[Lxc-users] Permissions on devpts in container

John lxc at jelmail.com
Fri Sep 20 19:31:22 UTC 2013


Hello list,

I have noticed a difference in behaviour on a new host that I have just 
installed which uses LXC 0.9.0. The differences are noted when compared 
with another host that has LXC 0.9.0-alpha3 on it.

Inside a container under LXC 0.9.0, the devpts mounts are like this:
devpts on /dev/console type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
devpts on /dev/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=666)

Previously, under LXC 0.9.0-alpha3, they were like this:
devpts on /dev/console type devpts (rw,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty1 type devpts (rw,relatime,mode=600,ptmxmode=000)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=666)

The upshot of this is that regular users can't create pty unless they 
are in the "tty" group (gid 5).
This means the simple task of opening a terminal window will fail for 
such users.

Is this because of a change made some time between 0.9.0-alpha3 and 
0.9.0 ? I have trawled the git commit messages but couldn't see 
anything. Google did throw the following for me:
https://bugzilla.redhat.com/show_bug.cgi?id=554203
http://www.redhat.com/archives/libvir-list/2011-February/msg00975.html
Those mention the permission change I've experienced but discuss LXC 
with LibVirt. I am not using LibVirt.

My LXC config is the same in both examples, and I am not doing anything 
differently between the two. They are both running ArchLinux and have 
kernel versions as follows
System 1: LXC 0.9.0-alpha3 Linux 3.7.10-1-ARCH
System 2: LXC 0.9.0 Linux 3.11.1-1-ARCH

Is the rule now that users have to be in group 'tty' in a container or 
am I missing something else?

Thanks in advance.
John







More information about the lxc-users mailing list