mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 06:35:24 +00:00
LXC: controller: change the owner of tty devices to the root user of container
Since these tty devices will be used by container, the owner of them should be the root user of container. This patch also adds a new function virLXCControllerChown, we can use this general function to change the owner of files. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
This commit is contained in:
parent
e1d32bb955
commit
ff1a6019e9
@ -1121,6 +1121,27 @@ cleanup2:
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
virLXCControllerChown(virLXCControllerPtr ctrl, char *path)
|
||||||
|
{
|
||||||
|
uid_t uid;
|
||||||
|
gid_t gid;
|
||||||
|
|
||||||
|
if (!ctrl->def->idmap.uidmap)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
uid = ctrl->def->idmap.uidmap[0].target;
|
||||||
|
gid = ctrl->def->idmap.gidmap[0].target;
|
||||||
|
|
||||||
|
if (chown(path, uid, gid) < 0) {
|
||||||
|
virReportSystemError(errno,
|
||||||
|
_("Failed to change owner of %s to %u:%u"),
|
||||||
|
path, uid, gid);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map,
|
virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map,
|
||||||
@ -1383,13 +1404,14 @@ static int lxcSetPersonality(virDomainDefPtr def)
|
|||||||
* *TTYNAME. Heavily borrowed from glibc, but doesn't require that
|
* *TTYNAME. Heavily borrowed from glibc, but doesn't require that
|
||||||
* devpts == "/dev/pts" */
|
* devpts == "/dev/pts" */
|
||||||
static int
|
static int
|
||||||
lxcCreateTty(char *ptmx, int *ttymaster, char **ttyName)
|
lxcCreateTty(virLXCControllerPtr ctrl, int *ttymaster,
|
||||||
|
char **ttyName, char **ttyHostPath)
|
||||||
{
|
{
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
int ptyno;
|
int ptyno;
|
||||||
int unlock = 0;
|
int unlock = 0;
|
||||||
|
|
||||||
if ((*ttymaster = open(ptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
|
if ((*ttymaster = open(ctrl->devptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
if (ioctl(*ttymaster, TIOCSPTLCK, &unlock) < 0)
|
if (ioctl(*ttymaster, TIOCSPTLCK, &unlock) < 0)
|
||||||
@ -1404,7 +1426,9 @@ lxcCreateTty(char *ptmx, int *ttymaster, char **ttyName)
|
|||||||
* while glibc has to fstat(), fchmod(), and fchown() for older
|
* while glibc has to fstat(), fchmod(), and fchown() for older
|
||||||
* kernels, we can skip those steps. ptyno shouldn't currently be
|
* kernels, we can skip those steps. ptyno shouldn't currently be
|
||||||
* anything other than 0, but let's play it safe. */
|
* anything other than 0, but let's play it safe. */
|
||||||
if (virAsprintf(ttyName, "/dev/pts/%d", ptyno) < 0) {
|
if ((virAsprintf(ttyName, "/dev/pts/%d", ptyno) < 0) ||
|
||||||
|
(virAsprintf(ttyHostPath, "/%s/%s.devpts/%d", LXC_STATE_DIR,
|
||||||
|
ctrl->def->name, ptyno) < 0)) {
|
||||||
virReportOOMError();
|
virReportOOMError();
|
||||||
errno = ENOMEM;
|
errno = ENOMEM;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -1538,18 +1562,30 @@ virLXCControllerSetupConsoles(virLXCControllerPtr ctrl,
|
|||||||
char **containerTTYPaths)
|
char **containerTTYPaths)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
|
int ret = -1;
|
||||||
|
char *ttyHostPath = NULL;
|
||||||
|
|
||||||
for (i = 0; i < ctrl->nconsoles; i++) {
|
for (i = 0; i < ctrl->nconsoles; i++) {
|
||||||
VIR_DEBUG("Opening tty on private %s", ctrl->devptmx);
|
VIR_DEBUG("Opening tty on private %s", ctrl->devptmx);
|
||||||
if (lxcCreateTty(ctrl->devptmx,
|
if (lxcCreateTty(ctrl,
|
||||||
&ctrl->consoles[i].contFd,
|
&ctrl->consoles[i].contFd,
|
||||||
&containerTTYPaths[i]) < 0) {
|
&containerTTYPaths[i], &ttyHostPath) < 0) {
|
||||||
virReportSystemError(errno, "%s",
|
virReportSystemError(errno, "%s",
|
||||||
_("Failed to allocate tty"));
|
_("Failed to allocate tty"));
|
||||||
return -1;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Change the owner of tty device to the root user of container */
|
||||||
|
if (virLXCControllerChown(ctrl, ttyHostPath) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
VIR_FREE(ttyHostPath);
|
||||||
}
|
}
|
||||||
return 0;
|
|
||||||
|
ret = 0;
|
||||||
|
cleanup:
|
||||||
|
VIR_FREE(ttyHostPath);
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user