Re: Access to /dev/pts devices via pt_chown and user namespaces

[Simon McVittie <smcv () debian org>]

On Wed, 24 Feb 2016 at 05:43:04 +0000, halfdog wrote:
> Dmitry V. Levin wrote:
> > Just for the record, pt_chown is not enabled by default in upstream
> > glibc starting with glibc-2.18, one has to specify
> > --enable-pt_chown configure option explicitly to build pt_chown.
>
> Thanks for that information. So for pt_chown, this could hopefully be
> just an Ubuntu issue.

And Debian 8 (but not the future Debian 9, at least on Linux kernels), and
probably other distributions where backward compat was a concern.

<https://bugs.debian.org/717544> has some interesting background. The
Debian and Ubuntu glibc maintainers tried turning off pt_chown in 2014,
but had to turn it back on because it caused too many regressions: in
particular "mount -t devpts devpts-foo chroot-foo/dev/pts" apparently
alters the mount options for the "real" /dev/pts, not just the one being
mounted in the chroot (presumably losing the noexec,nosuid,gid=5 and
mode=620 or mode=600 options that are expected in Debian). I don't know
whether the default mount options were subsequently altered in util-linux
and/or the kernel as suggested on that bug, or whether manually mounting
devpts is just not going to be a supported action in Debian 9.

    S