Can anyone explain this one:
Embedded Arm system, Linux 3.18.44. No SELinux or anything:
# ls -l /dev/console
crw------- 1 root root 5, 1 Jan 6 02:40 /dev/console
# ls -l /tmp/console
crw------- 1 root root 5, 1 Jan 6 02:39 /tmp/console
# echo foo > /dev/console
foo
# echo foo > /tmp/console
-sh: can't create /tmp/console: Permission denied
# ls -ld /tmp
drwxr-xr-x 2 root root 80 Jan 6 02:39 /tmp
# ls -ld /dev
drwxr-xr-x 11 root root 5480 Jan 6 02:32 /dev
Some detail from strace:
# strace sh -c 'echo foo > /tmp/console' 2>&1 | grep console
execve("/bin/sh", ["sh", "-c", "echo foo > /tmp/console"], [/* 12 vars */]) = 0
open("/tmp/console", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 EACCES (Pe)
Versus:
# strace sh -c 'echo foo > /dev/console' 2>&1 | grep console
execve("/bin/sh", ["sh", "-c", "echo foo > /dev/console"], [/* 12 vars */]) = 0
open("/dev/console", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 3
foo
It's the same device: major 5, minor 1. Why would the device care about the path name of the filesystem node that refers to it? If that's what the issue is, which is what it looks like:
# mknod -m 600 /tmp/cons c 5 1
# echo foo > /dev/cons
foo
# mknod -m 600 /tmp/cons c 5 1
# echo foo > /tmp/cons
-sh: can't create /tmp/cons: Permission denied
Some sort of "security theatre"? It works under Linux 3.14 on very similar hardware.
