On Wed, 2017-05-10 at 21:29 +0100, Alan Cox wrote: > > In addition your change to allow it to be used by root in the guest > completely invalidates any protection you have because I can push > > "rm -rf /\n" > > as root in my namespace and exit > > The tty buffers are not flushed across the context change so the shell > you return to gets the input and oh dear.... > > Alan
I might be missing something, but it looks like the patch tracks where the tty was created and only allows this with CAP_SYS_ADMIN in the ns where the tty came from.