On 09.03.2016 16:31, Yuriy M. Kaminskiy wrote:
When systemd makes mount namespace for PrivateDevices=yes, it bind-mount
outer /dev/pts [1], and makes symlink pts/ptmx -> $tmpdir/dev/ptmx
(src/core/namespace.c [mount_dev]).
However outer /dev/pts is mounted *without* option ptmxmode
(src/core/mount-setup.c), so in outer namespace /dev/pts/ptmx has mode
000 (inaccessible).
As a result, service with PrivateDevices=yes cannot open new ptys
(unless it has root/CAP_DAC_OVERRIDE).
Test units file attached (ptytest.service is expected to fail, while
both ptytest-sysdev.service [no PrivateDevices] and ptytest-root.service
[has CAP_DAC_OVERRIDE] are expected to work).
Tested only on debian/jessie with systemd-215, however I checked current
systemd git master sources, and have not found any changes that could've
affected this issue.
[1] BTW, why? I'd rather expect it to mount newinstance of devpts?
Something like attached, against git master (completely untested).
>From 0800b62d8df0c5614c9e2d480c3d57bba318bc59 Mon Sep 17 00:00:00 2001
From: "Yuriy M. Kaminskiy" <[email protected]>
Date: Wed, 9 Mar 2016 19:51:33 +0300
Subject: [PATCH] core: mount new devpts instance for PrivateDevices=yes
---
src/core/namespace.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index b573f00..ee0710e 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -160,7 +160,8 @@ static int mount_dev(BindMount *m) {
devpts = strjoina(temporary_mount, "/dev/pts");
(void) mkdir(devpts, 0755);
- if (mount("/dev/pts", devpts, NULL, MS_BIND, NULL) < 0) {
+ /* XXX mount options should match mount-setup.c */
+ if (mount("devpts", devpts, "devpts", MS_NOSUID|MS_NOEXEC, "mode=620,gid=" STRINGIFY(TTY_GID)",newinstance,ptmxmode=0666") < 0) {
r = -errno;
goto fail;
}
--
2.1.4
_______________________________________________
systemd-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
