[lxc-devel] [lxc/master] conf: ret-try devpts mount without gid=5 on error

brauner on Github lxc-bot at linuxcontainers.org
Thu Apr 12 09:14:39 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 636 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180412/8cd9db86/attachment.bin>
-------------- next part --------------
From d222b84f6c626fc16cd1501dc8b0b23a5f34d05b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 12 Apr 2018 11:12:06 +0200
Subject: [PATCH] conf: ret-try devpts mount without gid=5 on error

We should always default to mounting devpts with gid=5 but we should fallback
to mounting without gid=5. This let's us cover use-cases such as container
started with only a single mapping e.g.:

lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1

Closes #2257.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 443087d6c..45c7cc059 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1523,7 +1523,7 @@ static struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, unsigned id,
 static int lxc_setup_devpts(struct lxc_conf *conf)
 {
 	int ret;
-	const char *default_devpts_mntopts;
+	const char *default_devpts_mntopts = "gid=5,newinstance,ptmxmode=0666,mode=0620";
 	char devpts_mntopts[256];
 
 	if (conf->pts <= 0) {
@@ -1532,11 +1532,6 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
 		return 0;
 	}
 
-	if (!find_mapped_nsid_entry(conf, 5, ID_TYPE_GID))
-		default_devpts_mntopts = "newinstance,ptmxmode=0666,mode=0620";
-	else
-		default_devpts_mntopts = "newinstance,ptmxmode=0666,mode=0620,gid=5";
-
 	ret = snprintf(devpts_mntopts, sizeof(devpts_mntopts), "%s,max=%d",
 		       default_devpts_mntopts, conf->pts);
 	if (ret < 0 || (size_t)ret >= sizeof(devpts_mntopts))
@@ -1560,11 +1555,19 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
 		return -1;
 	}
 
-	/* Mount new devpts instance. */
+	/* mount new devpts instance */
 	ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, devpts_mntopts);
 	if (ret < 0) {
-		SYSERROR("Failed to mount new devpts instance");
-		return -1;
+		if (errno != EPERM)
+			return -1;
+
+		/* try mounting without gid=5 */
+		ret = mount("devpts", "/dev/pts", "devpts",
+			    MS_NOSUID | MS_NOEXEC, devpts_mntopts + sizeof("gid=5"));
+		if (ret < 0) {
+			SYSERROR("Failed to mount new devpts instance");
+			return -1;
+		}
 	}
 	DEBUG("Mount new devpts instance with options \"%s\"", devpts_mntopts);

More information about the lxc-devel mailing list