Skip to content

L
lxc
Unverified Commit f4900711 by Christian Brauner
Options

conf: detect if devpts can be mounted with gid=5

Closes #2033. Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent 4160c3a0
Showing with 32 additions and 27 deletions
src/lxc/conf.c
...@@ -1416,20 +1416,46 @@ static int setup_pivot_root(const struct lxc_rootfs *rootfs) ...@@ -1416,20 +1416,46 @@ static int setup_pivot_root(const struct lxc_rootfs *rootfs)
return 0; return 0;
} }
static int lxc_setup_devpts(int num_pts) static struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, unsigned id,
enum idtype idtype)
{
struct lxc_list *it;
struct id_map *map;
struct id_map *retmap = NULL;
lxc_list_for_each(it, &conf->id_map) {
map = it->elem;
if (map->idtype != idtype)
continue;
if (id >= map->nsid && id < map->nsid + map->range) {
retmap = map;
break;
}
}
return retmap;
}
static int lxc_setup_devpts(struct lxc_conf *conf)
{ {
int ret; int ret;
const char *default_devpts_mntopts = "newinstance,ptmxmode=0666,mode=0620,gid=5"; const char *default_devpts_mntopts;
char devpts_mntopts[256]; char devpts_mntopts[256];
if (!num_pts) { if (conf->pts <= 0) {
DEBUG("no new devpts instance will be mounted since no pts " DEBUG("no new devpts instance will be mounted since no pts "
"devices are requested"); "devices are requested");
return 0; return 0;
} }
if (!find_mapped_nsid_entry(conf, 5, ID_TYPE_GID))
default_devpts_mntopts = "newinstance,ptmxmode=0666,mode=0620";
else
default_devpts_mntopts = "newinstance,ptmxmode=0666,mode=0620,gid=5";
ret = snprintf(devpts_mntopts, sizeof(devpts_mntopts), "%s,max=%d", ret = snprintf(devpts_mntopts, sizeof(devpts_mntopts), "%s,max=%d",
default_devpts_mntopts, num_pts); default_devpts_mntopts, conf->pts);
if (ret < 0 || (size_t)ret >= sizeof(devpts_mntopts)) if (ret < 0 || (size_t)ret >= sizeof(devpts_mntopts))
return -1; return -1;
...@@ -1452,7 +1478,7 @@ static int lxc_setup_devpts(int num_pts) ...@@ -1452,7 +1478,7 @@ static int lxc_setup_devpts(int num_pts)
} }
/* Mount new devpts instance. */ /* Mount new devpts instance. */
ret = mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL, devpts_mntopts); ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, devpts_mntopts);
if (ret < 0) { if (ret < 0) {
SYSERROR("failed to mount new devpts instance"); SYSERROR("failed to mount new devpts instance");
return -1; return -1;
...@@ -3323,7 +3349,7 @@ int lxc_setup(struct lxc_handler *handler) ...@@ -3323,7 +3349,7 @@ int lxc_setup(struct lxc_handler *handler)
return -1; return -1;
} }
if (lxc_setup_devpts(lxc_conf->pts)) { if (lxc_setup_devpts(lxc_conf)) {
ERROR("failed to setup the new pts instance"); ERROR("failed to setup the new pts instance");
return -1; return -1;
} }
...@@ -3731,27 +3757,6 @@ static int run_userns_fn(void *data) ...@@ -3731,27 +3757,6 @@ static int run_userns_fn(void *data)
return d->fn(d->arg); return d->fn(d->arg);
} }
static struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, unsigned id,
enum idtype idtype)
{
struct lxc_list *it;
struct id_map *map;
struct id_map *retmap = NULL;
lxc_list_for_each(it, &conf->id_map) {
map = it->elem;
if (map->idtype != idtype)
continue;
if (id >= map->nsid && id < map->nsid + map->range) {
retmap = map;
break;
}
}
return retmap;
}
static struct id_map *mapped_nsid_add(struct lxc_conf *conf, unsigned id, static struct id_map *mapped_nsid_add(struct lxc_conf *conf, unsigned id,
enum idtype idtype) enum idtype idtype)
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment