]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/terminal.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #3059 from brauner/2019-06-21/seccomp_notify
[mirror_lxc.git] / src / lxc / terminal.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #ifndef _GNU_SOURCE
25 #define _GNU_SOURCE 1
26 #endif
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <lxc/lxccontainer.h>
30 #include <pthread.h>
31 #include <signal.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <sys/epoll.h>
35 #include <sys/types.h>
36 #include <termios.h>
37 #include <unistd.h>
38
39 #include "af_unix.h"
40 #include "caps.h"
41 #include "commands.h"
42 #include "conf.h"
43 #include "config.h"
44 #include "log.h"
45 #include "lxclock.h"
46 #include "mainloop.h"
47 #include "memory_utils.h"
48 #include "start.h"
49 #include "syscall_wrappers.h"
50 #include "terminal.h"
51 #include "utils.h"
52
53 #if HAVE_PTY_H
54 #include <pty.h>
55 #else
56 #include <../include/openpty.h>
57 #endif
58
59 #define LXC_TERMINAL_BUFFER_SIZE 1024
60
61 lxc_log_define(terminal, lxc);
62
63 void lxc_terminal_winsz(int srcfd, int dstfd)
64 {
65 int ret;
66 struct winsize wsz;
67
68 if (!isatty(srcfd))
69 return;
70
71 ret = ioctl(srcfd, TIOCGWINSZ, &wsz);
72 if (ret < 0) {
73 WARN("Failed to get window size");
74 return;
75 }
76
77 ret = ioctl(dstfd, TIOCSWINSZ, &wsz);
78 if (ret < 0)
79 WARN("Failed to set window size");
80 else
81 DEBUG("Set window size to %d columns and %d rows", wsz.ws_col,
82 wsz.ws_row);
83
84 return;
85 }
86
87 static void lxc_terminal_winch(struct lxc_terminal_state *ts)
88 {
89 lxc_terminal_winsz(ts->stdinfd, ts->masterfd);
90 }
91
92 int lxc_terminal_signalfd_cb(int fd, uint32_t events, void *cbdata,
93 struct lxc_epoll_descr *descr)
94 {
95 ssize_t ret;
96 struct signalfd_siginfo siginfo;
97 struct lxc_terminal_state *ts = cbdata;
98
99 ret = lxc_read_nointr(fd, &siginfo, sizeof(siginfo));
100 if (ret < 0 || (size_t)ret < sizeof(siginfo)) {
101 ERROR("Failed to read signal info");
102 return LXC_MAINLOOP_ERROR;
103 }
104
105 if (siginfo.ssi_signo == SIGTERM) {
106 DEBUG("Received SIGTERM. Detaching from the terminal");
107 return LXC_MAINLOOP_CLOSE;
108 }
109
110 if (siginfo.ssi_signo == SIGWINCH)
111 lxc_terminal_winch(ts);
112
113 return LXC_MAINLOOP_CONTINUE;
114 }
115
116 struct lxc_terminal_state *lxc_terminal_signal_init(int srcfd, int dstfd)
117 {
118 int ret;
119 bool istty = false;
120 sigset_t mask;
121 struct lxc_terminal_state *ts;
122
123 ts = malloc(sizeof(*ts));
124 if (!ts)
125 return NULL;
126
127 memset(ts, 0, sizeof(*ts));
128 ts->stdinfd = srcfd;
129 ts->masterfd = dstfd;
130 ts->sigfd = -1;
131
132 ret = sigemptyset(&mask);
133 if (ret < 0) {
134 SYSERROR("Failed to initialize an empty signal set");
135 goto on_error;
136 }
137
138 istty = (isatty(srcfd) == 1);
139 if (!istty) {
140 INFO("fd %d does not refer to a tty device", srcfd);
141 } else {
142 ret = sigaddset(&mask, SIGWINCH);
143 if (ret < 0)
144 SYSNOTICE("Failed to add SIGWINCH to signal set");
145 }
146
147 /* Exit the mainloop cleanly on SIGTERM. */
148 ret = sigaddset(&mask, SIGTERM);
149 if (ret < 0) {
150 SYSERROR("Failed to add SIGWINCH to signal set");
151 goto on_error;
152 }
153
154 ret = pthread_sigmask(SIG_BLOCK, &mask, &ts->oldmask);
155 if (ret < 0) {
156 WARN("Failed to block signals");
157 goto on_error;
158 }
159
160 ts->sigfd = signalfd(-1, &mask, SFD_CLOEXEC);
161 if (ts->sigfd < 0) {
162 WARN("Failed to create signal fd");
163 (void)pthread_sigmask(SIG_SETMASK, &ts->oldmask, NULL);
164 goto on_error;
165 }
166
167 DEBUG("Created signal fd %d", ts->sigfd);
168 return ts;
169
170 on_error:
171 ERROR("Failed to create signal fd");
172 if (ts->sigfd >= 0) {
173 close(ts->sigfd);
174 ts->sigfd = -1;
175 }
176
177 return ts;
178 }
179
180 void lxc_terminal_signal_fini(struct lxc_terminal_state *ts)
181 {
182 if (ts->sigfd >= 0) {
183 close(ts->sigfd);
184
185 if (pthread_sigmask(SIG_SETMASK, &ts->oldmask, NULL) < 0)
186 SYSWARN("Failed to restore signal mask");
187 }
188
189 free(ts);
190 }
191
192 static int lxc_terminal_truncate_log_file(struct lxc_terminal *terminal)
193 {
194 /* be very certain things are kosher */
195 if (!terminal->log_path || terminal->log_fd < 0)
196 return -EBADF;
197
198 return lxc_unpriv(ftruncate(terminal->log_fd, 0));
199 }
200
201 static int lxc_terminal_rotate_log_file(struct lxc_terminal *terminal)
202 {
203 __do_free char *tmp = NULL;
204 int ret;
205 size_t len;
206
207 if (!terminal->log_path || terminal->log_rotate == 0)
208 return -EOPNOTSUPP;
209
210 /* be very certain things are kosher */
211 if (terminal->log_fd < 0)
212 return -EBADF;
213
214 len = strlen(terminal->log_path) + sizeof(".1");
215 tmp = must_realloc(NULL, len);
216
217 ret = snprintf(tmp, len, "%s.1", terminal->log_path);
218 if (ret < 0 || (size_t)ret >= len)
219 return -EFBIG;
220
221 close(terminal->log_fd);
222 terminal->log_fd = -1;
223 ret = lxc_unpriv(rename(terminal->log_path, tmp));
224 if (ret < 0)
225 return ret;
226
227 return lxc_terminal_create_log_file(terminal);
228 }
229
230 static int lxc_terminal_write_log_file(struct lxc_terminal *terminal, char *buf,
231 int bytes_read)
232 {
233 int ret;
234 struct stat st;
235 int64_t space_left = -1;
236
237 if (terminal->log_fd < 0)
238 return 0;
239
240 /* A log size <= 0 means that there's no limit on the size of the log
241 * file at which point we simply ignore whether the log is supposed to
242 * be rotated or not.
243 */
244 if (terminal->log_size <= 0)
245 return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
246
247 /* Get current size of the log file. */
248 ret = fstat(terminal->log_fd, &st);
249 if (ret < 0) {
250 SYSERROR("Failed to stat the terminal log file descriptor");
251 return -1;
252 }
253
254 /* handle non-regular files */
255 if ((st.st_mode & S_IFMT) != S_IFREG) {
256 /* This isn't a regular file. so rotating the file seems a
257 * dangerous thing to do, size limits are also very
258 * questionable. Let's not risk anything and tell the user that
259 * he's requesting us to do weird stuff.
260 */
261 if (terminal->log_rotate > 0 || terminal->log_size > 0)
262 return -EINVAL;
263
264 /* I mean, sure log wherever you want to. */
265 return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
266 }
267
268 space_left = terminal->log_size - st.st_size;
269
270 /* User doesn't want to rotate the log file and there's no more space
271 * left so simply truncate it.
272 */
273 if (space_left <= 0 && terminal->log_rotate <= 0) {
274 ret = lxc_terminal_truncate_log_file(terminal);
275 if (ret < 0)
276 return ret;
277
278 if (bytes_read <= terminal->log_size)
279 return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
280
281 /* Write as much as we can into the buffer and loose the rest. */
282 return lxc_write_nointr(terminal->log_fd, buf, terminal->log_size);
283 }
284
285 /* There's enough space left. */
286 if (bytes_read <= space_left)
287 return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
288
289 /* There's not enough space left but at least write as much as we can
290 * into the old log file.
291 */
292 ret = lxc_write_nointr(terminal->log_fd, buf, space_left);
293 if (ret < 0)
294 return -1;
295
296 /* Calculate how many bytes we still need to write. */
297 bytes_read -= space_left;
298
299 /* There'd be more to write but we aren't instructed to rotate the log
300 * file so simply return. There's no error on our side here.
301 */
302 if (terminal->log_rotate > 0)
303 ret = lxc_terminal_rotate_log_file(terminal);
304 else
305 ret = lxc_terminal_truncate_log_file(terminal);
306 if (ret < 0)
307 return ret;
308
309 if (terminal->log_size < bytes_read) {
310 /* Well, this is unfortunate because it means that there is more
311 * to write than the user has granted us space. There are
312 * multiple ways to handle this but let's use the simplest one:
313 * write as much as we can, tell the user that there was more
314 * stuff to write and move on.
315 * Note that this scenario shouldn't actually happen with the
316 * standard pty-based terminal that LXC allocates since it will
317 * be switched into raw mode. In raw mode only 1 byte at a time
318 * should be read and written.
319 */
320 WARN("Size of terminal log file is smaller than the bytes to write");
321 ret = lxc_write_nointr(terminal->log_fd, buf, terminal->log_size);
322 if (ret < 0)
323 return -1;
324 bytes_read -= ret;
325 return bytes_read;
326 }
327
328 /* Yay, we made it. */
329 ret = lxc_write_nointr(terminal->log_fd, buf, bytes_read);
330 if (ret < 0)
331 return -1;
332 bytes_read -= ret;
333 return bytes_read;
334 }
335
336 int lxc_terminal_io_cb(int fd, uint32_t events, void *data,
337 struct lxc_epoll_descr *descr)
338 {
339 struct lxc_terminal *terminal = data;
340 char buf[LXC_TERMINAL_BUFFER_SIZE];
341 int r, w, w_log, w_rbuf;
342
343 w = r = lxc_read_nointr(fd, buf, sizeof(buf));
344 if (r <= 0) {
345 INFO("Terminal client on fd %d has exited", fd);
346 lxc_mainloop_del_handler(descr, fd);
347
348 if (fd == terminal->master) {
349 terminal->master = -EBADF;
350 } else if (fd == terminal->peer) {
351 if (terminal->tty_state) {
352 lxc_terminal_signal_fini(terminal->tty_state);
353 terminal->tty_state = NULL;
354 }
355 terminal->peer = -EBADF;
356 } else {
357 ERROR("Handler received unexpected file descriptor");
358 }
359 close(fd);
360
361 return LXC_MAINLOOP_CLOSE;
362 }
363
364 if (fd == terminal->peer)
365 w = lxc_write_nointr(terminal->master, buf, r);
366
367 w_rbuf = w_log = 0;
368 if (fd == terminal->master) {
369 /* write to peer first */
370 if (terminal->peer >= 0)
371 w = lxc_write_nointr(terminal->peer, buf, r);
372
373 /* write to terminal ringbuffer */
374 if (terminal->buffer_size > 0)
375 w_rbuf = lxc_ringbuf_write(&terminal->ringbuf, buf, r);
376
377 /* write to terminal log */
378 if (terminal->log_fd >= 0)
379 w_log = lxc_terminal_write_log_file(terminal, buf, r);
380 }
381
382 if (w != r)
383 WARN("Short write on terminal r:%d != w:%d", r, w);
384
385 if (w_rbuf < 0) {
386 errno = -w_rbuf;
387 SYSTRACE("Failed to write %d bytes to terminal ringbuffer", r);
388 }
389
390 if (w_log < 0)
391 TRACE("Failed to write %d bytes to terminal log", r);
392
393 return LXC_MAINLOOP_CONTINUE;
394 }
395
396 static int lxc_terminal_mainloop_add_peer(struct lxc_terminal *terminal)
397 {
398 int ret;
399
400 if (terminal->peer >= 0) {
401 ret = lxc_mainloop_add_handler(terminal->descr, terminal->peer,
402 lxc_terminal_io_cb, terminal);
403 if (ret < 0) {
404 WARN("Failed to add terminal peer handler to mainloop");
405 return -1;
406 }
407 }
408
409 if (!terminal->tty_state || terminal->tty_state->sigfd < 0)
410 return 0;
411
412 ret = lxc_mainloop_add_handler(terminal->descr, terminal->tty_state->sigfd,
413 lxc_terminal_signalfd_cb, terminal->tty_state);
414 if (ret < 0) {
415 WARN("Failed to add signal handler to mainloop");
416 return -1;
417 }
418
419 return 0;
420 }
421
422 int lxc_terminal_mainloop_add(struct lxc_epoll_descr *descr,
423 struct lxc_terminal *terminal)
424 {
425 int ret;
426
427 if (terminal->master < 0) {
428 INFO("Terminal is not initialized");
429 return 0;
430 }
431
432 ret = lxc_mainloop_add_handler(descr, terminal->master,
433 lxc_terminal_io_cb, terminal);
434 if (ret < 0) {
435 ERROR("Failed to add handler for terminal master fd %d to "
436 "mainloop", terminal->master);
437 return -1;
438 }
439
440 /* We cache the descr so that we can add an fd to it when someone
441 * does attach to it in lxc_terminal_allocate().
442 */
443 terminal->descr = descr;
444
445 return lxc_terminal_mainloop_add_peer(terminal);
446 }
447
448 int lxc_setup_tios(int fd, struct termios *oldtios)
449 {
450 int ret;
451 struct termios newtios;
452
453 if (!isatty(fd)) {
454 ERROR("File descriptor %d does not refert to a terminal", fd);
455 return -1;
456 }
457
458 /* Get current termios. */
459 ret = tcgetattr(fd, oldtios);
460 if (ret < 0) {
461 SYSERROR("Failed to get current terminal settings");
462 return -1;
463 }
464
465 /* ensure we don't end up in an endless loop:
466 * The kernel might fire SIGTTOU while an
467 * ioctl() in tcsetattr() is executed. When the ioctl()
468 * is resumed and retries, the signal handler interrupts it again.
469 */
470 signal (SIGTTIN, SIG_IGN);
471 signal (SIGTTOU, SIG_IGN);
472
473 newtios = *oldtios;
474
475 /* We use the same settings that ssh does. */
476 newtios.c_iflag |= IGNPAR;
477 newtios.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
478 #ifdef IUCLC
479 newtios.c_iflag &= ~IUCLC;
480 #endif
481 newtios.c_lflag &= ~(TOSTOP | ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL);
482 #ifdef IEXTEN
483 newtios.c_lflag &= ~IEXTEN;
484 #endif
485 newtios.c_oflag &= ~ONLCR;
486 newtios.c_oflag |= OPOST;
487 newtios.c_cc[VMIN] = 1;
488 newtios.c_cc[VTIME] = 0;
489
490 /* Set new attributes. */
491 ret = tcsetattr(fd, TCSAFLUSH, &newtios);
492 if (ret < 0) {
493 ERROR("Failed to set new terminal settings");
494 return -1;
495 }
496
497 return 0;
498 }
499
500 static void lxc_terminal_peer_proxy_free(struct lxc_terminal *terminal)
501 {
502 if (terminal->tty_state) {
503 lxc_terminal_signal_fini(terminal->tty_state);
504 terminal->tty_state = NULL;
505 }
506
507 close(terminal->proxy.master);
508 terminal->proxy.master = -1;
509
510 close(terminal->proxy.slave);
511 terminal->proxy.slave = -1;
512
513 terminal->proxy.busy = -1;
514
515 terminal->proxy.name[0] = '\0';
516
517 terminal->peer = -1;
518 }
519
520 static int lxc_terminal_peer_proxy_alloc(struct lxc_terminal *terminal,
521 int sockfd)
522 {
523 int ret;
524 struct termios oldtermio;
525 struct lxc_terminal_state *ts;
526
527 if (terminal->master < 0) {
528 ERROR("Terminal not set up");
529 return -1;
530 }
531
532 if (terminal->proxy.busy != -1 || terminal->peer != -1) {
533 NOTICE("Terminal already in use");
534 return -1;
535 }
536
537 if (terminal->tty_state) {
538 ERROR("Terminal has already been initialized");
539 return -1;
540 }
541
542 /* This is the proxy terminal that will be given to the client, and
543 * that the real terminal master will send to / recv from.
544 */
545 ret = openpty(&terminal->proxy.master, &terminal->proxy.slave, NULL,
546 NULL, NULL);
547 if (ret < 0) {
548 SYSERROR("Failed to open proxy terminal");
549 return -1;
550 }
551
552 ret = ttyname_r(terminal->proxy.slave, terminal->proxy.name,
553 sizeof(terminal->proxy.name));
554 if (ret < 0) {
555 SYSERROR("Failed to retrieve name of proxy terminal slave");
556 goto on_error;
557 }
558
559 ret = fd_cloexec(terminal->proxy.master, true);
560 if (ret < 0) {
561 SYSERROR("Failed to set FD_CLOEXEC flag on proxy terminal master");
562 goto on_error;
563 }
564
565 ret = fd_cloexec(terminal->proxy.slave, true);
566 if (ret < 0) {
567 SYSERROR("Failed to set FD_CLOEXEC flag on proxy terminal slave");
568 goto on_error;
569 }
570
571 ret = lxc_setup_tios(terminal->proxy.slave, &oldtermio);
572 if (ret < 0)
573 goto on_error;
574
575 ts = lxc_terminal_signal_init(terminal->proxy.master, terminal->master);
576 if (!ts)
577 goto on_error;
578
579 terminal->tty_state = ts;
580 terminal->peer = terminal->proxy.slave;
581 terminal->proxy.busy = sockfd;
582 ret = lxc_terminal_mainloop_add_peer(terminal);
583 if (ret < 0)
584 goto on_error;
585
586 NOTICE("Opened proxy terminal with master fd %d and slave fd %d",
587 terminal->proxy.master, terminal->proxy.slave);
588 return 0;
589
590 on_error:
591 lxc_terminal_peer_proxy_free(terminal);
592 return -1;
593 }
594
595 int lxc_terminal_allocate(struct lxc_conf *conf, int sockfd, int *ttyreq)
596 {
597 int ttynum;
598 int masterfd = -1;
599 struct lxc_tty_info *ttys = &conf->ttys;
600 struct lxc_terminal *terminal = &conf->console;
601
602 if (*ttyreq == 0) {
603 int ret;
604
605 ret = lxc_terminal_peer_proxy_alloc(terminal, sockfd);
606 if (ret < 0)
607 goto out;
608
609 masterfd = terminal->proxy.master;
610 goto out;
611 }
612
613 if (*ttyreq > 0) {
614 if (*ttyreq > ttys->max)
615 goto out;
616
617 if (ttys->tty[*ttyreq - 1].busy)
618 goto out;
619
620 /* The requested tty is available. */
621 ttynum = *ttyreq;
622 goto out_tty;
623 }
624
625 /* Search for next available tty, fixup index tty1 => [0]. */
626 for (ttynum = 1; ttynum <= ttys->max && ttys->tty[ttynum - 1].busy; ttynum++) {
627 ;
628 }
629
630 /* We didn't find any available slot for tty. */
631 if (ttynum > ttys->max)
632 goto out;
633
634 *ttyreq = ttynum;
635
636 out_tty:
637 ttys->tty[ttynum - 1].busy = sockfd;
638 masterfd = ttys->tty[ttynum - 1].master;
639
640 out:
641 return masterfd;
642 }
643
644 void lxc_terminal_free(struct lxc_conf *conf, int fd)
645 {
646 int i;
647 struct lxc_tty_info *ttys = &conf->ttys;
648 struct lxc_terminal *terminal = &conf->console;
649
650 for (i = 0; i < ttys->max; i++)
651 if (ttys->tty[i].busy == fd)
652 ttys->tty[i].busy = 0;
653
654 if (terminal->proxy.busy != fd)
655 return;
656
657 lxc_mainloop_del_handler(terminal->descr, terminal->proxy.slave);
658 lxc_terminal_peer_proxy_free(terminal);
659 }
660
661 static int lxc_terminal_peer_default(struct lxc_terminal *terminal)
662 {
663 struct lxc_terminal_state *ts;
664 const char *path;
665 int ret = 0;
666
667 if (terminal->path)
668 path = terminal->path;
669 else
670 path = "/dev/tty";
671
672 terminal->peer = lxc_unpriv(open(path, O_RDWR | O_CLOEXEC));
673 if (terminal->peer < 0) {
674 if (!terminal->path) {
675 errno = ENODEV;
676 SYSDEBUG("The process does not have a controlling terminal");
677 goto on_succes;
678 }
679
680 SYSERROR("Failed to open proxy terminal \"%s\"", path);
681 return -ENOTTY;
682 }
683 DEBUG("Using terminal \"%s\" as proxy", path);
684
685 if (!isatty(terminal->peer)) {
686 ERROR("File descriptor for \"%s\" does not refer to a terminal", path);
687 goto on_error_free_tios;
688 }
689
690 ts = lxc_terminal_signal_init(terminal->peer, terminal->master);
691 terminal->tty_state = ts;
692 if (!ts) {
693 WARN("Failed to install signal handler");
694 goto on_error_free_tios;
695 }
696
697 lxc_terminal_winsz(terminal->peer, terminal->master);
698
699 terminal->tios = malloc(sizeof(*terminal->tios));
700 if (!terminal->tios)
701 goto on_error_free_tios;
702
703 ret = lxc_setup_tios(terminal->peer, terminal->tios);
704 if (ret < 0)
705 goto on_error_close_peer;
706 else
707 goto on_succes;
708
709 on_error_free_tios:
710 free(terminal->tios);
711 terminal->tios = NULL;
712
713 on_error_close_peer:
714 close(terminal->peer);
715 terminal->peer = -1;
716 ret = -ENOTTY;
717
718 on_succes:
719 return ret;
720 }
721
722 int lxc_terminal_write_ringbuffer(struct lxc_terminal *terminal)
723 {
724 char *r_addr;
725 ssize_t ret;
726 uint64_t used;
727 struct lxc_ringbuf *buf = &terminal->ringbuf;
728
729 /* There's not log file where we can dump the ringbuffer to. */
730 if (terminal->log_fd < 0)
731 return 0;
732
733 used = lxc_ringbuf_used(buf);
734 if (used == 0)
735 return 0;
736
737 ret = lxc_terminal_truncate_log_file(terminal);
738 if (ret < 0)
739 return ret;
740
741 /* Write as much as we can without exceeding the limit. */
742 if (terminal->log_size < used)
743 used = terminal->log_size;
744
745 r_addr = lxc_ringbuf_get_read_addr(buf);
746 ret = lxc_write_nointr(terminal->log_fd, r_addr, used);
747 if (ret < 0)
748 return -EIO;
749
750 return 0;
751 }
752
753 void lxc_terminal_delete(struct lxc_terminal *terminal)
754 {
755 int ret;
756
757 ret = lxc_terminal_write_ringbuffer(terminal);
758 if (ret < 0)
759 WARN("Failed to write terminal log to disk");
760
761 if (terminal->tios && terminal->peer >= 0) {
762 ret = tcsetattr(terminal->peer, TCSAFLUSH, terminal->tios);
763 if (ret < 0)
764 SYSWARN("Failed to set old terminal settings");
765 }
766 free(terminal->tios);
767 terminal->tios = NULL;
768
769 if (terminal->peer >= 0)
770 close(terminal->peer);
771 terminal->peer = -1;
772
773 if (terminal->master >= 0)
774 close(terminal->master);
775 terminal->master = -1;
776
777 if (terminal->slave >= 0)
778 close(terminal->slave);
779 terminal->slave = -1;
780
781 if (terminal->log_fd >= 0)
782 close(terminal->log_fd);
783 terminal->log_fd = -1;
784 }
785
786 /**
787 * Note that this function needs to run before the mainloop starts. Since we
788 * register a handler for the terminal's masterfd when we create the mainloop
789 * the terminal handler needs to see an allocated ringbuffer.
790 */
791 static int lxc_terminal_create_ringbuf(struct lxc_terminal *terminal)
792 {
793 int ret;
794 struct lxc_ringbuf *buf = &terminal->ringbuf;
795 uint64_t size = terminal->buffer_size;
796
797 /* no ringbuffer previously allocated and no ringbuffer requested */
798 if (!buf->addr && size <= 0)
799 return 0;
800
801 /* ringbuffer allocated but no new ringbuffer requested */
802 if (buf->addr && size <= 0) {
803 lxc_ringbuf_release(buf);
804 buf->addr = NULL;
805 buf->r_off = 0;
806 buf->w_off = 0;
807 buf->size = 0;
808 TRACE("Deallocated terminal ringbuffer");
809 return 0;
810 }
811
812 if (size <= 0)
813 return 0;
814
815 /* check wether the requested size for the ringbuffer has changed */
816 if (buf->addr && buf->size != size) {
817 TRACE("Terminal ringbuffer size changed from %" PRIu64
818 " to %" PRIu64 " bytes. Deallocating terminal ringbuffer",
819 buf->size, size);
820 lxc_ringbuf_release(buf);
821 }
822
823 ret = lxc_ringbuf_create(buf, size);
824 if (ret < 0) {
825 ERROR("Failed to setup %" PRIu64 " byte terminal ringbuffer", size);
826 return -1;
827 }
828
829 TRACE("Allocated %" PRIu64 " byte terminal ringbuffer", size);
830 return 0;
831 }
832
833 /**
834 * This is the terminal log file. Please note that the terminal log file is
835 * (implementation wise not content wise) independent of the terminal ringbuffer.
836 */
837 int lxc_terminal_create_log_file(struct lxc_terminal *terminal)
838 {
839 if (!terminal->log_path)
840 return 0;
841
842 terminal->log_fd = lxc_unpriv(open(terminal->log_path, O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0600));
843 if (terminal->log_fd < 0) {
844 SYSERROR("Failed to open terminal log file \"%s\"", terminal->log_path);
845 return -1;
846 }
847
848 DEBUG("Using \"%s\" as terminal log file", terminal->log_path);
849 return 0;
850 }
851
852 int lxc_terminal_create(struct lxc_terminal *terminal)
853 {
854 int ret;
855
856 ret = openpty(&terminal->master, &terminal->slave, NULL, NULL, NULL);
857 if (ret < 0) {
858 SYSERROR("Failed to open terminal");
859 return -1;
860 }
861
862 ret = ttyname_r(terminal->slave, terminal->name, sizeof(terminal->name));
863 if (ret < 0) {
864 SYSERROR("Failed to retrieve name of terminal slave");
865 goto err;
866 }
867
868 ret = fd_cloexec(terminal->master, true);
869 if (ret < 0) {
870 SYSERROR("Failed to set FD_CLOEXEC flag on terminal master");
871 goto err;
872 }
873
874 ret = fd_cloexec(terminal->slave, true);
875 if (ret < 0) {
876 SYSERROR("Failed to set FD_CLOEXEC flag on terminal slave");
877 goto err;
878 }
879
880 ret = lxc_terminal_peer_default(terminal);
881 if (ret < 0) {
882 ERROR("Failed to allocate proxy terminal");
883 goto err;
884 }
885
886 return 0;
887
888 err:
889 lxc_terminal_delete(terminal);
890 return -ENODEV;
891 }
892
893 int lxc_terminal_setup(struct lxc_conf *conf)
894 {
895 int ret;
896 struct lxc_terminal *terminal = &conf->console;
897
898 if (terminal->path && strcmp(terminal->path, "none") == 0) {
899 INFO("No terminal requested");
900 return 0;
901 }
902
903 ret = lxc_terminal_create(terminal);
904 if (ret < 0)
905 return -1;
906
907 ret = lxc_terminal_create_log_file(terminal);
908 if (ret < 0)
909 goto err;
910
911 ret = lxc_terminal_create_ringbuf(terminal);
912 if (ret < 0)
913 goto err;
914
915 return 0;
916
917 err:
918 lxc_terminal_delete(terminal);
919 return -ENODEV;
920 }
921
922 static bool __terminal_dup2(int duplicate, int original)
923 {
924 int ret;
925
926 if (!isatty(original))
927 return true;
928
929 ret = dup2(duplicate, original);
930 if (ret < 0) {
931 SYSERROR("Failed to dup2(%d, %d)", duplicate, original);
932 return false;
933 }
934
935 return true;
936 }
937
938 int lxc_terminal_set_stdfds(int fd)
939 {
940 int i;
941
942 if (fd < 0)
943 return 0;
944
945 for (i = 0; i < 3; i++)
946 if (!__terminal_dup2(fd, (int[]){STDIN_FILENO, STDOUT_FILENO,
947 STDERR_FILENO}[i]))
948 return -1;
949
950 return 0;
951 }
952
953 int lxc_terminal_stdin_cb(int fd, uint32_t events, void *cbdata,
954 struct lxc_epoll_descr *descr)
955 {
956 int ret;
957 char c;
958 struct lxc_terminal_state *ts = cbdata;
959
960 if (fd != ts->stdinfd)
961 return LXC_MAINLOOP_CLOSE;
962
963 ret = lxc_read_nointr(ts->stdinfd, &c, 1);
964 if (ret <= 0)
965 return LXC_MAINLOOP_CLOSE;
966
967 if (ts->escape >= 1) {
968 /* we want to exit the terminal with Ctrl+a q */
969 if (c == ts->escape && !ts->saw_escape) {
970 ts->saw_escape = 1;
971 return LXC_MAINLOOP_CONTINUE;
972 }
973
974 if (c == 'q' && ts->saw_escape)
975 return LXC_MAINLOOP_CLOSE;
976
977 ts->saw_escape = 0;
978 }
979
980 ret = lxc_write_nointr(ts->masterfd, &c, 1);
981 if (ret <= 0)
982 return LXC_MAINLOOP_CLOSE;
983
984 return LXC_MAINLOOP_CONTINUE;
985 }
986
987 int lxc_terminal_master_cb(int fd, uint32_t events, void *cbdata,
988 struct lxc_epoll_descr *descr)
989 {
990 int r, w;
991 char buf[LXC_TERMINAL_BUFFER_SIZE];
992 struct lxc_terminal_state *ts = cbdata;
993
994 if (fd != ts->masterfd)
995 return LXC_MAINLOOP_CLOSE;
996
997 r = lxc_read_nointr(fd, buf, sizeof(buf));
998 if (r <= 0)
999 return LXC_MAINLOOP_CLOSE;
1000
1001 w = lxc_write_nointr(ts->stdoutfd, buf, r);
1002 if (w <= 0 || w != r)
1003 return LXC_MAINLOOP_CLOSE;
1004
1005 return LXC_MAINLOOP_CONTINUE;
1006 }
1007
1008 int lxc_terminal_getfd(struct lxc_container *c, int *ttynum, int *masterfd)
1009 {
1010 return lxc_cmd_console(c->name, ttynum, masterfd, c->config_path);
1011 }
1012
1013 int lxc_console(struct lxc_container *c, int ttynum,
1014 int stdinfd, int stdoutfd, int stderrfd,
1015 int escape)
1016 {
1017 int masterfd, ret, ttyfd;
1018 struct lxc_epoll_descr descr;
1019 struct termios oldtios;
1020 struct lxc_terminal_state *ts;
1021 int istty = 0;
1022
1023 ttyfd = lxc_cmd_console(c->name, &ttynum, &masterfd, c->config_path);
1024 if (ttyfd < 0)
1025 return -1;
1026
1027 ret = setsid();
1028 if (ret < 0)
1029 TRACE("Process is already group leader");
1030
1031 ts = lxc_terminal_signal_init(stdinfd, masterfd);
1032 if (!ts) {
1033 ret = -1;
1034 goto close_fds;
1035 }
1036 ts->escape = escape;
1037 ts->stdoutfd = stdoutfd;
1038
1039 istty = isatty(stdinfd);
1040 if (istty) {
1041 lxc_terminal_winsz(stdinfd, masterfd);
1042 lxc_terminal_winsz(ts->stdinfd, ts->masterfd);
1043 } else {
1044 INFO("File descriptor %d does not refer to a terminal", stdinfd);
1045 }
1046
1047 ret = lxc_mainloop_open(&descr);
1048 if (ret) {
1049 ERROR("Failed to create mainloop");
1050 goto sigwinch_fini;
1051 }
1052
1053 if (ts->sigfd != -1) {
1054 ret = lxc_mainloop_add_handler(&descr, ts->sigfd,
1055 lxc_terminal_signalfd_cb, ts);
1056 if (ret < 0) {
1057 ERROR("Failed to add signal handler to mainloop");
1058 goto close_mainloop;
1059 }
1060 }
1061
1062 ret = lxc_mainloop_add_handler(&descr, ts->stdinfd,
1063 lxc_terminal_stdin_cb, ts);
1064 if (ret < 0) {
1065 ERROR("Failed to add stdin handler");
1066 goto close_mainloop;
1067 }
1068
1069 ret = lxc_mainloop_add_handler(&descr, ts->masterfd,
1070 lxc_terminal_master_cb, ts);
1071 if (ret < 0) {
1072 ERROR("Failed to add master handler");
1073 goto close_mainloop;
1074 }
1075
1076 if (ts->escape >= 1) {
1077 fprintf(stderr,
1078 "\n"
1079 "Connected to tty %1$d\n"
1080 "Type <Ctrl+%2$c q> to exit the console, "
1081 "<Ctrl+%2$c Ctrl+%2$c> to enter Ctrl+%2$c itself\n",
1082 ttynum, 'a' + escape - 1);
1083 }
1084
1085 if (istty) {
1086 ret = lxc_setup_tios(stdinfd, &oldtios);
1087 if (ret < 0)
1088 goto close_mainloop;
1089 }
1090
1091 ret = lxc_mainloop(&descr, -1);
1092 if (ret < 0) {
1093 ERROR("The mainloop returned an error");
1094 goto restore_tios;
1095 }
1096
1097 ret = 0;
1098
1099 restore_tios:
1100 if (istty) {
1101 istty = tcsetattr(stdinfd, TCSAFLUSH, &oldtios);
1102 if (istty < 0)
1103 SYSWARN("Failed to restore terminal properties");
1104 }
1105
1106 close_mainloop:
1107 lxc_mainloop_close(&descr);
1108
1109 sigwinch_fini:
1110 lxc_terminal_signal_fini(ts);
1111
1112 close_fds:
1113 close(masterfd);
1114 close(ttyfd);
1115
1116 return ret;
1117 }
1118
1119 int lxc_make_controlling_terminal(int fd)
1120 {
1121 int ret;
1122
1123 setsid();
1124
1125 ret = ioctl(fd, TIOCSCTTY, (char *)NULL);
1126 if (ret < 0)
1127 return -1;
1128
1129 return 0;
1130 }
1131
1132 int lxc_terminal_prepare_login(int fd)
1133 {
1134 int ret;
1135
1136 ret = lxc_make_controlling_terminal(fd);
1137 if (ret < 0)
1138 return -1;
1139
1140 ret = lxc_terminal_set_stdfds(fd);
1141 if (ret < 0)
1142 return -1;
1143
1144 if (fd > STDERR_FILENO)
1145 close(fd);
1146
1147 return 0;
1148 }
1149
1150 void lxc_terminal_info_init(struct lxc_terminal_info *terminal)
1151 {
1152 terminal->name[0] = '\0';
1153 terminal->master = -EBADF;
1154 terminal->slave = -EBADF;
1155 terminal->busy = -1;
1156 }
1157
1158 void lxc_terminal_init(struct lxc_terminal *terminal)
1159 {
1160 memset(terminal, 0, sizeof(*terminal));
1161 terminal->slave = -EBADF;
1162 terminal->master = -EBADF;
1163 terminal->peer = -EBADF;
1164 terminal->log_fd = -EBADF;
1165 lxc_terminal_info_init(&terminal->proxy);
1166 }
1167
1168 void lxc_terminal_conf_free(struct lxc_terminal *terminal)
1169 {
1170 free(terminal->log_path);
1171 free(terminal->path);
1172 if (terminal->buffer_size > 0 && terminal->ringbuf.addr)
1173 lxc_ringbuf_release(&terminal->ringbuf);
1174 }
1175
1176 int lxc_terminal_map_ids(struct lxc_conf *c, struct lxc_terminal *terminal)
1177 {
1178 int ret;
1179
1180 if (lxc_list_empty(&c->id_map))
1181 return 0;
1182
1183 if (strcmp(terminal->name, "") == 0)
1184 return 0;
1185
1186 ret = chown_mapped_root(terminal->name, c);
1187 if (ret < 0) {
1188 ERROR("Failed to chown terminal \"%s\"", terminal->name);
1189 return -1;
1190 }
1191
1192 TRACE("Chowned terminal \"%s\"", terminal->name);
1193
1194 return 0;
1195 }
LXC mirror