Comment 5 for bug 1641236
Revision history for this message
| Christian Brauner (cbrauner) wrote Re: [Bug 1641236] Re: Confined processes inside container cannot fully access host pty device passed in by lxc exec | #5 |
On Tue, Jan 31, 2017 at 11:34:43AM +0100, Christian Brauner wrote:
> I've reproduced this on a fresh standard xenial instance with LXD
> 2.0.8 and also on a xenial instance with a patched glibc that reports
> ENODEV on ttyname{_r}() on a pty fd that does not exist:
>
> root@x:~# ./enodev_
> ttyname(): The pty device might exist in a different namespace: No such device
> ttyname_r(): The pty device might exist in a different namespace: No such device
So to make this a little more elaborate:
- I managed to reproduce this with an unpatched glibc inside and outside the
container just like @Tyler outlined.
- I managed to reproduce this with a patched glibc inside the container and an
unpatched glibc outside the container.
- I managed to reproduce this with a patched glibc inside and outside the
container.
So a patched glibc which returns ENODEV in case a symlink like /proc/self/fd/0
points to a pts device that lives in another namespace does not improve the
situation. The problem that @Tyler outlined still exists.