Hi, On Fri, Mar 3, 2023 at 9:45 AM Gianfranco Costamagna <locutusofb...@debian.org> wrote: > + # allow printing to stdout/stderr when inside a container > + # (LP: #1667016) > + /dev/pts/* rw,
Thank you for reporting this issue, and the patch. While the change is indeed trivial, giving unfettered rw access to /dev/pts/* it is a high price to pay in terms of weakening the sandbox for an uncommon use case. With access to /dev/pts, an attacker can access SSH sessions and other terminals. Is there any way this could be fixed on the LXD side, or made more restrictive? Regards, -- Romain Francoise <rfranco...@debian.org> https://people.debian.org/~rfrancoise/
