From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 22 Feb 2011 14:06:09 +0000 (+0000)
Subject: Fix group/mode for /dev/pts inside LXC container
X-Git-Tag: CVE-2011-1146~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08fb2a9ce855c6ed1042e451fb4dfc6664a77d64;p=thirdparty%2Flibvirt.git

Fix group/mode for /dev/pts inside LXC container

Normal practice for /dev/pts is to have it mode=620,gid=5
but LXC was leaving mode=000,gid=0 preventing unprivilegd
users in the guest use of PTYs

* src/lxc/lxc_controller.c: Fix /dev/pts setup
---

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index b742a33beb..fa46977afe 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -629,7 +629,8 @@ lxcControllerRun(virDomainDefPtr def,
         }
 
         VIR_DEBUG("Mouting 'devpts' on %s", devpts);
-        if (mount("devpts", devpts, "devpts", 0, "newinstance,ptmxmode=0666") < 0) {
+        if (mount("devpts", devpts, "devpts", 0,
+                  "newinstance,ptmxmode=0666,mode=0620,gid=5") < 0) {
             virReportSystemError(errno,
                                  _("Failed to mount devpts on %s"),
                                  devpts);