From: Robin Lee Powell (rlpowell_at_digitalkingdom.org)
Date: Mon 03 Oct 2005 - 06:01:45 BST
The app I want to run in a VServer, mooix, creates (among other
special things) TTY device files. If I run it without CAP_MKNOD, I
cp: cannot create special file `/var/lib/mooix/system/sessionmanager/sessions/item1/tty': Operation not permitted
Unable to copy /dev/pts/10 to /var/lib/mooix/system/sessionmanager/sessions/item1/tty; perhaps that directory is mounted nodev? at /usr/share/mooix/mooix-pty-helper.pl line 66.
open tty for write: Permission denied
The code in question:
system("cp", "-a", $tty, $dest);
(running from perl)
I strongly suspcet that the $tty arg was /dev/pts/10; I can verify this if it
Is there another way to give the VServer the ability to do this sort
If not, is there an easy fix to the perl code to do the same thing
without running into whatever is causing this?
If not, how dangerous is CAP_MKNOD really? My threat model assumes
people getting root inside the VServer.
-- http://www.digitalkingdom.org/~rlpowell/ *** http://www.lojban.org/ Reason #237 To Learn Lojban: "Homonyms: Their Grate!" Proud Supporter of the Singularity Institute - http://singinst.org/ _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver