[libvirt-users] LXC, libvrt-1.1.2-r3 (Gentoo), "/dev/tty12", mount /dev with inverse of 'nodev'?
Daniel P. Berrange
berrange at redhat.com
Tue Oct 1 09:12:34 UTC 2013
On Mon, Sep 30, 2013 at 02:24:45PM -0500, Dennis Jenkins wrote:
> Hello again,
>
> TL;DR:
>
> Today I noticed that my LXC container was out of space in "/dev". It
> took me a few minutes to figure out why. There were only 23 files there.
> The "/dev" fs quota was 64K, and all was taken up.
>
> The problem was that "syslog-ng" was writing "console" messages to
> "/dev/tty12". But "/dev/tty12" was not a device node, so the kernel
> "(2)open"ed it as a file and dutifully wrote to it.
>
> I have corrected my syslog-ng config, but I was wondering....
>
> Is there any legitimate reason to EVER have a regular file in "/dev"?
> If not, can libvirt or Linux be modified so that the filesystem can be
> mounted in such a way to prevent a regular file from ever being created
> there? Kind of like an inverse of the "nodev" mount option seen in various
> filesystems (ext3, nfs). IMHO, I would rather have syslog-ng (or other
> tool) fail to open a regular file in "/dev", than for it is succeed and
> then fill up the small fs.
AFAIK, there is no way to setup a filesystem such that it prevents
creation of regular files. NB, that we need to allow creation of symlinks,
fifos, directories for various legitimate reasons. So not sure there's
really anything we can do about this problem - the size limits on /dev
content are the best option I know of to protect against this kind of
mistake
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvirt-users
mailing list