From nobody Thu Feb 10 16:21:03 2022
X-Original-To: hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E7B8C19C2D43
	for <hackers@mlmmj.nyi.freebsd.org>; Thu, 10 Feb 2022 16:21:14 +0000 (UTC)
	(envelope-from steffen@sdaoden.eu)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Jvhnj02jRz4gwZ;
	Thu, 10 Feb 2022 16:21:12 +0000 (UTC)
	(envelope-from steffen@sdaoden.eu)
Received: from kent.sdaoden.eu (kent.sdaoden.eu [192.0.2.2])
	by sdaoden.eu (Postfix) with ESMTPS id D4F6916057;
	Thu, 10 Feb 2022 17:21:04 +0100 (CET)
Received: by kent.sdaoden.eu (Postfix, from userid 1000)
	id 84A2A5E90E; Thu, 10 Feb 2022 17:21:03 +0100 (CET)
Date: Thu, 10 Feb 2022 17:21:03 +0100
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: Michael Gmelin <grembo@freebsd.org>
Cc: Alexander Leidinger <Alexander@leidinger.net>, hackers@freebsd.org
Subject: Re: Behavior of /dev/pts in a jail?
Message-ID: <20220210162103.4PrOq%steffen@sdaoden.eu>
In-Reply-To: <20220209145604.3698c387.grembo@freebsd.org>
References: <20220209113737.Horde.8QntfZV4xEkYdmHjXMgCpHN@webmail.leidinger.net>
 <77267259-0758-4C04-867D-77A896D133E4@freebsd.org>
 <20220209132213.Horde.hjhX_GoM3qNT-7ucnNXd-ae@webmail.leidinger.net>
 <20220209142152.13373548.grembo@freebsd.org>
 <20220209133709.NBhO-%steffen@sdaoden.eu>
 <20220209145604.3698c387.grembo@freebsd.org>
User-Agent: s-nail v14.9.23-233-gc02d5a13cc
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD;
 url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in
 the world can make no bugs.
X-Rspamd-Queue-Id: 4Jvhnj02jRz4gwZ
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of steffen@sdaoden.eu designates 217.144.132.164 as permitted sender) smtp.mailfrom=steffen@sdaoden.eu
X-Spamd-Result: default: False [-1.27 / 15.00];
	 SUBJECT_ENDS_QUESTION(1.00)[];
	 ARC_NA(0.00)[];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 RCPT_COUNT_THREE(0.00)[3];
	 TO_DN_SOME(0.00)[];
	 R_SPF_ALLOW(-0.20)[+a];
	 FROM_HAS_DN(0.00)[];
	 MIME_GOOD(-0.10)[text/plain];
	 DMARC_NA(0.00)[sdaoden.eu];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 TO_MATCH_ENVRCPT_SOME(0.00)[];
	 NEURAL_HAM_SHORT(-0.97)[-0.968];
	 MID_CONTAINS_FROM(1.00)[];
	 MLMMJ_DEST(0.00)[hackers];
	 FROM_EQ_ENVFROM(0.00)[];
	 R_DKIM_NA(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 RCVD_COUNT_TWO(0.00)[2];
	 ASN(0.00)[asn:15987, ipnet:217.144.128.0/20, country:DE];
	 RCVD_TLS_ALL(0.00)[];
	 RECEIVED_SPAMHAUS_PBL(0.00)[192.0.2.2:received]
X-ThisMailContainsUnwantedMimeParts: N
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org

Michael Gmelin wrote in
 <20220209145604.3698c387.grembo@freebsd.org>:
 |On Wed, 09 Feb 2022 14:37:09 +0100
 |Steffen Nurpmeso <steffen@sdaoden.eu> wrote:
 |> Michael Gmelin wrote in
 |>  <20220209142152.13373548.grembo@freebsd.org>:
 |>|On Wed, 09 Feb 2022 13:22:13 +0100
 |>|Alexander Leidinger <Alexander@leidinger.net> wrote:
 |>|> Quoting Michael Gmelin <grembo@freebsd.org> (from Wed, 9 Feb 2022
 |>|> 12:56:49 +0100):
 ...
 |>|>> The problem is caused by jexec inheriting the pty from the jail
 |>|>> host.
 |>|>>
 |>|>> If you use a pty that was created inside of the jail,  
 |>|>> gpg-agent/pinentry works as expected.
 |>|>>
 |>|>> This can be accomplished, e.g., by running tmux inside of the
 |> jail: |>>
 ...
 |>|In the meantime, tmux is probably the most lightweight way of
 |> working |around this in your specific use-case, without having to run
 |> sshd.
 |> 
 |> dtach.  It is much more lightweight.  I use it on the server to
 |> hold a containerized irssi-proxy instance to which i can connect
 |> to via VPN (from a of window of my local tmux).
 ...
 |That's another option I wasn't aware of, thanks.
 |
 |If it's for the occasional interactive session, you can also use
 |the script(1) command that comes with base (which also makes use of
 |openpty(3)), so no need to install any packages:
 |
 |    $ script /dev/null gpg --gen-key

That is really tricky and i would never have thought of it.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)