diff options
| author | Nicolas Lacasse <nlacasse@google.com> | 2018-09-27 18:15:07 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-09-27 18:17:38 -0700 |
| commit | b709d239870143102cf4e44b65cc26cea78a6ccb (patch) | |
| tree | 085090abbc7401b5d2354d0b89aa99d2c63ef6d6 | |
| parent | 491faac03b2815ca1bc9b5425c1b3f6291468e20 (diff) | |
Forward ioctl(TCSETSF) calls on host ttys to the host kernel.
We already forward TCSETS and TCSETSW. TCSETSF is roughly equivalent but
discards pending input.
The filters were relaxed to allow host ioctls with TCSETSF argument.
This fixes programs like "passwd" that prevent user input from being displayed
on the terminal.
Before:
root@b8a0240fc836:/# passwd
Enter new UNIX password: 123
Retype new UNIX password: 123
passwd: password updated successfully
After:
root@ae6f5dabe402:/# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
PiperOrigin-RevId: 214869788
Change-Id: I31b4d1373c1388f7b51d0f2f45ce40aa8e8b0b58
| -rw-r--r-- | pkg/abi/linux/ioctl.go | 1 | ||||
| -rw-r--r-- | pkg/sentry/fs/host/file.go | 2 | ||||
| -rw-r--r-- | runsc/boot/filter/config.go | 5 |
3 files changed, 7 insertions, 1 deletions
diff --git a/pkg/abi/linux/ioctl.go b/pkg/abi/linux/ioctl.go index 4d7a2dfd7..1c9dc7b03 100644 --- a/pkg/abi/linux/ioctl.go +++ b/pkg/abi/linux/ioctl.go @@ -21,6 +21,7 @@ const ( TCGETS = 0x00005401 TCSETS = 0x00005402 TCSETSW = 0x00005403 + TCSETSF = 0x00005404 TIOCGPGRP = 0x0000540f TIOCSPGRP = 0x00005410 TIOCOUTQ = 0x00005411 diff --git a/pkg/sentry/fs/host/file.go b/pkg/sentry/fs/host/file.go index 8d2463c78..6f469b5cc 100644 --- a/pkg/sentry/fs/host/file.go +++ b/pkg/sentry/fs/host/file.go @@ -305,7 +305,7 @@ func (f *fileOperations) Ioctl(ctx context.Context, io usermem.IO, args arch.Sys }) return 0, err - case linux.TCSETS, linux.TCSETSW: + case linux.TCSETS, linux.TCSETSW, linux.TCSETSF: var termios linux.Termios if _, err := usermem.CopyObjectIn(ctx, io, args[2].Pointer(), &termios, usermem.IOOpts{ AddressSpaceActive: true, diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 0bcc640d5..352c64253 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -149,6 +149,11 @@ var allowedSyscalls = seccomp.SyscallRules{ }, { seccomp.AllowAny{}, /* fd */ + seccomp.AllowValue(linux.TCSETSF), + seccomp.AllowAny{}, /* termios struct */ + }, + { + seccomp.AllowAny{}, /* fd */ seccomp.AllowValue(linux.TCSETSW), seccomp.AllowAny{}, /* termios struct */ }, |