From: Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
Subject: Re: [PATCH 0/4] fix depvpts in user namespaces
Date: Sun, 17 Mar 2013 22:20:52 -0500 [thread overview]
Message-ID: <20130318032052.GA5958__12870.3099130236$1363576896$gmane$org@sergelap> (raw)
In-Reply-To: <87txoce5qy.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
> Glauber Costa <glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org> writes:
...
> > What it a /dev/ptmx already exist? will it use it? That would be bad,
> > since that /dev/ptmx could be a host-side one. I actually believe
> > linking to $rootfs/dev/pts/ptmx is more robust than my solution against
> > remounts. So provided it can guarantee that the ptmx is not ever the
> > root ptmx, I would ack that.
>
> For those playing with udev, especially older udev where udev is still
> udev and creates devices you can use the following udev rule to create
> the pts/ptmx symlink.
>
> KERNEL=="ptmx" NAME:="pts/ptmx" SYMLINK="ptmx"
>
> Before we do anything clever in the kernel it is definitely worth seeing
> how far we can take that little udev rule.
Before it was decided that it was ok to modify core packages to
accomodate containers, we had to install (non-standard) init jobs to
detect it was in a container and if so modify some behavior - for
instance to bind-mount a smaller /lib/init/fstab so that mountall
wouldn't try to mount some things. That way the rootfs had to be
updated to run in a container, but could then still be used as a
rootfs for non-containers.
...
> As much as I hate the notion I suspect for most of device management
> what we want is to act like devtmpfs, and run all of the device node
> creation etc outside of the container (possibly even with bind mounts).
So you mean a task which is unprivileged on the host, privileged wrt the
container, and on host fs namespace, which bind mounts the host /dev
files into the container?
> Acting like devtmpfs should be something that is possible with no kernel
> changes. Whereas allowing unprivileged processes to create device
> nodes probably has issues I haven't thought of yet.
Not sure what 'acting like devtmpfs' means (especially in contrast to
acting like udev) - maybe i need to go look at the code.
-serge
next prev parent reply other threads:[~2013-03-18 3:20 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-15 9:13 [PATCH 0/4] fix depvpts in user namespaces Glauber Costa
2013-03-15 9:13 ` Glauber Costa
[not found] ` <1363338823-25292-1-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 9:13 ` [PATCH 1/4] dev_cgroup: keep track of which cgroup is the root cgroup Glauber Costa
2013-03-15 9:13 ` Glauber Costa
[not found] ` <1363338823-25292-2-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 14:07 ` Serge Hallyn
2013-03-15 14:43 ` Glauber Costa
2013-03-15 14:43 ` Glauber Costa
2013-03-15 14:43 ` Glauber Costa
[not found] ` <514333A2.5060408-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 14:55 ` Serge Hallyn
2013-03-15 14:55 ` Serge Hallyn
2013-03-15 14:07 ` Serge Hallyn
2013-03-15 19:27 ` Aristeu Rozanski
2013-03-15 9:13 ` [PATCH 2/4] fs: allow dev accesses in userns in controlled situations Glauber Costa
2013-03-15 9:13 ` Glauber Costa
2013-03-15 14:20 ` Serge Hallyn
2013-03-19 15:32 ` Janne Karhunen
[not found] ` <CAE=Ncradvs_twWT8b6NQz85dm-Y8ayTH7NFv=i0vjYXpRBW9sg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-03-19 15:37 ` Serge Hallyn
2013-03-19 16:52 ` Janne Karhunen
[not found] ` <CAE=NcrYeKQYqkPsB9FG5PpYd2VTqmTszfpY39aRJqR=vsXfa7w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-03-19 17:27 ` Serge Hallyn
2013-03-19 18:08 ` Janne Karhunen
[not found] ` <CAE=NcraBvk_hwCd9BgASpDBkmEB+fg-kKwAPbT7bQeFRbq5DSg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-03-19 19:15 ` Serge Hallyn
2013-03-19 23:29 ` Eric W. Biederman
[not found] ` <1363338823-25292-3-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 14:20 ` Serge Hallyn
2013-03-15 9:13 ` [PATCH 3/4] fs: allow mknod in user namespaces Glauber Costa
2013-03-15 9:13 ` Glauber Costa
[not found] ` <1363338823-25292-4-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 14:37 ` Serge Hallyn
2013-03-15 14:49 ` Glauber Costa
2013-03-15 14:49 ` Glauber Costa
[not found] ` <51433511.1020808-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 15:14 ` Serge Hallyn
2013-03-15 15:14 ` Serge Hallyn
2013-03-15 14:49 ` Glauber Costa
2013-03-15 14:37 ` Serge Hallyn
2013-03-15 18:03 ` Vasily Kulikov
2013-03-15 20:43 ` Eric W. Biederman
2013-03-15 18:03 ` Vasily Kulikov
2013-03-15 20:43 ` Eric W. Biederman
2013-03-15 20:43 ` Eric W. Biederman
2013-03-16 0:23 ` Serge Hallyn
[not found] ` <87a9q4gzs1.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-03-16 0:23 ` Serge Hallyn
2013-03-15 9:13 ` Glauber Costa
2013-03-15 9:13 ` [PATCH 4/4] devpts: fix usage " Glauber Costa
2013-03-15 9:13 ` Glauber Costa
2013-03-15 9:13 ` Glauber Costa
[not found] ` <1363338823-25292-5-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 14:45 ` Serge Hallyn
2013-03-15 14:45 ` Serge Hallyn
2013-03-15 10:26 ` [PATCH 0/4] fix depvpts " Eric W. Biederman
[not found] ` <87boalt0vi.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-03-15 12:01 ` Glauber Costa
2013-03-15 14:00 ` Serge Hallyn
2013-03-15 14:00 ` Serge Hallyn
2013-03-15 14:42 ` Glauber Costa
2013-03-15 14:42 ` Glauber Costa
[not found] ` <5143333E.1040100-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 15:21 ` Serge Hallyn
2013-03-15 15:26 ` Glauber Costa
2013-03-15 15:26 ` Glauber Costa
2013-03-15 15:26 ` Glauber Costa
2013-03-15 21:02 ` Eric W. Biederman
2013-03-15 21:02 ` Eric W. Biederman
2013-03-18 3:20 ` Serge Hallyn
2013-03-18 21:23 ` Eric W. Biederman
[not found] ` <87txoce5qy.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-03-18 3:20 ` Serge Hallyn [this message]
[not found] ` <51433DBE.9020109-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-03-15 15:58 ` Serge Hallyn
2013-03-15 16:01 ` Glauber Costa
2013-03-15 15:58 ` Serge Hallyn
2013-03-15 21:02 ` Eric W. Biederman
2013-03-15 14:42 ` Glauber Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='20130318032052.GA5958__12870.3099130236$1363576896$gmane$org@sergelap' \
--to=serge.hallyn-gewih/nmzzlqt0dzr+alfa@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.