[Buildroot] [PATCH 1/1] Fix permissions on /dev/pts/ptmx for PTY allocation with systemd

Jan Kundrát jan.kundrat at cesnet.cz
Fri Mar 17 16:02:54 UTC 2017 

(This is my first patch to buildroot, please feel free to pester me if you 
prefer a different coding style or if you have some commit message 
suggestions.)

Without this patch, it is not possible to allocate PTYs when a generated 
rootfs image with a recent glibc and systemd is launched as a container  on 
an RHEL7 system via machinectl/systemd-nspawn. The container boots, but 
`machinectl login mycontainer` fails. The culprit is /dev/pts/ptmx with 
0000 perms.

On a typical system, there are two `ptmx` devices. One is provided by the 
devpts at /dev/pts/ptmx and it is typically not directly accessed from 
userspace. The other one which actually *is* opened by processes is 
/dev/ptmx. Kernel's documentation says these days that /dev/ptmx should be 
either a symlink, or a bind mount of the /dev/pts/ptmx from devpts.

When a container is launched via machinectl/machined/systemd-nspawn, the 
container manager prepares a root filesystem so that the container can live 
in an appropriate namespace (this is similar to what initramfs is doing on 
x86 desktops). During these preparations, systemd-nspawn mounts a devpts 
instance using a correct ptmxmode=0666 within the container-to-be's 
/dev/pts, and it adds a compatibility symlink at /dev/ptmx. However, once 
systemd takes over as an init in the container, 
/lib/systemd/systemd-remount-fs applies mount options from /etc/fstab to 
all fileystems. Because the buildroot's template used to not include the 
ptmxmode=... option, a default value of 0000 was taking an effect which in 
turn led to not being able to allocate any pseudo-terminals.

The relevant kernel option was introduced upstream in commit 1f8f1e29 back 
in 2009. The oldest linux-headers referenced from buildroot's config is 
3.0, and that version definitely has that commit. I believe that adding 
this mount option therefore does not constitute any backward 
incompatibility issues.

Cheers,
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-permissions-on-dev-pts-ptmx-for-PTY-allocation-w.patch
Type: text/x-patch
Size: 2774 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20170317/77d931d0/attachment.bin>

More information about the buildroot mailing list