On Mon, Oct 03, 2005 at 07:28:29PM +0200, Herbert Poetzl wrote: > On Sun, Oct 02, 2005 at 10:01:45PM -0700, Robin Lee Powell wrote: > > The app I want to run in a VServer, mooix, creates (among other > > special things) TTY device files. If I run it without > > CAP_MKNOD, I get: > > > > cp: cannot create special file > > `/var/lib/mooix/system/sessionmanager/sessions/item1/tty': > > Operation not permitted Unable to copy /dev/pts/10 to > > /var/lib/mooix/system/sessionmanager/sessions/item1/tty; perhaps that > > directory is mounted nodev? at /usr/share/mooix/mooix-pty-helper.pl > > line 66. open tty for write: Permission denied > > 'copying' device nodes is not a good idea, your tool should make > symlinks instead ...
Unfortunately, it patches the open() call with O_NOFOLLOW for security reasons... I think I have an app-level solution, though. Thanks for the warning that it's a major hole. -Robin -- http://www.digitalkingdom.org/~rlpowell/ *** http://www.lojban.org/ Reason #237 To Learn Lojban: "Homonyms: Their Grate!" Proud Supporter of the Singularity Institute - http://singinst.org/ _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
