Karel Zak <kzak@xxxxxxxxxx> writes: > On Wed, Mar 18, 2015 at 10:53:19AM +0100, Jörg Thalheim wrote: >> If mount namespaces are used, the issued command, will not have access to the >> tty device attached to its stdin/stdout/stderr. This patch adds an option to >> allocate a new pseudo tty in the entered mount namespace and bridge between the >> origin standard file descriptors and the standard file descriptors of the >> executed command. > > The original nsenter(1) purpose is to have command line interface to > setns(2) syscall. Your patch is trying to push us to something more > complex. Not sure if we really want it. Eric, any comment? I certainly would not want it to be the default. After seeing the ptsname() and gpg I see what is driving it. However playing the pty games gets us smack dab in the middle of sending and receiving trusted input. I don't know that I want nsenter to be on the trusted path for entering in passwords for unlocking gpg keys. If gpg is the driving use case I don't think it is wise to add pty support. All of a sudden nsenter has to become robust from side channel attacks when you are entering in passwords and I at least have no interest in maintaining nsenter in that way. Eric -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
