[systemd-devel] PrivateDevices=yes and /dev/ptmx

[Yuriy M. Kaminskiy]

When systemd makes mount namespace for PrivateDevices=yes, it bind-mount 
outer /dev/pts [1], and makes symlink pts/ptmx -> $tmpdir/dev/ptmx 
(src/core/namespace.c [mount_dev]).

However outer /dev/pts is mounted *without* option ptmxmode 
(src/core/mount-setup.c), so in outer namespace /dev/pts/ptmx has mode 
000 (inaccessible).

As a result, service with PrivateDevices=yes cannot open new ptys 
(unless it has root/CAP_DAC_OVERRIDE).

Test units file attached (ptytest.service is expected to fail, while 
both ptytest-sysdev.service [no PrivateDevices] and ptytest-root.service 
[has CAP_DAC_OVERRIDE] are expected to work).

Tested only on debian/jessie with systemd-215, however I checked current 
systemd git master sources, and have not found any changes that could've 
affected this issue.

[1] BTW, why? I'd rather expect it to mount newinstance of devpts?
-------------- next part --------------
[Unit]
Description=pty test
[Service]
##################################################################
# if it will fail, try commenting *one* of following lines:
PrivateDevices=yes
# (1) first test with *only* above line commented out
User=daemon
# (2) and second test with *only* above line commented out
# (then `systemctl daemon-reload` and `systemctl restart ptytest`)
##################################################################

Type=oneshot
Environment=SHELL=/bin/sh
WorkingDirectory=/tmp
UMask=0000
ExecStart=/usr/bin/script -a -c '/bin/echo working'

-------------- next part --------------
[Unit]
Description=pty test (with PrivateDevices=no)
[Service]
User=daemon

Type=oneshot
Environment=SHELL=/bin/sh
WorkingDirectory=/tmp
UMask=0000
ExecStart=/usr/bin/script -a -c '/bin/echo working'

-------------- next part --------------
[Unit]
Description=pty test (with CAP_DAC_OVERRIDE)
[Service]
PrivateDevices=yes

Type=oneshot
Environment=SHELL=/bin/sh
WorkingDirectory=/tmp
UMask=0000
ExecStart=/usr/bin/script -a -c '/bin/echo working'