[buildd-tools-devel] Bug#856877: schroot: Please consider mounting a new instance of /dev/pts
Simon McVittie
smcv at debian.org
Mon Mar 6 11:31:58 UTC 2017
Control: tags -1 + patch
On Sun, 05 Mar 2017 at 19:23:40 +0000, Simon McVittie wrote:
> Unfortunately, this does cause a regression for interactive use:
> processes inside an interactive schroot cannot tell that their
> stdin/stdout/stderr is in fact connected to a terminal, because that
> terminal is not visible to them.
The lxc and systemd-nspawn container managers avoid this by bind-mounting
the terminal that is stdin (if any) onto the container's /dev/console.
This seems to work well for schroot too, solving that regression.
The attached patch also makes these changes correctly conditional on
using the Linux kernel, which was a bug in my previous proposal.
systemd-nspawn (and I think also lxc, but I haven't checked) also
sets up a separate pty, mounts *that* into the container, and forwards
data between that pty and the real terminal. I believe this was done to
avoid attacks like processes in the container being able to escape the
container by injecting commands into the real terminal with the TIOCSTI
ioctl. However, my understanding is that schroot is not intended to be
a security boundary (it is a "secure chroot" in the sense that users
cannot escalate their privileges to root, but not in the sense that
processes inside the chroot cannot escape), so that method is probably
unnecessary here. If it is necessary, it would have to be done in the
C++ code, not by configuration.
S
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Mount-a-new-instance-of-dev-pts-in-the-chroot.patch
Type: text/x-diff
Size: 6246 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20170306/f8ebc989/attachment.patch>
More information about the Buildd-tools-devel
mailing list