runsc: Terminal support for "docker exec -ti".

This CL adds terminal support for "docker exec".  We previously only supported
consoles for the container process, but not exec processes.

The SYS_IOCTL syscall was added to the default seccomp filter list, but only
for ioctls that get/set winsize and termios structs. We need to allow these
ioctl for all containers because it's possible to run "exec -ti" on a
container that was started without an attached console, after the filters
have been installed.

Note that control-character signals are still not properly supported.

Tested with:
	$ docker run --runtime=runsc -it alpine
In another terminial:
	$ docker exec -it <containerid> /bin/sh

PiperOrigin-RevId: 210185456
Change-Id: I6d2401e53a7697bb988c120a8961505c335f96d9

2 files changed, 13 insertions, 1 deletions

diff --git a/pkg/abi/linux/ioctl.go b/pkg/abi/linux/ioctl.go
index 3ef046562..4d7a2dfd7 100644
--- a/pkg/abi/linux/ioctl.go
+++ b/pkg/abi/linux/ioctl.go
@@ -21,8 +21,12 @@ const (
 	TCGETS     = 0x00005401
 	TCSETS     = 0x00005402
 	TCSETSW    = 0x00005403
-	TIOCINQ    = 0x0000541b
+	TIOCGPGRP  = 0x0000540f
+	TIOCSPGRP  = 0x00005410
 	TIOCOUTQ   = 0x00005411
+	TIOCGWINSZ = 0x00005413
+	TIOCSWINSZ = 0x00005414
+	TIOCINQ    = 0x0000541b
 	FIONREAD   = TIOCINQ
 	FIONBIO    = 0x00005421
 	TIOCGPTN   = 0x80045430
diff --git a/pkg/abi/linux/tty.go b/pkg/abi/linux/tty.go
index 8c611d22a..81156867c 100644
--- a/pkg/abi/linux/tty.go
+++ b/pkg/abi/linux/tty.go
@@ -26,6 +26,14 @@ const (
 	disabledChar = 0
 )
 
+// Winsize is struct winsize, defined in uapi/asm-generic/termios.h.
+type Winsize struct {
+	Row    uint16
+	Col    uint16
+	Xpixel uint16
+	Ypixel uint16
+}
+
 // Termios is struct termios, defined in uapi/asm-generic/termbits.h.
 type Termios struct {
 	InputFlags        uint32