devpts for chroot jail

To: debian-glibc@lists.debian.org
Subject: devpts for chroot jail
From: kragen@pobox.com (Kragen Sitaker)
Date: Tue, 30 May 2000 23:20:29 -0400 (EDT)
Message-id: <[🔎] Pine.GSO.4.21.0005302309200.12424-100000@kirk.dnaco.net>

Hi.  I just wanted to set up a chroot jail on my machine; to make it
useful, I needed to put ptys in it.  I modified /etc/init.d/devpts.sh
to do this.

I have some questions:
- is this a secure way to do this?  Or can this cause problems?
- is this a useful thing to do, or a good way to do it?  Or is my
  machine going to die horribly the next time I try to reboot?
- why is the ||true there in the $()?  Is this script running with -e
  set?  (It looked like it.)
- why in God's name does installing the ssh client package INSTALL AN
  SSH SERVER AND TURN IT ON!?!?!??  I HAD ALL REMOTE LOGIN DAEMONS
  TURNED OFF FOR A GOOD REASON!   I SPENT EIGHT DAYS WITH SSHD RUNNING
  WITHOUT KNOWING IT!!  Well, this is probably the wrong place to ask
  that.

--- /etc/init.d/devpts.sh.orig  Tue May 30 20:55:43 2000
+++ /etc/init.d/devpts.sh       Tue May 30 21:02:14 2000
@@ -5,24 +5,38 @@
 
 [ "$(uname -s)" = "Linux" ] || exit 0
 
+# modified to work from arbitrary roots by Kragen Sitaker ---- 2000-05-29
 make_devptmx()
 {
-    [ -c /dev/ptmx ] || mknod --mode=666 /dev/ptmx c 5 2
+    [ -c "$1"/dev/ptmx ] || mknod --mode=666 "$1"/dev/ptmx c 5 2
 }
 
 make_devpts()
 {
-    [ -d /dev/pts ] || mkdir --mode=755 /dev/pts
+    [ -d "$1"/dev/pts ] || mkdir --mode=755 "$1"/dev/pts
 }
 
 mount_devpts_fs()
 {
-    mount -t devpts devpts /dev/pts -ogid=${TTYGRP},mode=${TTYMODE}
+    mount -t devpts devpts "$1"/dev/pts -ogid=${TTYGRP},mode=${TTYMODE}
+}
+
+do_devpts_stuff()
+{
+    make_devptmx "$@"
+    make_devpts "$@"
+    devpts_mounted=$(mount | grep -c "^devpts on $1/dev/pts" || true) 
+    if [ $devpts_mounted -lt 1 ]
+    then
+       # echo "trying to mount in $1/dev/pts; devpts_mounted $devpts_mounted"
+        mount_devpts_fs "$@"
+    else
+        # echo "not trying to mount in $1/dev/pts"
+    fi
 }
 
 devfs=$(grep -c '\<devfs' /proc/filesystems || true)
 devpts=$(grep -c '\<devpts' /proc/filesystems || true)
-devpts_mounted=$(mount | grep -c '/dev/pts' || true)
 
 release=$(uname -r)
 major_release=${release%.*}
@@ -42,12 +56,8 @@
                :
            ;;
            devpts)
-               make_devptmx
-               make_devpts
-               if [ $devpts_mounted -lt 1 ]
-               then
-                   mount_devpts_fs
-               fi
+               do_devpts_stuff
+               do_devpts_stuff /usr/jail
            ;;
        esac
     ;;


<kragen@pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
The Internet stock bubble didn't burst on 1999-11-08.  Hurrah!
<URL:http://www.pobox.com/~kragen/bubble.html>
The power didn't go out on 2000-01-01 either.  :)

Reply to:

Prev by Date: virtualfs support in glibc
Next by Date: [no subject]
Previous by thread: virtualfs support in glibc
Next by thread: [no subject]
Index(es):
- Date
- Thread