summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2019-02-14 15:46:25 -0800
committerShentubot <shentubot@google.com>2019-02-14 15:47:31 -0800
commit0a41ea72c1f70916bdbb68d9fdfa6c438e28b5b2 (patch)
treece2fdd6bb92036481ea2a44fb091b355b9bfae77 /runsc/boot
parentd60ce17a21a28ab32607b195ae42692442322ff8 (diff)
Don't allow writing or reading to TTY unless process group is in foreground.
If a background process tries to read from a TTY, linux sends it a SIGTTIN unless the signal is blocked or ignored, or the process group is an orphan, in which case the syscall returns EIO. See drivers/tty/n_tty.c:n_tty_read()=>job_control(). If a background process tries to write a TTY, set the termios, or set the foreground process group, linux then sends a SIGTTOU. If the signal is ignored or blocked, linux allows the write. If the process group is an orphan, the syscall returns EIO. See drivers/tty/tty_io.c:tty_check_change(). PiperOrigin-RevId: 234044367 Change-Id: I009461352ac4f3f11c5d42c43ac36bb0caa580f9
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/loader.go14
1 files changed, 11 insertions, 3 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 973578484..41f456af7 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -477,9 +477,9 @@ func (l *Loader) run() error {
return err
}
- // Create the root container init task.
- _, _, err := l.k.CreateProcess(l.rootProcArgs)
- if err != nil {
+ // Create the root container init task. It will begin running
+ // when the kernel is started.
+ if _, _, err := l.k.CreateProcess(l.rootProcArgs); err != nil {
return fmt.Errorf("creating init process: %v", err)
}
@@ -492,6 +492,11 @@ func (l *Loader) run() error {
ttyFile := l.rootProcArgs.FDMap.GetFile(0)
defer ttyFile.DecRef()
ep.tty = ttyFile.FileOperations.(*host.TTYFileOperations)
+
+ // Set the foreground process group on the TTY to the global
+ // init process group, since that is what we are about to
+ // start running.
+ ep.tty.InitForegroundProcessGroup(ep.tg.ProcessGroup())
}
// Start signal forwarding only after an init process is created.
@@ -595,10 +600,13 @@ func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config
return fmt.Errorf("setting executable path for %+v: %v", procArgs, err)
}
+ // Create and start the new process.
tg, _, err := l.k.CreateProcess(procArgs)
if err != nil {
return fmt.Errorf("creating process: %v", err)
}
+ l.k.StartProcess(tg)
+
// CreateProcess takes a reference on FDMap if successful.
procArgs.FDMap.DecRef()