summaryrefslogtreecommitdiffhomepage
path: root/runsc/console
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2018-08-24 17:42:30 -0700
committerShentubot <shentubot@google.com>2018-08-24 17:43:21 -0700
commit106de2182d34197d76fb68863cd4a102ebac2dbb (patch)
tree9f3bce620feedb1c7f757c079157538c33b94a5a /runsc/console
parentc48708a041fcc9749e0162a7708f32e5a3d7e526 (diff)
runsc: Terminal support for "docker exec -ti".
This CL adds terminal support for "docker exec". We previously only supported consoles for the container process, but not exec processes. The SYS_IOCTL syscall was added to the default seccomp filter list, but only for ioctls that get/set winsize and termios structs. We need to allow these ioctl for all containers because it's possible to run "exec -ti" on a container that was started without an attached console, after the filters have been installed. Note that control-character signals are still not properly supported. Tested with: $ docker run --runtime=runsc -it alpine In another terminial: $ docker exec -it <containerid> /bin/sh PiperOrigin-RevId: 210185456 Change-Id: I6d2401e53a7697bb988c120a8961505c335f96d9
Diffstat (limited to 'runsc/console')
-rw-r--r--runsc/console/BUILD16
-rw-r--r--runsc/console/console.go61
2 files changed, 77 insertions, 0 deletions
diff --git a/runsc/console/BUILD b/runsc/console/BUILD
new file mode 100644
index 000000000..fa1a7d430
--- /dev/null
+++ b/runsc/console/BUILD
@@ -0,0 +1,16 @@
+package(licenses = ["notice"]) # Apache 2.0
+
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+ name = "console",
+ srcs = ["console.go"],
+ importpath = "gvisor.googlesource.com/gvisor/runsc/console",
+ visibility = [
+ "//runsc:__subpackages__",
+ ],
+ deps = [
+ "@com_github_kr_pty//:go_default_library",
+ "@org_golang_x_sys//unix:go_default_library",
+ ],
+)
diff --git a/runsc/console/console.go b/runsc/console/console.go
new file mode 100644
index 000000000..2f2745b2b
--- /dev/null
+++ b/runsc/console/console.go
@@ -0,0 +1,61 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package console contains utilities for working with pty consols in runsc.
+package console
+
+import (
+ "fmt"
+ "net"
+ "os"
+
+ "github.com/kr/pty"
+ "golang.org/x/sys/unix"
+)
+
+// NewWithSocket creates pty master/slave pair, sends the master FD over the given
+// socket, and returns the slave.
+func NewWithSocket(socketPath string) (*os.File, error) {
+ // Create a new pty master and slave.
+ ptyMaster, ptySlave, err := pty.Open()
+ if err != nil {
+ return nil, fmt.Errorf("error opening pty: %v", err)
+ }
+ defer ptyMaster.Close()
+
+ // Get a connection to the socket path.
+ conn, err := net.Dial("unix", socketPath)
+ if err != nil {
+ ptySlave.Close()
+ return nil, fmt.Errorf("error dial socket %q: %v", socketPath, err)
+ }
+ uc, ok := conn.(*net.UnixConn)
+ if !ok {
+ ptySlave.Close()
+ return nil, fmt.Errorf("connection is not a UnixConn: %T", conn)
+ }
+ socket, err := uc.File()
+ if err != nil {
+ ptySlave.Close()
+ return nil, fmt.Errorf("error getting file for unix socket %v: %v", uc, err)
+ }
+
+ // Send the master FD over the connection.
+ msg := unix.UnixRights(int(ptyMaster.Fd()))
+ if err := unix.Sendmsg(int(socket.Fd()), []byte("pty-master"), msg, nil, 0); err != nil {
+ ptySlave.Close()
+ return nil, fmt.Errorf("error sending console over unix socket %q: %v", socketPath, err)
+ }
+ return ptySlave, nil
+}