[PATCH v4 06/10] LXC: controller: change the owner of tty devices to the root user of container

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Since these tty devices will be used by container,
the owner of them should be the root user of container.

This patch also adds a new function virLXCControllerChown,
we can use this general function to change the owner of
files.

Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
---
 src/lxc/lxc_controller.c | 50 +++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 75c7a85..66eae16 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -1121,6 +1121,27 @@ cleanup2:
     return rc;
 }
 
+static int
+virLXCControllerChown(virLXCControllerPtr ctrl, char *path)
+{
+    uid_t uid;
+    gid_t gid;
+
+    if (!ctrl->def->idmap.uidmap)
+        return 0;
+
+    uid = ctrl->def->idmap.uidmap[0].target;
+    gid = ctrl->def->idmap.gidmap[0].target;
+
+    if (chown(path, uid, gid) < 0) {
+        virReportSystemError(errno,
+                             _("Failed to change owner of %s to %u:%u"),
+                             path, uid, gid);
+        return -1;
+    }
+
+    return 0;
+}
 
 static int
 virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map,
@@ -1383,13 +1404,14 @@ static int lxcSetPersonality(virDomainDefPtr def)
  * *TTYNAME.  Heavily borrowed from glibc, but doesn't require that
  * devpts == "/dev/pts" */
 static int
-lxcCreateTty(char *ptmx, int *ttymaster, char **ttyName)
+lxcCreateTty(virLXCControllerPtr ctrl, int *ttymaster,
+             char **ttyName, char **ttyHostPath)
 {
     int ret = -1;
     int ptyno;
     int unlock = 0;
 
-    if ((*ttymaster = open(ptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
+    if ((*ttymaster = open(ctrl->devptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
         goto cleanup;
 
     if (ioctl(*ttymaster, TIOCSPTLCK, &unlock) < 0)
@@ -1404,7 +1426,9 @@ lxcCreateTty(char *ptmx, int *ttymaster, char **ttyName)
      * while glibc has to fstat(), fchmod(), and fchown() for older
      * kernels, we can skip those steps.  ptyno shouldn't currently be
      * anything other than 0, but let's play it safe.  */
-    if (virAsprintf(ttyName, "/dev/pts/%d", ptyno) < 0) {
+    if ((virAsprintf(ttyName, "/dev/pts/%d", ptyno) < 0) ||
+        (virAsprintf(ttyHostPath, "/%s/%s.devpts/%d", LXC_STATE_DIR,
+                    ctrl->def->name, ptyno) < 0)) {
         virReportOOMError();
         errno = ENOMEM;
         goto cleanup;
@@ -1538,18 +1562,30 @@ virLXCControllerSetupConsoles(virLXCControllerPtr ctrl,
                               char **containerTTYPaths)
 {
     size_t i;
+    int ret = -1;
+    char *ttyHostPath = NULL;
 
     for (i = 0; i < ctrl->nconsoles; i++) {
         VIR_DEBUG("Opening tty on private %s", ctrl->devptmx);
-        if (lxcCreateTty(ctrl->devptmx,
+        if (lxcCreateTty(ctrl,
                          &ctrl->consoles[i].contFd,
-                         &containerTTYPaths[i]) < 0) {
+                         &containerTTYPaths[i], &ttyHostPath) < 0) {
             virReportSystemError(errno, "%s",
                                      _("Failed to allocate tty"));
-            return -1;
+            goto cleanup;
         }
+
+        /* Change the owner of tty device to the root user of container */
+        if (virLXCControllerChown(ctrl, ttyHostPath) < 0)
+            goto cleanup;
+
+        VIR_FREE(ttyHostPath);
     }
-    return 0;
+
+    ret = 0;
+cleanup:
+    VIR_FREE(ttyHostPath);
+    return ret;
 }
 
 
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]