Re: [PATCH v3 08/12] LXC: controller: change the owner of tty devices to the root user of container

"Richard RW. Weinberger" <richard@xxxxxxxxxxxxx> · Thu, 23 May 2013 07:52:23 +0200 (CEST)

Hi!

----- Ursprüngliche Mail -----
> Since these tty devices will be used by container,
> the owner of them should be the root user of container.
> 
> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
> ---
>  src/lxc/lxc_controller.c | 43
>  +++++++++++++++++++++++++++++++++++++------
>  1 file changed, 37 insertions(+), 6 deletions(-)
> 
> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
> index 7d10660..4660f25 100644
> --- a/src/lxc/lxc_controller.c
> +++ b/src/lxc/lxc_controller.c
> @@ -1380,13 +1380,14 @@ static int lxcSetPersonality(virDomainDefPtr
> def)
>   * *TTYNAME.  Heavily borrowed from glibc, but doesn't require that
>   * devpts == "/dev/pts" */
>  static int
> -lxcCreateTty(char *ptmx, int *ttymaster, char **ttyName)
> +lxcCreateTty(virLXCControllerPtr ctrl, int *ttymaster,
> +             char **ttyName, char **ttyHostPath)
>  {
>      int ret = -1;
>      int ptyno;
>      int unlock = 0;
>  
> -    if ((*ttymaster = open(ptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
> +    if ((*ttymaster = open(ctrl->devptmx,
> O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
>          goto cleanup;
>  
>      if (ioctl(*ttymaster, TIOCSPTLCK, &unlock) < 0)
> @@ -1407,6 +1408,13 @@ lxcCreateTty(char *ptmx, int *ttymaster, char
> **ttyName)
>          goto cleanup;
>      }
>  
> +    if (virAsprintf(ttyHostPath, "/%s/%s.devpts/%d", LXC_STATE_DIR,
> +                    ctrl->def->name, ptyno) < 0) {
> +        virReportOOMError();
> +        errno = ENOMEM;
> +        goto cleanup;
> +    }
> +
>      ret = 0;
>  
>  cleanup:
> @@ -1552,18 +1560,41 @@
> virLXCControllerSetupConsoles(virLXCControllerPtr ctrl,
>                                char **containerTTYPaths)
>  {
>      size_t i;
> +    int ret = -1;
> +    uid_t uid = (uid_t)-1;
> +    gid_t gid = (gid_t)-1;
> +    char *ttyHostPath = NULL;
> +
> +    if (ctrl->def->idmap.uidmap) {
> +        uid = ctrl->def->idmap.uidmap[0].target;
> +        gid = ctrl->def->idmap.gidmap[0].target;
> +    }
>  
>      for (i = 0; i < ctrl->nconsoles; i++) {
>          VIR_DEBUG("Opening tty on private %s", ctrl->devptmx);
> -        if (lxcCreateTty(ctrl->devptmx,
> +        if (lxcCreateTty(ctrl,
>                           &ctrl->consoles[i].contFd,
> -                         &containerTTYPaths[i]) < 0) {
> +                         &containerTTYPaths[i], &ttyHostPath) < 0) {
>              virReportSystemError(errno, "%s",
>                                       _("Failed to allocate tty"));
> -            return -1;
> +            goto out;
>          }
> +
> +        /* Change the owner of tty device to the root user of
> container */
> +        if (chown(ttyHostPath, uid, gid) < 0) {
> +            virReportSystemError(errno,
> +                                 _("Failed to change owner of tty"
> +                                 " %s to %u:%u"),
> +                                 ttyHostPath, uid, gid);
> +            goto out;
> +        }
> +        VIR_FREE(ttyHostPath);

Why do you free ttyHostPath here?
You already do it in the exit path.

>      }
> -    return 0;
> +
> +    ret = 0;
> +out:
> +    VIR_FREE(ttyHostPath);

Double free?

> +    return ret;
>  }

Thanks,
//richard

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list