Quoting Stéphane Graber (stgra...@ubuntu.com):
> This fix is coming from Debian bug:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122
>
> The reason for the hardcoded gid= and mode= is because of the fix for
> CVE-2013-2207 which removes pt_chown from glibc and so requires proper
> write access to devpts.
>
> It looks like the "tty" group is guaranteed to be gid=5 on at least all
> RedHat based and Debian based systems. So this hardcode gid shouldn't be
Ok. In the past I've declined to do this precisely bc tty is userspace
specified and therefore I didn't trust this. But if you've looked into
it this much then I'm happy with it.
> a big problem. If we however support any distro where that's not the
> case, we'll need to implement an extra lxc.conf option and matching
> template changes.
>
> Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>
> ---
> src/lxc/conf.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index ecbcf41..f3d9aab 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1426,7 +1426,7 @@ static int setup_pts(int pts)
> }
>
> if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL,
> - "newinstance,ptmxmode=0666")) {
> + "newinstance,ptmxmode=0666,mode=0620,gid=5")) {
> SYSERROR("failed to mount a new instance of '/dev/pts'");
> return -1;
> }
> --
> 1.8.3.2
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
