opencontainers/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-11-09 13:00:56 +03:00
Code Activity

Don't fchown when inheriting io

Browse Source 
This is a fix for rootless containers and general io handling.  The
higher level systems must preparte the IO for the container in the
detach case and make sure it is setup correctly for the container's
process.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby
2017-03-01 10:12:54 -08:00
parent dcbcdf2470
commit eebdb644f9
2 changed files with 8 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tty.go
View File

@@ -7,7 +7,6 @@ import (
"io" "io"
"os" "os"
"sync" "sync"
"syscall"
"github.com/docker/docker/pkg/term" "github.com/docker/docker/pkg/term"
"github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer"
@@ -28,9 +27,9 @@ func (t *tty) copyIO(w io.Writer, r io.ReadCloser) {
r.Close() r.Close()
} }
// setup standard pipes so that the TTY of the calling runc process // setup pipes for the process so that advanced features like c/r are able to easily checkpoint
// is not inherited by the container. // and restore the process's IO without depending on a host specific path or device
func createStdioPipes(p *libcontainer.Process, rootuid, rootgid int) (*tty, error) { func setupProcessPipes(p *libcontainer.Process, rootuid, rootgid int) (*tty, error) {
i, err := p.InitializeIO(rootuid, rootgid) i, err := p.InitializeIO(rootuid, rootgid)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -62,19 +61,10 @@ func createStdioPipes(p *libcontainer.Process, rootuid, rootgid int) (*tty, erro
return t, nil return t, nil
} }
func dupStdio(process *libcontainer.Process, rootuid, rootgid int) error { func inheritStdio(process *libcontainer.Process) error {
process.Stdin = os.Stdin process.Stdin = os.Stdin
process.Stdout = os.Stdout process.Stdout = os.Stdout
process.Stderr = os.Stderr process.Stderr = os.Stderr
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stdout.Fd(),
os.Stderr.Fd(),
} {
if err := syscall.Fchown(int(fd), rootuid, rootgid); err != nil {
return err
}
}
return nil return nil
} }

12
utils_linux.go
View File

@@ -110,19 +110,15 @@ func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, det
process.Stderr = nil process.Stderr = nil
return &tty{}, nil return &tty{}, nil
} }
// when runc will detach the caller provides the stdio to runc via runc's 0,1,2
// When we detach, we just dup over stdio and call it a day. There's no // and the container's process inherits runc's stdio.
// requirement that we set up anything nice for our caller or the
// container.
if detach { if detach {
if err := dupStdio(process, rootuid, rootgid); err != nil { if err := inheritStdio(process); err != nil {
return nil, err return nil, err
} }
return &tty{}, nil return &tty{}, nil
} }
return setupProcessPipes(process, rootuid, rootgid)
// XXX: This doesn't sit right with me. It's ugly.
return createStdioPipes(process, rootuid, rootgid)
} }
// createPidFile creates a file with the processes pid inside it atomically // createPidFile creates a file with the processes pid inside it atomically