This is an automated email from the ASF dual-hosted git repository.
jpeach pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push:
new 22640a5 Mounted devpts with `gid=5` by default.
22640a5 is described below
commit 22640a5f0baa3a8f917e21f47d404e2e499c3cb5
Author: James Peach <[email protected]>
AuthorDate: Tue Oct 30 11:54:05 2018 -0700
Mounted devpts with `gid=5` by default.
Some versions of glibc (e.g. 2.17 from CentOS 7) are hard-coded
to expect that terminal devices are owned by the tty group. This
causes containers that allocate TTYs to expect to have to chown
the TTY (see grantpt code in glibc), but it may not be possible
to launch a privileged helper to perform the chown (e.g. because
capabilities have been dropped).
Mounting devpts with `gid=5` is the default in CentOS, Docker,
Fedora and Ubuntu, so this should not cause any compatibility
problems.
Review: https://reviews.apache.org/r/69214/
---
src/linux/fs.cpp | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/linux/fs.cpp b/src/linux/fs.cpp
index 3a58bf9..5cdffe1 100644
--- a/src/linux/fs.cpp
+++ b/src/linux/fs.cpp
@@ -774,11 +774,18 @@ Try<Nothing> mountSpecialFilesystems(const string& root)
"mode=755",
MS_NOSUID | MS_STRICTATIME | MS_NOEXEC
},
+ // We mount devpts with the gid=5 option because the `tty` group is
+ // GID 5 on all standard Linux distributions. The glibc grantpt(3)
+ // API ensures that the terminal GID is that of the `tty` group, and
+ // invokes a privileged helper if necessary. Since the helper won't
+ // work in all container configurations (since it may not be possible
+ // to acquire the necessary privileges), mounting with the right `gid`
+ // option avoids any possible failure.
{
"devpts",
"/dev/pts",
"devpts",
- "newinstance,ptmxmode=0666",
+ "newinstance,ptmxmode=0666,mode=0620,gid=5",
MS_NOSUID | MS_NOEXEC
},
{
