[systemd-devel] [PATCH] core: mount new devpts instance for PrivateDevices=yes (was: PrivateDevices=yes and /dev/ptmx)
Yuriy M. Kaminskiy
yumkam at gmail.com
Sun Mar 13 18:53:28 UTC 2016
On 09.03.2016 16:31, Yuriy M. Kaminskiy wrote:
> When systemd makes mount namespace for PrivateDevices=yes, it bind-mount
> outer /dev/pts [1], and makes symlink pts/ptmx -> $tmpdir/dev/ptmx
> (src/core/namespace.c [mount_dev]).
>
> However outer /dev/pts is mounted *without* option ptmxmode
> (src/core/mount-setup.c), so in outer namespace /dev/pts/ptmx has mode
> 000 (inaccessible).
>
> As a result, service with PrivateDevices=yes cannot open new ptys
> (unless it has root/CAP_DAC_OVERRIDE).
>
> Test units file attached (ptytest.service is expected to fail, while
> both ptytest-sysdev.service [no PrivateDevices] and ptytest-root.service
> [has CAP_DAC_OVERRIDE] are expected to work).
>
> Tested only on debian/jessie with systemd-215, however I checked current
> systemd git master sources, and have not found any changes that could've
> affected this issue.
>
> [1] BTW, why? I'd rather expect it to mount newinstance of devpts?
Something like attached, against git master (completely untested).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-core-mount-new-devpts-instance-for-PrivateDevices-ye.patch
Type: text/x-patch
Size: 950 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160313/3b0418d3/attachment.bin>
More information about the systemd-devel
mailing list