The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2560
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner <[email protected]>
From fb75f789212a5326ecd904f171360d73e57b26a3 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 21 Aug 2018 14:16:09 +0200 Subject: [PATCH] conf: fix devpts mounting when fully unprivileged Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 49 +++++++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 9ce6689df..894d3981c 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1625,8 +1625,15 @@ static const struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, static int lxc_setup_devpts(struct lxc_conf *conf) { int ret; - char default_devpts_mntopts[] = "gid=5,newinstance,ptmxmode=0666,mode=0620"; + char **it; char devpts_mntopts[256]; + char default_devpts_mntopts[256] = "gid=5,newinstance,ptmxmode=0666,mode=0620"; + char *mount_options[4] = { + NULL, + NULL, + NULL, + NULL, + }; if (conf->pty_max <= 0) { DEBUG("No new devpts instance will be mounted since no pts " @@ -1652,29 +1659,27 @@ static int lxc_setup_devpts(struct lxc_conf *conf) return -1; } - /* mount new devpts instance */ - ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, devpts_mntopts); - if (ret < 0) { - /* try mounting without "max" */ - if (errno == EINVAL) { - devpts_mntopts[sizeof(default_devpts_mntopts) - 1] = '\0'; - ret = mount("devpts", "/dev/pts", "devpts", - MS_NOSUID | MS_NOEXEC, devpts_mntopts); - if (ret < 0) { - SYSERROR("Failed to mount new devpts instance"); - return -1; - } - } + /* gid=5 && max= */ + mount_options[0] = devpts_mntopts; + /* !gid=5 && max= */ + mount_options[1] = devpts_mntopts + sizeof("gid=5"); + /* gid=5 && !max= */ + mount_options[2] = default_devpts_mntopts; + /* !gid=5 && !max= */ + mount_options[2] = default_devpts_mntopts + sizeof("gid=5"); - /* try mounting without gid=5 */ - ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, - devpts_mntopts + sizeof("gid=5")); - if (ret < 0) { - SYSERROR("Failed to mount new devpts instance"); - return -1; - } + for (ret = -1, it = mount_options; it && *it; it++) { + /* mount new devpts instance */ + ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, *it); + if (ret == 0) + break; + } + + if (ret < 0) { + SYSERROR("Failed to mount new devpts instance"); + return -1; } - DEBUG("Mount new devpts instance with options \"%s\"", devpts_mntopts); + DEBUG("Mount new devpts instance with options \"%s\"", *it); /* Remove any pre-existing /dev/ptmx file. */ ret = remove("/dev/ptmx");
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
