Commit 1c4ae85d authored by Kirill Smelkov's avatar Kirill Smelkov

Setup /dev/pts instance

Without it e.g. screen does not work (it just was terminating after
right start).
parent aa33cee3
...@@ -144,7 +144,7 @@ def main(): ...@@ -144,7 +144,7 @@ def main():
slappart = "" slappart = ""
if not unshareonly: if not unshareonly:
# create directories inside container # create directories inside container
dirv = ["/proc", "/sys", dirv = ["/proc", "/sys", "/dev", "/dev/pts",
"/bin", "/sbin", "/lib", "/lib64", "/usr/bin", "/usr/lib", "/bin", "/sbin", "/lib", "/lib64", "/usr/bin", "/usr/lib",
"/etc", "/etc",
"/tmp", "/run", "/tmp", "/run",
...@@ -212,6 +212,9 @@ def main(): ...@@ -212,6 +212,9 @@ def main():
mount("none", slappart + "/tmp", "tmpfs") mount("none", slappart + "/tmp", "tmpfs")
mount("none", slappart + "/run", "tmpfs") mount("none", slappart + "/run", "tmpfs")
# separate instance for pseudo terminals
mount("none", slappart + "/dev/pts", "devpts")
if not unshareonly: if not unshareonly:
# read-only bind mount bin, lib, ... from SR # read-only bind mount bin, lib, ... from SR
# FIXME stub: here we bind from base system for now # FIXME stub: here we bind from base system for now
......
  • This reminds me of painful experience updating from debian 7 to debian 9 where the upgrade did not set proper gid mount option for /dev/pts and interactive ssh session did not work. openssh also needs /dev/pts to have git tty (I understand now that it's because openssh must also be using the same glibc.openpty)

    See this post for a few more details - note that there's a typo in the post,

    Systemd mounts devpts with this option, so one way to fix/workaround is to remove the line about devpts in /etc/fstab and it will be solved after reboot. For this time, something like mount /dev/pts -o remount,gid=8.

    it should read gid 5

    so if I understand correctly, for this to work we need to either /dev/pts from parent namespace or mount it with proper gid option. Sharing with parent namespace looks OK, isn't it ?

  • @jerome, thanks for feedback. The reason this /dev/pts mounting was done was that because using /dev/pts from parent namespace was not working: since we are root in the user namespace, the kernel remaps all uid/gid not in our map to nobody/nogroup:

    kirr@deco:~$ unshare -Umr
    root@deco:~# ll /dev/pts/
    итого 0
    crw--w---- 1 root   nogroup 136, 0 окт 24 11:32 0
    crw--w---- 1 root   nogroup 136, 1 окт 24 11:32 1
    c--------- 1 nobody nogroup   5, 2 окт 24 11:12 ptmx
    root@deco:~# ll -n /dev/pts/
    итого 0
    crw--w---- 1     0 65534 136, 0 окт 24 11:32 0
    crw--w---- 1     0 65534 136, 1 окт 24 11:33 1

    and then it does not work because glibc.openpty looks up gid(tty)=5 from /etc/groups and tries to chown to that gid.

    Maybe we should indeed add gid=5 and other mounting options. I did this patch yesterday very quickly and only tested that uxterm/screen started to work from "root". (I needed this to be able to inspect a program running from another terminal and could not succedd making nsenter to work).

    I will add a note to /dev/pts mounting pointing to your notes, so it is not lost and hopefully helps next time when we need to run screen from under uid!=0.

  • Notes added: 625f7f20.

  • (I'm short on time for other task now - if you happen to try this out - patches are welcome)

  • mentioned in merge request nexedi/slapos!1095 (merged)

    Toggle commit list
  • If /dev/pts is mounted anew, mounting with gid=5 and mode=0620 is the right thing to do. See explanation in https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=77356912e836 .

Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment