Quoting Andy Lutomirski (luto@xxxxxxxxxxxxxx): > On Fri, Aug 15, 2014 at 12:05 PM, Serge Hallyn <serge.hallyn@xxxxxxxxxx> wrote: > > Quoting Andy Lutomirski (luto@xxxxxxxxxxxxxx): > >> Currently, creating a new mount (as opposed to bindmount) in a > >> non-root userns will implicitly set nodev unless the fs is devpts. > >> Something like this will be necessary for file systems that allow > >> the mounter to create device nodes without using mknod (e.g. FUSE > >> if/when that is allowed), but none of the currently allowed > >> filesystems do this. > > > > Hi, > > > > Sorry, I'm probably thinking stupidly, but I don't see this restriction > > being the case > > > > serge@sl:~$ mount | grep tmp > > [...] > > tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) > > serge@sl:~$ sudo mknod /run/kvm c 10 232 > > [sudo] password for serge: > > serge@sl:~$ echo $? > > 0 > > serge@sl:~$ ls -l /run/kvm > > crw-r--r-- 1 root root 10, 232 Aug 15 14:04 /run/kvm > > > > But you seem to be saying I shouldn't be allowed to create a device inside > > a tmpfs. What am I overlooking? > > I assume you're in the root userns. This patch is unnecessary, and > has no effect, if you're in the root userns. Right, but I thought you were justifying adding FS_USERNS_DEV_MOUNT by saying that you cannot mknod in those filesystems. But I see you actually said "without using mknod". I guess I don't understand that caveat. -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers