[Devel] [PATCH v2 3/8] user namespace support for upstream containers
Konstantin Khlebnikov
khlebnikov at openvz.org
Fri Mar 22 09:10:07 PDT 2013
Glauber Costa wrote:
> + if (arg->h->can_join_userns) {
> + setuid(0);
> + setgid(0);
> + /*
> + * We need the special flag "newinstance". This is a requirement
> + * of the userns-aware implementation of devpts as of Linux 3.9.
> + * Because of that special requirement, we do it here rather than
> + * later.
> + */
> + mount("devpts", "/dev/pts", "devpts", 0, "newinstance");
BTW, some kernel versions ago... I added to devpts filesystem mount option max=%d,
which limits capacity of this devpts instance. Just FYI.
> + /* /dev/ptmx, if it even exists, would refer to the root ptmx.
> + * We don't want that, we want our newly created instance to contain
> + * all ptys. So we bind mount the root device here
> + */
> + open("/dev/ptmx", O_RDWR|O_CREAT, 0);
> + mount("/dev/pts/ptmx", "/dev/ptmx", "", MS_BIND, 0);
> + }
More information about the Devel
mailing list