[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v2 7/8] LXC: change the owner of tty devices to the root user of container



Since these tty devices will be used by container,
the owner of them should be the root user of container.

Signed-off-by: Gao feng <gaofeng cn fujitsu com>
---
 src/lxc/lxc_controller.c | 46 +++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 41 insertions(+), 5 deletions(-)

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index f7bdf54..31c7cd5 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -1288,13 +1288,14 @@ static int lxcSetPersonality(virDomainDefPtr def)
  * *TTYNAME.  Heavily borrowed from glibc, but doesn't require that
  * devpts == "/dev/pts" */
 static int
-lxcCreateTty(char *ptmx, int *ttymaster, char **ttyName)
+lxcCreateTty(virLXCControllerPtr ctrl, int *ttymaster,
+             char **ttyName, char **ttyHostPath)
 {
     int ret = -1;
     int ptyno;
     int unlock = 0;
 
-    if ((*ttymaster = open(ptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
+    if ((*ttymaster = open(ctrl->devptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
         goto cleanup;
 
     if (ioctl(*ttymaster, TIOCSPTLCK, &unlock) < 0)
@@ -1315,6 +1316,15 @@ lxcCreateTty(char *ptmx, int *ttymaster, char **ttyName)
         goto cleanup;
     }
 
+    /* Change the owner of this new created tty device to the root
+     * user of container. */
+    if (virAsprintf(ttyHostPath, "%s/%s.devpts/%d", LXC_STATE_DIR,
+                    ctrl->def->name, ptyno) < 0) {
+        virReportOOMError();
+        errno = ENOMEM;
+        goto cleanup;
+    }
+
     ret = 0;
 
 cleanup:
@@ -1452,18 +1462,44 @@ virLXCControllerSetupConsoles(virLXCControllerPtr ctrl,
                               char **containerTTYPaths)
 {
     size_t i;
+    int ret = -1;
+    uid_t uid = -1;
+    gid_t gid = -1;
+    bool userns_enabled = false;
+    char *ttyHostPath = NULL;
+
+    if (ctrl->def->idmap.uidmap && ctrl->def->idmap.gidmap) {
+        uid = ctrl->def->idmap.uidmap[0].target;
+        gid = ctrl->def->idmap.gidmap[0].target;
+        userns_enabled = true;
+    }
 
     for (i = 0 ; i < ctrl->nconsoles ; i++) {
         VIR_DEBUG("Opening tty on private %s", ctrl->devptmx);
-        if (lxcCreateTty(ctrl->devptmx,
+        if (lxcCreateTty(ctrl,
                          &ctrl->consoles[i].contFd,
-                         &containerTTYPaths[i]) < 0) {
+                         &containerTTYPaths[i], &ttyHostPath) < 0) {
             virReportSystemError(errno, "%s",
                                      _("Failed to allocate tty"));
             return -1;
         }
+
+        /* Change the owner of this new created tty device to the root
+         * user of container. */
+        if (userns_enabled && (chown(ttyHostPath, uid, gid) < 0)) {
+            virReportSystemError(errno,
+                                 _("Failed to change owner of tty"
+                                 " %s to %u:%u"),
+                                 ttyHostPath, uid, gid);
+            goto out;
+        }
+        VIR_FREE(ttyHostPath);
     }
-    return 0;
+
+    ret = 0;
+out:
+    VIR_FREE(ttyHostPath);
+    return ret;
 }
 
 
-- 
1.8.1.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]