Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, Mar 8, 2016 at 1:16 AM, Alexander Larsson wrote: > On mån, 2016-03-07 at 20:59 -0800, Andy Lutomirski wrote: >> On Thu, May 28, 2015 at 12:42 PM, Eric W. Biederman >> wrote: >> > Andy Lutomirski writes: >> > >> Apparently alexl is encountering some annoyances related to the >> current wo

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On mån, 2016-03-07 at 20:59 -0800, Andy Lutomirski wrote: > On Thu, May 28, 2015 at 12:42 PM, Eric W. Biederman > wrote: > > Andy Lutomirski writes: > >  > Apparently alexl is encountering some annoyances related to the > current workaround, and the workaround is certainly ugly. It works, but it

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, May 28, 2015 at 12:42 PM, Eric W. Biederman wrote: > Andy Lutomirski writes: > >> On Thu, May 28, 2015 at 10:01 AM, Alexander Larsson wrote: >>> On Thu, 2015-05-28 at 11:44 -0500, Eric W. Biederman wrote: Andy Lutomirski writes: > On Thu, Apr 2, 2015 at 11:27 AM, Eric W.

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

Kenton Varda writes: > On Thu, May 28, 2015 at 1:06 PM, Alexander Larsson wrote: >> On Thu, 2015-05-28 at 12:14 -0500, Eric W. Biederman wrote: >>> >>> > Where does the second namespace enter into this? >>> >>> Step a. Create create a user namespace where uid 0 is mapped to your >>> real uid, a

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, May 28, 2015 at 1:06 PM, Alexander Larsson wrote: > On Thu, 2015-05-28 at 12:14 -0500, Eric W. Biederman wrote: >> >> > Where does the second namespace enter into this? >> >> Step a. Create create a user namespace where uid 0 is mapped to your >> real uid, and set up your sandbox (aka mou

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, 2015-05-28 at 12:14 -0500, Eric W. Biederman wrote: > > > Where does the second namespace enter into this? > > Step a. Create create a user namespace where uid 0 is mapped to your > real uid, and set up your sandbox (aka mount /dev/pts and everything > else). > > Step b. Create a nest

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

Andy Lutomirski writes: > On Thu, May 28, 2015 at 10:01 AM, Alexander Larsson wrote: >> On Thu, 2015-05-28 at 11:44 -0500, Eric W. Biederman wrote: >>> Andy Lutomirski writes: >>> >>> > On Thu, Apr 2, 2015 at 11:27 AM, Eric W. Biederman >>> > wrote: >>> > > Andy Lutomirski writes: >>> > > >>>

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, 2015-05-28 at 12:14 -0500, Eric W. Biederman wrote: > Alexander Larsson writes: > > > On Thu, 2015-05-28 at 11:44 -0500, Eric W. Biederman wrote: > > > Andy Lutomirski writes: > > > > > > > On Thu, Apr 2, 2015 at 11:27 AM, Eric W. Biederman > > > > wrote: > > > > > Andy Lutomirski wri

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, May 28, 2015 at 10:01 AM, Alexander Larsson wrote: > On Thu, 2015-05-28 at 11:44 -0500, Eric W. Biederman wrote: >> Andy Lutomirski writes: >> >> > On Thu, Apr 2, 2015 at 11:27 AM, Eric W. Biederman >> > wrote: >> > > Andy Lutomirski writes: >> > > >> > > > On Thu, Apr 2, 2015 at 7:29 A

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

Alexander Larsson writes: > On Thu, 2015-05-28 at 11:44 -0500, Eric W. Biederman wrote: >> Andy Lutomirski writes: >> >> > On Thu, Apr 2, 2015 at 11:27 AM, Eric W. Biederman >> > wrote: >> > > Andy Lutomirski writes: >> > > >> > > > On Thu, Apr 2, 2015 at 7:29 AM, Alexander Larsson < >> > >

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, 2015-05-28 at 11:44 -0500, Eric W. Biederman wrote: > Andy Lutomirski writes: > > > On Thu, Apr 2, 2015 at 11:27 AM, Eric W. Biederman > > wrote: > > > Andy Lutomirski writes: > > > > > > > On Thu, Apr 2, 2015 at 7:29 AM, Alexander Larsson < > > > > al...@redhat.com> wrote: > > > > > O

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

Andy Lutomirski writes: > On Thu, Apr 2, 2015 at 11:27 AM, Eric W. Biederman > wrote: >> Andy Lutomirski writes: >> >>> On Thu, Apr 2, 2015 at 7:29 AM, Alexander Larsson wrote: On Thu, 2015-04-02 at 07:06 -0700, Andy Lutomirski wrote: > On Thu, Apr 2, 2015 at 3:12 AM, James Bottomley

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, Apr 2, 2015 at 11:27 AM, Eric W. Biederman wrote: > Andy Lutomirski writes: > >> On Thu, Apr 2, 2015 at 7:29 AM, Alexander Larsson wrote: >>> On Thu, 2015-04-02 at 07:06 -0700, Andy Lutomirski wrote: On Thu, Apr 2, 2015 at 3:12 AM, James Bottomley wrote: > On Tue, 2015-03

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On tor, 2015-03-26 at 12:29 -0700, Andy Lutomirski wrote: > Ping? It's been over a month. Ping again. I've tested this with https://github.com/alexlarsson/xdg-app/tree/wip/userns and this is the final kernel change needed to allow desktop sandboxing without any raised priviledges (setuid etc).

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

Andy Lutomirski writes: > On Thu, Apr 2, 2015 at 7:29 AM, Alexander Larsson wrote: >> On Thu, 2015-04-02 at 07:06 -0700, Andy Lutomirski wrote: >>> On Thu, Apr 2, 2015 at 3:12 AM, James Bottomley >>> wrote: >>> > On Tue, 2015-03-31 at 16:17 +0200, Alexander Larsson wrote: >>> >> On tis, 2015-03

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

Quoting Andy Lutomirski (l...@amacapital.net): > On Thu, Apr 2, 2015 at 7:29 AM, Alexander Larsson wrote: > > On Thu, 2015-04-02 at 07:06 -0700, Andy Lutomirski wrote: > >> On Thu, Apr 2, 2015 at 3:12 AM, James Bottomley > >> wrote: > >> > On Tue, 2015-03-31 at 16:17 +0200, Alexander Larsson wrot

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, Apr 2, 2015 at 7:29 AM, Alexander Larsson wrote: > On Thu, 2015-04-02 at 07:06 -0700, Andy Lutomirski wrote: >> On Thu, Apr 2, 2015 at 3:12 AM, James Bottomley >> wrote: >> > On Tue, 2015-03-31 at 16:17 +0200, Alexander Larsson wrote: >> >> On tis, 2015-03-31 at 17:08 +0300, James Bottoml

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, 2015-04-02 at 07:06 -0700, Andy Lutomirski wrote: > On Thu, Apr 2, 2015 at 3:12 AM, James Bottomley > wrote: > > On Tue, 2015-03-31 at 16:17 +0200, Alexander Larsson wrote: > >> On tis, 2015-03-31 at 17:08 +0300, James Bottomley wrote: > >> > On Tue, 2015-03-31 at 06:59 -0700, Andy Lutomir

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, Apr 2, 2015 at 3:12 AM, James Bottomley wrote: > On Tue, 2015-03-31 at 16:17 +0200, Alexander Larsson wrote: >> On tis, 2015-03-31 at 17:08 +0300, James Bottomley wrote: >> > On Tue, 2015-03-31 at 06:59 -0700, Andy Lutomirski wrote: >> > > >> > > I don't think that this is correct. That u

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, 2015-03-31 at 16:17 +0200, Alexander Larsson wrote: > On tis, 2015-03-31 at 17:08 +0300, James Bottomley wrote: > > On Tue, 2015-03-31 at 06:59 -0700, Andy Lutomirski wrote: > > > > > > I don't think that this is correct. That user can already create a > > > nested userns and map themselv

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On tis, 2015-03-31 at 17:08 +0300, James Bottomley wrote: > On Tue, 2015-03-31 at 06:59 -0700, Andy Lutomirski wrote: > > > > I don't think that this is correct. That user can already create a > > nested userns and map themselves as 0 inside it. Then they can mount > > devpts. > > I don't mind

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, 2015-03-31 at 06:59 -0700, Andy Lutomirski wrote: > On Tue, Mar 31, 2015 at 6:55 AM, James Bottomley > wrote: > > On Tue, 2015-03-31 at 06:44 -0700, Andy Lutomirski wrote: > >> On Tue, Mar 31, 2015 at 6:23 AM, James Bottomley > >> wrote: > >> > On Tue, 2015-03-31 at 06:12 -0700, Andy Luto

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, Mar 31, 2015 at 6:55 AM, James Bottomley wrote: > On Tue, 2015-03-31 at 06:44 -0700, Andy Lutomirski wrote: >> On Tue, Mar 31, 2015 at 6:23 AM, James Bottomley >> wrote: >> > On Tue, 2015-03-31 at 06:12 -0700, Andy Lutomirski wrote: >> >> On Tue, Mar 31, 2015 at 6:07 AM, James Bottomley >

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, 2015-03-31 at 06:44 -0700, Andy Lutomirski wrote: > On Tue, Mar 31, 2015 at 6:23 AM, James Bottomley > wrote: > > On Tue, 2015-03-31 at 06:12 -0700, Andy Lutomirski wrote: > >> On Tue, Mar 31, 2015 at 6:07 AM, James Bottomley > >> wrote: > >> > On Tue, 2015-03-31 at 09:57 +0200, Alexander

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, Mar 31, 2015 at 6:23 AM, James Bottomley wrote: > On Tue, 2015-03-31 at 06:12 -0700, Andy Lutomirski wrote: >> On Tue, Mar 31, 2015 at 6:07 AM, James Bottomley >> wrote: >> > On Tue, 2015-03-31 at 09:57 +0200, Alexander Larsson wrote: >> >> On fre, 2015-03-27 at 10:03 +0100, James Bottoml

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, 2015-03-31 at 06:12 -0700, Andy Lutomirski wrote: > On Tue, Mar 31, 2015 at 6:07 AM, James Bottomley > wrote: > > On Tue, 2015-03-31 at 09:57 +0200, Alexander Larsson wrote: > >> On fre, 2015-03-27 at 10:03 +0100, James Bottomley > >> > > >> > > On Fri, Feb 20, 2015 at 5:04 PM, Andy Lutomi

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, Mar 31, 2015 at 6:07 AM, James Bottomley wrote: > On Tue, 2015-03-31 at 09:57 +0200, Alexander Larsson wrote: >> On fre, 2015-03-27 at 10:03 +0100, James Bottomley >> > >> > > On Fri, Feb 20, 2015 at 5:04 PM, Andy Lutomirski >> > > wrote: >> > > > It's currently impossible to mount devpt

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On tis, 2015-03-31 at 16:07 +0300, James Bottomley wrote: > On Tue, 2015-03-31 at 09:57 +0200, Alexander Larsson wrote: > > On fre, 2015-03-27 at 10:03 +0100, James Bottomley > > > > > > > On Fri, Feb 20, 2015 at 5:04 PM, Andy Lutomirski > > > > wrote: > > > > > It's currently impossible to mou

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, Mar 31, 2015 at 12:57 AM, Alexander Larsson wrote: > On fre, 2015-03-27 at 10:03 +0100, James Bottomley >> >> > On Fri, Feb 20, 2015 at 5:04 PM, Andy Lutomirski >> > wrote: >> > > It's currently impossible to mount devpts in a user namespace that >> > > has no root user, since ptmx can't

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Tue, 2015-03-31 at 09:57 +0200, Alexander Larsson wrote: > On fre, 2015-03-27 at 10:03 +0100, James Bottomley > > > > > On Fri, Feb 20, 2015 at 5:04 PM, Andy Lutomirski > > > wrote: > > > > It's currently impossible to mount devpts in a user namespace that > > > > has no root user, since ptm

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On fre, 2015-03-27 at 10:03 +0100, James Bottomley > > > On Fri, Feb 20, 2015 at 5:04 PM, Andy Lutomirski > > wrote: > > > It's currently impossible to mount devpts in a user namespace that > > > has no root user, since ptmx can't be created. > > This is where I stopped reading because it's no

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

On Thu, 2015-03-26 at 12:29 -0700, Andy Lutomirski wrote: > Ping? It's been over a month. I think we all looked at this and thought "that's not a problem". The reason is that we all bring up full OS containers with devpts already mounted by the host. Even when you run from init in the Container

Re: [PATCH] devpts: Add ptmx_uid and ptmx_gid options

Ping? It's been over a month. On Fri, Feb 20, 2015 at 5:04 PM, Andy Lutomirski wrote: > It's currently impossible to mount devpts in a user namespace that > has no root user, since ptmx can't be created. This adds options > ptmx_uid and ptmx_gid that override the default uid and gid of 0. > > T