From 106de2182d34197d76fb68863cd4a102ebac2dbb Mon Sep 17 00:00:00 2001
From: Nicolas Lacasse <nlacasse@google.com>
Date: Fri, 24 Aug 2018 17:42:30 -0700
Subject: runsc: Terminal support for "docker exec -ti".

This CL adds terminal support for "docker exec".  We previously only supported
consoles for the container process, but not exec processes.

The SYS_IOCTL syscall was added to the default seccomp filter list, but only
for ioctls that get/set winsize and termios structs. We need to allow these
ioctl for all containers because it's possible to run "exec -ti" on a
container that was started without an attached console, after the filters
have been installed.

Note that control-character signals are still not properly supported.

Tested with:
	$ docker run --runtime=runsc -it alpine
In another terminial:
	$ docker exec -it <containerid> /bin/sh

PiperOrigin-RevId: 210185456
Change-Id: I6d2401e53a7697bb988c120a8961505c335f96d9
---
 runsc/cmd/BUILD | 1 +
 1 file changed, 1 insertion(+)

(limited to 'runsc/cmd/BUILD')

diff --git a/runsc/cmd/BUILD b/runsc/cmd/BUILD
index c45784749..b9ef4022f 100644
--- a/runsc/cmd/BUILD
+++ b/runsc/cmd/BUILD
@@ -38,6 +38,7 @@ go_library(
         "//pkg/sentry/kernel/auth",
         "//pkg/urpc",
         "//runsc/boot",
+        "//runsc/console",
         "//runsc/container",
         "//runsc/fsgofer",
         "//runsc/specutils",
-- 
cgit v1.2.3