Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754191AbcDSTOh (ORCPT ); Tue, 19 Apr 2016 15:14:37 -0400 Received: from out01.mta.xmission.com ([166.70.13.231]:49048 "EHLO out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753420AbcDSTOe (ORCPT ); Tue, 19 Apr 2016 15:14:34 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: "H. Peter Anvin" Cc: Linus Torvalds , Andy Lutomirski , security@debian.org, "security\@kernel.org" , Al Viro , "security\@ubuntu.com \>\> security" , Peter Hurley , Serge Hallyn , Willy Tarreau , Aurelien Jarno , One Thousand Gnomes , Jann Horn , Greg KH , Linux Kernel Mailing List , Jiri Slaby , Florian Weimer References: <877ffyzy1j.fsf_-_@x220.int.ebiederm.org> <1460734532-20134-1-git-send-email-ebiederm@xmission.com> <1460734532-20134-14-git-send-email-ebiederm@xmission.com> <8737qhpifz.fsf@x220.int.ebiederm.org> <25D92F7D-32F9-4913-9995-2F6B430FA29E@zytor.com> Date: Tue, 19 Apr 2016 14:03:47 -0500 In-Reply-To: <25D92F7D-32F9-4913-9995-2F6B430FA29E@zytor.com> (H. Peter Anvin's message of "Tue, 19 Apr 2016 11:47:14 -0700") Message-ID: <87inzdju98.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-AID: U2FsdGVkX1/yp70CX8m9k6lnEWIZsGjCk9dDfL7H4HE= X-SA-Exim-Connect-IP: 97.119.105.151 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: *;"H. Peter Anvin" X-Spam-Relay-Country: X-Spam-Timing: total 1727 ms - load_scoreonly_sql: 0.06 (0.0%), signal_user_changed: 4.0 (0.2%), b_tie_ro: 2.8 (0.2%), parse: 0.96 (0.1%), extract_message_metadata: 16 (0.9%), get_uri_detail_list: 1.09 (0.1%), tests_pri_-1000: 6 (0.3%), tests_pri_-950: 1.19 (0.1%), tests_pri_-900: 1.06 (0.1%), tests_pri_-400: 19 (1.1%), check_bayes: 18 (1.0%), b_tokenize: 6 (0.3%), b_tok_get_all: 6 (0.3%), b_comp_prob: 1.62 (0.1%), b_tok_touch_all: 2.7 (0.2%), b_finish: 0.66 (0.0%), tests_pri_0: 197 (11.4%), check_dkim_signature: 0.50 (0.0%), check_dkim_adsp: 4.9 (0.3%), tests_pri_500: 1480 (85.7%), poll_dns_idle: 1473 (85.3%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH 14/16] vfs: Implement mount_super_once X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 749 Lines: 22 "H. Peter Anvin" writes: >>- Support for reserving ptys for the system devpts instance using >> /proc/sys/kernel/pty/reserve needs to be removed. >> >>Eric > > pty capping should probably be a devpts mount option There is a max option so pty capping is a per devpts option. > , and perhaps a > sufficiently privileged user could be allowed to set another mount > option to allow that instance to dip into the reserved pool or exempt > it completely from the global limit as set in sysctl. I agree that we could keep the reserved pool, and add a new way to access it. However no piece of existing userspace could use it. So the simplest thing to do (unless something actually breaks), is to just remove the reserve pool. Eric