Skip to content

L
lxc
Unverified Commit ca4eb982 by Christian Brauner
Options

conf: fix devpts mounting when fully unprivileged

Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent e9cab3e7
Showing with 28 additions and 22 deletions
src/lxc/conf.c
...@@ -1599,8 +1599,10 @@ static const struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, ...@@ -1599,8 +1599,10 @@ static const struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf,
static int lxc_setup_devpts(struct lxc_conf *conf) static int lxc_setup_devpts(struct lxc_conf *conf)
{ {
int ret; int ret;
char default_devpts_mntopts[] = "gid=5,newinstance,ptmxmode=0666,mode=0620"; char **opts;
char devpts_mntopts[256]; char devpts_mntopts[256];
char *mntopt_sets[5];
char default_devpts_mntopts[256] = "gid=5,newinstance,ptmxmode=0666,mode=0620";
if (conf->pty_max <= 0) { if (conf->pty_max <= 0) {
DEBUG("No new devpts instance will be mounted since no pts " DEBUG("No new devpts instance will be mounted since no pts "
...@@ -1626,29 +1628,33 @@ static int lxc_setup_devpts(struct lxc_conf *conf) ...@@ -1626,29 +1628,33 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
return -1; return -1;
} }
/* mount new devpts instance */ /* gid=5 && max= */
ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, devpts_mntopts); mntopt_sets[0] = devpts_mntopts;
if (ret < 0) {
/* try mounting without "max" */
if (errno == EINVAL) {
devpts_mntopts[sizeof(default_devpts_mntopts) - 1] = '\0';
ret = mount("devpts", "/dev/pts", "devpts",
MS_NOSUID | MS_NOEXEC, devpts_mntopts);
if (ret < 0) {
SYSERROR("Failed to mount new devpts instance");
return -1;
}
}
/* try mounting without gid=5 */ /* !gid=5 && max= */
ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, mntopt_sets[1] = devpts_mntopts + sizeof("gid=5");
devpts_mntopts + sizeof("gid=5"));
if (ret < 0) { /* gid=5 && !max= */
SYSERROR("Failed to mount new devpts instance"); mntopt_sets[2] = default_devpts_mntopts;
return -1;
} /* !gid=5 && !max= */
mntopt_sets[3] = default_devpts_mntopts + sizeof("gid=5");
/* end */
mntopt_sets[4] = NULL;
for (ret = -1, opts = mntopt_sets; opts && *opts; opts++) {
/* mount new devpts instance */
ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, *opts);
if (ret == 0)
break;
}
if (ret < 0) {
SYSERROR("Failed to mount new devpts instance");
return -1;
} }
DEBUG("Mount new devpts instance with options \"%s\"", devpts_mntopts); DEBUG("Mount new devpts instance with options \"%s\"", *opts);
/* Remove any pre-existing /dev/ptmx file. */ /* Remove any pre-existing /dev/ptmx file. */
ret = remove("/dev/ptmx"); ret = remove("/dev/ptmx");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment