Skip to content

L
lxc
Unverified Commit 577abe43 by Stéphane Graber Committed by GitHub
Options

Merge pull request #2554 from brauner/2018-08-21/attach_fixes

attach: bugfixes
parents 723abbab 604ca1c0
Showing with 40 additions and 53 deletions
src/lxc/attach.c
...@@ -24,36 +24,24 @@ ...@@ -24,36 +24,24 @@
#define _GNU_SOURCE #define _GNU_SOURCE
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include <termios.h>
#include <grp.h> #include <grp.h>
#include <linux/unistd.h>
#include <pwd.h> #include <pwd.h>
#include <signal.h> #include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <unistd.h>
#include <linux/unistd.h>
#include <sys/mount.h> #include <sys/mount.h>
#include <sys/param.h> #include <sys/param.h>
#include <sys/prctl.h> #include <sys/prctl.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/syscall.h> #include <sys/syscall.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <termios.h>
#include <unistd.h>
#include <lxc/lxccontainer.h> #include <lxc/lxccontainer.h>
#ifndef HAVE_DECL_PR_CAPBSET_DROP
#define PR_CAPBSET_DROP 24
#endif
#ifndef HAVE_DECL_PR_SET_NO_NEW_PRIVS
#define PR_SET_NO_NEW_PRIVS 38
#endif
#ifndef HAVE_DECL_PR_GET_NO_NEW_PRIVS
#define PR_GET_NO_NEW_PRIVS 39
#endif
#include "af_unix.h" #include "af_unix.h"
#include "attach.h" #include "attach.h"
#include "caps.h" #include "caps.h"
...@@ -66,6 +54,7 @@ ...@@ -66,6 +54,7 @@
#include "lsm/lsm.h" #include "lsm/lsm.h"
#include "lxclock.h" #include "lxclock.h"
#include "lxcseccomp.h" #include "lxcseccomp.h"
#include "macro.h"
#include "mainloop.h" #include "mainloop.h"
#include "namespace.h" #include "namespace.h"
#include "terminal.h" #include "terminal.h"
...@@ -75,35 +64,24 @@ ...@@ -75,35 +64,24 @@
#include <sys/personality.h> #include <sys/personality.h>
#endif #endif
#ifndef SOCK_CLOEXEC
#define SOCK_CLOEXEC 02000000
#endif
#ifndef MS_REC
#define MS_REC 16384
#endif
#ifndef MS_SLAVE
#define MS_SLAVE (1 << 19)
#endif
lxc_log_define(attach, lxc); lxc_log_define(attach, lxc);
/* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */ /* Define default options if no options are supplied by the user. */
#define __PROC_STATUS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1) static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
static struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid) static struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
{ {
int ret; int ret;
bool found; bool found;
FILE *proc_file; FILE *proc_file;
char proc_fn[__PROC_STATUS_LEN]; char proc_fn[LXC_PROC_STATUS_LEN];
size_t line_bufsz = 0; size_t line_bufsz = 0;
char *line = NULL; char *line = NULL;
struct lxc_proc_context_info *info = NULL; struct lxc_proc_context_info *info = NULL;
/* Read capabilities. */ /* Read capabilities. */
ret = snprintf(proc_fn, __PROC_STATUS_LEN, "/proc/%d/status", pid); ret = snprintf(proc_fn, LXC_PROC_STATUS_LEN, "/proc/%d/status", pid);
if (ret < 0 || ret >= __PROC_STATUS_LEN) if (ret < 0 || ret >= LXC_PROC_STATUS_LEN)
goto on_error; goto on_error;
proc_file = fopen(proc_fn, "r"); proc_file = fopen(proc_fn, "r");
...@@ -604,7 +582,7 @@ static char *lxc_attach_getpwshell(uid_t uid) ...@@ -604,7 +582,7 @@ static char *lxc_attach_getpwshell(uid_t uid)
static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid) static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
{ {
FILE *proc_file; FILE *proc_file;
char proc_fn[__PROC_STATUS_LEN]; char proc_fn[LXC_PROC_STATUS_LEN];
int ret; int ret;
char *line = NULL; char *line = NULL;
size_t line_bufsz = 0; size_t line_bufsz = 0;
...@@ -612,8 +590,8 @@ static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid) ...@@ -612,8 +590,8 @@ static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
uid_t uid = (uid_t)-1; uid_t uid = (uid_t)-1;
gid_t gid = (gid_t)-1; gid_t gid = (gid_t)-1;
ret = snprintf(proc_fn, __PROC_STATUS_LEN, "/proc/%d/status", 1); ret = snprintf(proc_fn, LXC_PROC_STATUS_LEN, "/proc/%d/status", 1);
if (ret < 0 || ret >= __PROC_STATUS_LEN) if (ret < 0 || ret >= LXC_PROC_STATUS_LEN)
return; return;
proc_file = fopen(proc_fn, "r"); proc_file = fopen(proc_fn, "r");
...@@ -652,17 +630,6 @@ static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid) ...@@ -652,17 +630,6 @@ static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
*/ */
} }
/* Help the optimizer along if it doesn't know that exit always exits. */
#define rexit(c) \
do { \
int __c = (c); \
_exit(__c); \
return __c; \
} while (0)
/* Define default options if no options are supplied by the user. */
static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
static bool fetch_seccomp(struct lxc_container *c, lxc_attach_options_t *options) static bool fetch_seccomp(struct lxc_container *c, lxc_attach_options_t *options)
{ {
int ret; int ret;
...@@ -986,11 +953,11 @@ static int attach_child_main(struct attach_clone_payload *payload) ...@@ -986,11 +953,11 @@ static int attach_child_main(struct attach_clone_payload *payload)
} }
/* We're done, so we can now do whatever the user intended us to do. */ /* We're done, so we can now do whatever the user intended us to do. */
rexit(payload->exec_function(payload->exec_payload)); _exit(payload->exec_function(payload->exec_payload));
on_error: on_error:
lxc_put_attach_clone_payload(payload); lxc_put_attach_clone_payload(payload);
rexit(EXIT_FAILURE); _exit(EXIT_FAILURE);
} }
static int lxc_attach_terminal(struct lxc_conf *conf, static int lxc_attach_terminal(struct lxc_conf *conf,
...@@ -1447,7 +1414,7 @@ int lxc_attach(const char *name, const char *lxcpath, ...@@ -1447,7 +1414,7 @@ int lxc_attach(const char *name, const char *lxcpath,
if (ret != sizeof(status)) { if (ret != sizeof(status)) {
shutdown(ipc_sockets[1], SHUT_RDWR); shutdown(ipc_sockets[1], SHUT_RDWR);
lxc_proc_put_context_info(init_ctx); lxc_proc_put_context_info(init_ctx);
rexit(-1); _exit(EXIT_FAILURE);
} }
TRACE("Intermediate process starting to initialize"); TRACE("Intermediate process starting to initialize");
...@@ -1460,7 +1427,7 @@ int lxc_attach(const char *name, const char *lxcpath, ...@@ -1460,7 +1427,7 @@ int lxc_attach(const char *name, const char *lxcpath,
ERROR("Failed to enter namespaces"); ERROR("Failed to enter namespaces");
shutdown(ipc_sockets[1], SHUT_RDWR); shutdown(ipc_sockets[1], SHUT_RDWR);
lxc_proc_put_context_info(init_ctx); lxc_proc_put_context_info(init_ctx);
rexit(-1); _exit(EXIT_FAILURE);
} }
/* close namespace file descriptors */ /* close namespace file descriptors */
...@@ -1491,7 +1458,7 @@ int lxc_attach(const char *name, const char *lxcpath, ...@@ -1491,7 +1458,7 @@ int lxc_attach(const char *name, const char *lxcpath,
SYSERROR("Failed to clone attached process"); SYSERROR("Failed to clone attached process");
shutdown(ipc_sockets[1], SHUT_RDWR); shutdown(ipc_sockets[1], SHUT_RDWR);
lxc_proc_put_context_info(init_ctx); lxc_proc_put_context_info(init_ctx);
rexit(-1); _exit(EXIT_FAILURE);
} }
if (pid == 0) { if (pid == 0) {
...@@ -1516,14 +1483,14 @@ int lxc_attach(const char *name, const char *lxcpath, ...@@ -1516,14 +1483,14 @@ int lxc_attach(const char *name, const char *lxcpath,
*/ */
shutdown(ipc_sockets[1], SHUT_RDWR); shutdown(ipc_sockets[1], SHUT_RDWR);
lxc_proc_put_context_info(init_ctx); lxc_proc_put_context_info(init_ctx);
rexit(-1); _exit(EXIT_FAILURE);
} }
TRACE("Sending pid %d of attached process", pid); TRACE("Sending pid %d of attached process", pid);
/* The rest is in the hands of the initial and the attached process. */ /* The rest is in the hands of the initial and the attached process. */
lxc_proc_put_context_info(init_ctx); lxc_proc_put_context_info(init_ctx);
rexit(0); _exit(0);
} }
int lxc_attach_run_command(void* payload) int lxc_attach_run_command(void* payload)
......
src/lxc/macro.h
...@@ -67,6 +67,19 @@ ...@@ -67,6 +67,19 @@
#define CAP_SYS_ADMIN 21 #define CAP_SYS_ADMIN 21
#endif #endif
#ifndef HAVE_DECL_PR_CAPBSET_DROP
#define PR_CAPBSET_DROP 24
#endif
/* prctl */
#ifndef HAVE_DECL_PR_SET_NO_NEW_PRIVS
#define PR_SET_NO_NEW_PRIVS 38
#endif
#ifndef HAVE_DECL_PR_GET_NO_NEW_PRIVS
#define PR_GET_NO_NEW_PRIVS 39
#endif
#ifndef CGROUP_SUPER_MAGIC #ifndef CGROUP_SUPER_MAGIC
#define CGROUP_SUPER_MAGIC 0x27e0eb #define CGROUP_SUPER_MAGIC 0x27e0eb
#endif #endif
...@@ -105,6 +118,8 @@ ...@@ -105,6 +118,8 @@
* \0 = 1 * \0 = 1
*/ */
#define LXC_PROC_PID_FD_LEN (6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1) #define LXC_PROC_PID_FD_LEN (6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1)
/* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */
#define LXC_PROC_STATUS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
/* loop devices */ /* loop devices */
#ifndef LO_FLAGS_AUTOCLEAR #ifndef LO_FLAGS_AUTOCLEAR
...@@ -240,4 +255,9 @@ extern int __build_bug_on_failed; ...@@ -240,4 +255,9 @@ extern int __build_bug_on_failed;
#define O_NOFOLLOW 00400000 #define O_NOFOLLOW 00400000
#endif #endif
/* sockets */
#ifndef SOCK_CLOEXEC
#define SOCK_CLOEXEC 02000000
#endif
#endif /* __LXC_MACRO_H */ #endif /* __LXC_MACRO_H */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment