This fix is coming from Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122
The reason for the hardcoded gid= and mode= is because of the fix for
CVE-2013-2207 which removes pt_chown from glibc and so requires proper
write access to devpts.
It looks like the "tty" group is guaranteed to be gid=5 on at least all
RedHat based and Debian based systems. So this hardcode gid shouldn't be
a big problem. If we however support any distro where that's not the
case, we'll need to implement an extra lxc.conf option and matching
template changes.
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
src/lxc/conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index ecbcf41..f3d9aab 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1426,7 +1426,7 @@ static int setup_pts(int pts)
}
if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL,
- "newinstance,ptmxmode=0666")) {
+ "newinstance,ptmxmode=0666,mode=0620,gid=5")) {
SYSERROR("failed to mount a new instance of '/dev/pts'");
return -1;
}
--
1.8.3.2
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
