Hi,

Reading the kernel documentation of devpts, I got the impression that if
the host uses the "legacy" devpts mode, root in a container can always
mount its devpts instance.  Is this really so?  If yes, it might be
worth noting somewhere near the lxc.pts option.  And a kernel option to
disable legacy devpts mounts...

(Unrelated note: lxc.console is totally undocumented.)

A related note: if access to /dev/ptmx (c 5:2) is denied by cgroup, my
application container can't even start with a rather puzzling error:

lxc-start: File exists - failed to symlink '/dev/pts/ptmx'->'/dev/ptmx'

The symlink goes the other way, and the recommended setup is
/dev/ptmx -> pts/ptmx (a relative link, but it probably doesn't matter).
Anyway, I'd rather lxc not modify my rootfs, and especially not without
telling me about it.  I don't understand why devpts.txt favors symlinks
to bind mounts, that would be good to know.

And yes, /dev/ptmx is present in my (read-only) root filesystem, and
access("/dev/ptmx", F_OK) seems to fail if cgroup denies access.  Using
access() is usually frowned upon because it's racy, anyway...  To
conclude this incoherent babbling: does setup_pts() in conf.c do
anything which couldn't be easily done by mount entries and/or modifying
the rootfs beforehand?  If this complexity is really needed, we really
should document it to some extent.

One last point: the out: label in setup_pts() should precede the INFO()
call, shouldn't it?
-- 
Cheers,
Feri.

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to