On 23/09/13 17:07, Serge Hallyn wrote: > Quoting John (l...@jelmail.com): >> Hello list, >> >> I have noticed a difference in behaviour on a new host that I have just >> installed which uses LXC 0.9.0. The differences are noted when compared >> with another host that has LXC 0.9.0-alpha3 on it. >> >> Inside a container under LXC 0.9.0, the devpts mounts are like this: >> devpts on /dev/console type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000) >> devpts on /dev/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000) >> devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=666) >> >> Previously, under LXC 0.9.0-alpha3, they were like this: >> devpts on /dev/console type devpts (rw,relatime,mode=600,ptmxmode=000) >> devpts on /dev/tty1 type devpts (rw,relatime,mode=600,ptmxmode=000) >> devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=666) >> >> The upshot of this is that regular users can't create pty unless they >> are in the "tty" group (gid 5). >> This means the simple task of opening a terminal window will fail for >> such users. >> >> Is this because of a change made some time between 0.9.0-alpha3 and >> 0.9.0 ? I have trawled the git commit messages but couldn't see >> anything. Google did throw the following for me: >> https://bugzilla.redhat.com/show_bug.cgi?id=554203 >> http://www.redhat.com/archives/libvir-list/2011-February/msg00975.html >> Those mention the permission change I've experienced but discuss LXC >> with LibVirt. I am not using LibVirt. >> >> My LXC config is the same in both examples, and I am not doing anything >> differently between the two. They are both running ArchLinux and have >> kernel versions as follows >> System 1: LXC 0.9.0-alpha3 Linux 3.7.10-1-ARCH >> System 2: LXC 0.9.0 Linux 3.11.1-1-ARCH >> >> Is the rule now that users have to be in group 'tty' in a container or >> am I missing something else? > I suspect the difference is actually in arch's init. But I'm > not sure. The only gid= option I see is specified in the alpine > template. > > How exactly are you creating, starting, and accessing the containers? > Having further investigated this I agree it's a problem that lies outside LXC. I know this because I have reproduced the same problem on a test rig host (outside any containers). Thanks for replying to my question Serge.
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
