conf: use bind-mount for /dev/ptmx

AppArmor will refuse on /dev/ptmx being a symlink. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: use bind-mount for /dev/ptmx
a32f7894 · Christian Brauner · Stéphane Graber · 4de4ec76 · a32f7894
Unverified Commit a32f7894 authored Apr 22, 2017 by Christian Brauner Committed by Stéphane Graber Apr 26, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 17 deletions

conf.c src/lxc/conf.c +36 -17

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1397,8 +1397,7 @@ static int setup_pivot_root(const struct lxc_rootfs *rootfs)
 static int lxc_setup_devpts(int num_pts)
 {
 	int ret;
-	char target[PATH_MAX];
-	char *devpts_mntopts = "newinstance,ptmxmode=0666,mode=0620,gid=5";
+	const char *devpts_mntopts = "newinstance,ptmxmode=0666,mode=0620,gid=5";

 	if (!num_pts) {
 		DEBUG("no new devpts instance will be mounted since no pts "
@@ -1406,9 +1405,9 @@ static int lxc_setup_devpts(int num_pts)
 		return 0;
 	}

+	/* Unmount old devpts instance. */
 	ret = access("/dev/pts/ptmx", F_OK);
 	if (!ret) {
-		/* Unmount old devpts instance. */
 		ret = umount("/dev/pts");
 		if (ret < 0) {
 			SYSERROR("failed to unmount old devpts instance");
@@ -1431,30 +1430,50 @@ static int lxc_setup_devpts(int num_pts)
 		return -1;
 	}

+	/* Remove any pre-existing /dev/ptmx file. */
 	ret = access("/dev/ptmx", F_OK);
-	if (ret < 0) {
-		ret = symlink("/dev/pts/ptmx", "/dev/ptmx");
-		if (!ret) {
-			DEBUG("created symlink \"/dev/ptmx\" -> \"/dev/pts/ptmx\"");
-			goto success;
+	if (!ret) {
+		ret = remove("/dev/ptmx");
+		if (ret < 0) {
+			SYSERROR("failed to remove existing \"/dev/ptmx\"");
+			return -1;
 		}
-		SYSERROR("failed to create symlink \"/dev/ptmx\" -> \"/dev/pts/ptmx\"");
-		return -1;
+		DEBUG("removed existing \"/dev/ptmx\"");
 	}

-	/* Check if any existing symlink is valid. */
-	if (realpath("/dev/ptmx", target) && !strcmp(target, "/dev/pts/ptmx"))
-		goto success;
+	/* Create dummy /dev/ptmx file as bind mountpoint for /dev/pts/ptmx. */
+	ret = open("/dev/ptmx", O_CREAT, 0666);
+	if (ret < 0) {
+		SYSERROR("failed to create dummy \"/dev/ptmx\" file as bind mount target");
+		return -1;
+	}
+	DEBUG("created dummy \"/dev/ptmx\" file as bind mount target");

-	/* Fallback here, /dev/pts/ptmx exists so just bind mount it. */
+	/* Fallback option: create symlink /dev/ptmx -> /dev/pts/ptmx  */
 	ret = mount("/dev/pts/ptmx", "/dev/ptmx", "none", MS_BIND, 0);
+	if (!ret) {
+		DEBUG("bind mounted \"/dev/pts/ptmx\" to \"/dev/ptmx\"");
+		return 0;
+	} else {
+		/* Fallthrough and try to create a symlink. */
+		ERROR("failed to bind mount \"/dev/pts/ptmx\" to \"/dev/ptmx\"");
+	}
+
+	/* Remove the dummy /dev/ptmx file we created above. */
+	ret = remove("/dev/ptmx");
 	if (ret < 0) {
-		SYSERROR("failed to bind mount \"/dev/pts/ptmx\" to \"/dev/ptmx\"");
+		SYSERROR("failed to remove existing \"/dev/ptmx\"");
+		return -1;
+	}
+
+	/* Fallback option: Create symlink /dev/ptmx -> /dev/pts/ptmx. */
+	ret = symlink("/dev/pts/ptmx", "/dev/ptmx");
+	if (ret < 0) {
+		SYSERROR("failed to create symlink \"/dev/ptmx\" -> \"/dev/pts/ptmx\"");
 		return -1;
 	}
+	DEBUG("created symlink \"/dev/ptmx\" -> \"/dev/pts/ptmx\"");

-success:
-	INFO("created new devpts instance");
 	return 0;
 }