[Lxc-users] Permissions on devpts in container
John
lxc at jelmail.com
Fri Sep 20 19:31:22 UTC 2013
Hello list,
I have noticed a difference in behaviour on a new host that I have just
installed which uses LXC 0.9.0. The differences are noted when compared
with another host that has LXC 0.9.0-alpha3 on it.
Inside a container under LXC 0.9.0, the devpts mounts are like this:
devpts on /dev/console type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
devpts on /dev/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=666)
Previously, under LXC 0.9.0-alpha3, they were like this:
devpts on /dev/console type devpts (rw,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty1 type devpts (rw,relatime,mode=600,ptmxmode=000)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=666)
The upshot of this is that regular users can't create pty unless they
are in the "tty" group (gid 5).
This means the simple task of opening a terminal window will fail for
such users.
Is this because of a change made some time between 0.9.0-alpha3 and
0.9.0 ? I have trawled the git commit messages but couldn't see
anything. Google did throw the following for me:
https://bugzilla.redhat.com/show_bug.cgi?id=554203
http://www.redhat.com/archives/libvir-list/2011-February/msg00975.html
Those mention the permission change I've experienced but discuss LXC
with LibVirt. I am not using LibVirt.
My LXC config is the same in both examples, and I am not doing anything
differently between the two. They are both running ArchLinux and have
kernel versions as follows
System 1: LXC 0.9.0-alpha3 Linux 3.7.10-1-ARCH
System 2: LXC 0.9.0 Linux 3.11.1-1-ARCH
Is the rule now that users have to be in group 'tty' in a container or
am I missing something else?
Thanks in advance.
John
More information about the lxc-users
mailing list