On Wed, Jan 15, 2014 at 08:18:04PM -0000, Serge Hallyn wrote: > The ns_capable line doesn't check the capabilities of tty->session, > but rather current's capabilities targeted toward the user namespace > which owns tty->session.
Okay, this was my fundamental misunderstanding. It makes sense now. This plus the fact that mknod isn't allowed from a user ns alleviates my concerns. I'll try this out. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1263738 Title: login console 0 in user namespace container is not configured right Status in “linux” package in Ubuntu: Confirmed Status in “lxc” package in Ubuntu: Triaged Status in “linux” source package in Trusty: Confirmed Status in “lxc” source package in Trusty: Triaged Bug description: When you create a container in a private user namespace, when you start the container without the '-d' flag, that console is not properly set up. Logging in gives you -bash: no job control in this shell and hitting ctrl-c reboots the container. Consoles from 'lxc-console -n $container' behave correctly. This may be a kernel issue, as discussed here: http://lists.linuxcontainers.org/pipermail/lxc- devel/2013-October/005843.html so also marking this as affecting the kernel. This can be worked around, but really needs to be fixed before trusty is frozen. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1263738/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
