On Sat, Dec 21, 2013 at 04:33:42PM +0100, Armin K. wrote: > devpts should also be bind-mounted, as it will override default devpts > flags and permissions which were mounted before. > > In my case: > > mount output before mounting devpts at $LFS/dev/pts > > devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620)
Why add nosuid or noexec? Only root can create files in the devpts filesystem anyway (the directory post mount is 0755 root/root), so users can't add setuid or executable files anyway. And the filesystem contents can't be persisted anyway (it's not like a CD or USB drive, which might have the "user" option present, allowing users to attach arbitrary files to the system), so that's not a vector for introducing setuid or executable files either. Seems like trying to restrict root isn't the best idea. :-) > I would certainly not want lfs to modify my host system. That's one good reason that it's *not* a bind mount, IMO. > In some cases, > tty gid could be different This is about the only potential issue. However, the /etc/group file that's about to be created in the book at this point does definitely assign tty to gid 5, so inside the chroot, /dev/pts will definitely be correct regardless of the host group assignment. ...And in fact, I think that's another reason to avoid a bind mount. If the host assigns tty to gid 4, then the bind mount will be broken inside chroot, since glibc will require it to be 5 in there. > Furthermore, I think that /run should also be mounted when building lfs, > since that is meant to be a tmpfs too, but some packages might install > files in there. That I can see. :-) -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
