proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-07 09:26:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

start: log sending and receiving of tty fds

Browse Source 
This is a potentially security sensitive operation and I really want to keep an
eye on *when exactly* this is send. So add more logging on the TRACE() level.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2017-06-01 05:40:59 +02:00
parent ff3381e14a
commit f07fa8df6e
No known key found for this signature in database
GPG Key ID: 7B3C391EFEA93624
2 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/lxc/conf.c
View File

@ -4107,21 +4107,30 @@ static int send_fd(int sock, int fd)
static int send_ttys_to_parent(struct lxc_handler *handler) static int send_ttys_to_parent(struct lxc_handler *handler)
{ {
int i, ret;
struct lxc_conf *conf = handler->conf; struct lxc_conf *conf = handler->conf;
const struct lxc_tty_info *tty_info = &conf->tty_info; const struct lxc_tty_info *tty_info = &conf->tty_info;
int i;
int sock = handler->ttysock[0]; int sock = handler->ttysock[0];
for (i = 0; i < tty_info->nbtty; i++) { for (i = 0; i < tty_info->nbtty; i++) {
struct lxc_pty_info *pty_info = &tty_info->pty_info[i]; struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
if (send_fd(sock, pty_info->slave) < 0) ret = send_fd(sock, pty_info->slave);
goto bad; if (ret >= 0)
send_fd(sock, pty_info->master);
TRACE("sending pty \"%s\" with master fd %d and slave fd %d to "
"parent",
pty_info->name, pty_info->master, pty_info->slave);
close(pty_info->slave); close(pty_info->slave);
pty_info->slave = -1; pty_info->slave = -1;
if (send_fd(sock, pty_info->master) < 0)
goto bad;
close(pty_info->master); close(pty_info->master);
pty_info->master = -1; pty_info->master = -1;
if (ret < 0) {
ERROR("failed to send pty \"%s\" with master fd %d and "
"slave fd %d to parent : %s",
pty_info->name, pty_info->master, pty_info->slave,
strerror(errno));
goto bad;
}
} }
close(handler->ttysock[0]); close(handler->ttysock[0]);

16
src/lxc/start.c
View File

@ -1021,8 +1021,9 @@ static int recv_fd(int sock, int *fd)
static int recv_ttys_from_child(struct lxc_handler *handler) static int recv_ttys_from_child(struct lxc_handler *handler)
{ {
int i, ret;
int sock = handler->ttysock[1];
struct lxc_conf *conf = handler->conf; struct lxc_conf *conf = handler->conf;
int i, sock = handler->ttysock[1];
struct lxc_tty_info *tty_info = &conf->tty_info; struct lxc_tty_info *tty_info = &conf->tty_info;
if (!conf->tty) if (!conf->tty)
@ -1035,11 +1036,18 @@ static int recv_ttys_from_child(struct lxc_handler *handler)
for (i = 0; i < conf->tty; i++) { for (i = 0; i < conf->tty; i++) {
struct lxc_pty_info *pty_info = &tty_info->pty_info[i]; struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
pty_info->busy = 0; pty_info->busy = 0;
if (recv_fd(sock, &pty_info->slave) < 0 || ret = recv_fd(sock, &pty_info->slave);
recv_fd(sock, &pty_info->master) < 0) { if (ret >= 0)
ERROR("Error receiving tty info from child process."); recv_fd(sock, &pty_info->master);
if (ret < 0) {
ERROR("failed to receive pty with master fd %d and "
"slave fd %d from child: %s",
pty_info->master, pty_info->slave,
strerror(errno));
return -1; return -1;
} }
TRACE("received pty with master fd %d and slave fd %d from child",
pty_info->master, pty_info->slave);
} }
tty_info->nbtty = conf->tty; tty_info->nbtty = conf->tty;