernel please cope. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers