Salve Herbert, ML!
Herbert Poetzl schrieb am Sonntag, den 02. Juli 2006 um 17:59h:
> > What should I read to learn what fd,pts stands for and
> > to know what /dev/pts/[14|20|21|31-34] are?
>
> *phew* good question, probably a lot of source code :)
>
> thing is, fd and pts (/14,/20 ...) are 'just' names
> used for character and block device nodes, identified
> by the unique major and minor identifiers ...
>
> so, basically c:136:14 means the 14th pseudo terminal
> (regardless of the name, could as well be named hansi)
> > > >Could it by that I'm allowed to remove devices, but
> > > >not allowed to create one?
> > >
> > > Exactly. Giving guests the ability to create devices is a huge security
> > > risk, basically equivalent to just giving access to the host directly.
Whats about the pseudo terminals?
sshd, screen ... and some others can create new ones
as user@guest :)
asterisk seems like to have an own terminal:
# from [Asterist-Users] ML Tzafrir Cohen wrote on
# Tue Jul 4 09:05:46 MST 2006
# safe_asterisk has a flawed logic: it assumes that the tty device will
# always exist. Thus it is not suited for use with screen.
I used "ln -s /dev/pts/31 /dev/tty9" successful,
but on the next day /usr/sbin/safe_asterisk does
not found /dev/tty9..... /dev/pts/31 exist only
for my bash, after exiting this bash, also
/dev/pts/31 has been gone, and so this "hack"
does not work... ;(
How can I create with /etc/init.d/asterisk
a new pseudo terminal, e.g. /dev/pts/ast
and "ln -s /dev/pts/ast /dev/tty9"
Dirty trick would be to start with /etc/init.d/asterisk
a ssh or telnet connection to 127.0.0.1,
is there a smart way to create pseudo terminal, especialy
that this terminal is durable and do not fade away when
something crashed?
> device nodes are always local, so they cannot be
> 'forwarded' to another host, OTOH, you are free to
> create fifos (pipes) and symlinks to 'redirect'
> stuff remotely and local
root@guest# mknode ..... /dev/pts/asterisk
root@guest# ln -s /dev/pts/asterisk /dev/tty9
???
#mknod /dev/tty9 c 7 7
mknod: »/dev/tty9«: Die Operation ist nicht erlaubt
(operatin is not allowed)
And "mknod /dev/tty9 -p" as FIFO does not help
to run asterisk with a console.
I found this:
# From: Herbert Poetzl <herbert_at_13thfloor.at>
# Date: Wed 17 May 2006 - 18:13:50 BST
# Message-ID: <20060517171350.GC4935@MAIL.13thfloor.at>
# On Sun, May 14, 2006 at 09:48:20PM -0700, EKC wrote:
#> I'm running a perl script inside of a linux vserver, and the script
#> requires access to tty and pty devices. However /dev/MAKEDEV and
#> mknod
#> cannot create pty devices from within a vserver.
[...]
#> Is there a way to add devices from within a vserver itself?
#pts/ptmx is auto created inside a guest, with proper
#permissions and security (tty and pty are not required
#inside a guest, unless you want to assign certain 'real'
#consoles to the guest, like vt0/1/2 etc)
ok and how can I use this magic auto creation inside a guest
with/for /etc/init.d/asterisk?
;)
man ptmx getpt(3), grantpt(3), ptsname(3), unlockpt(3)
still a little bit too comlex for me ;(
man expect
man screen
Well I could write
#!/bin/sh
# ttydumy.sh
rm /dev/tty9
ln -s $tty /dev/tty9
and call screen .../ttydumy.sh inside safe_asterisk,
but it seems that screen inside slows asterisk.
(and this is ugly for ssh login and screen -r with
multiple screens...)
So root@guest can indirectly create dumy devices
and there is still no tool like mknode for vserver
- because it is not so neccessary and does not
have such a high priority - right?
Dont't get me wrong, I don't want to be unpolite
and I don't want to be missunderstood that expecting
support and including of that feature....
It's just that I want to understand the power
of vserver and to do the best with them and also
try to document/promote them that it is possible
to run an umpached asterisk with a colord CLI
(Patching asterisk would be a second solution,
would work for me but I think many vserver user
would not do this...)
Greetings,
rob
This is OT for Vserver ML,
more for vserver+asterisk user:
PS: My personal workaround at the moment:
start screen and one of that terminal
is used to get asterisk colored inside
this terminal:
tty > /etc/asterisk/tty
ln -s /dev/pts/$tty /dev/tty9
inside safe_asterisk a test if that
device still exist... if yes
TTY=tt9
so when asterisk crash and there is
no TTY9 it will run without a hangup ;)
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Jul 5 22:45:28 2006