]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/tools/lxc_attach.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fd: only add valid fd to mainloop
[mirror_lxc.git] / src / lxc / tools / lxc_attach.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2010
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #ifndef _GNU_SOURCE
25 #define _GNU_SOURCE 1
26 #endif
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <sys/ioctl.h>
33 #include <sys/stat.h>
34 #include <sys/types.h>
35 #include <sys/wait.h>
36 #include <termios.h>
37 #include <unistd.h>
38
39 #include <lxc/lxccontainer.h>
40
41 #include "arguments.h"
42 #include "attach.h"
43 #include "caps.h"
44 #include "config.h"
45 #include "confile.h"
46 #include "log.h"
47 #include "rexec.h"
48 #include "utils.h"
49
50 lxc_log_define(lxc_attach, lxc);
51
52 /**
53 * This function will copy any binary that calls liblxc into a memory file and
54 * will use the memfd to rexecute the binary. This is done to prevent attacks
55 * through the /proc/self/exe symlink to corrupt the host binary when host and
56 * container are in the same user namespace or have set up an identity id
57 * mapping: CVE-2019-5736.
58 */
59 #ifdef ENFORCE_MEMFD_REXEC
60 __attribute__((constructor)) static void lxc_attach_rexec(void)
61 {
62 if (!getenv("LXC_MEMFD_REXEC") && lxc_rexec("lxc-attach")) {
63 fprintf(stderr, "Failed to re-execute lxc-attach via memory file descriptor\n");
64 _exit(EXIT_FAILURE);
65 }
66 }
67 #endif
68
69 static int my_parser(struct lxc_arguments *args, int c, char *arg);
70 static int add_to_simple_array(char ***array, ssize_t *capacity, char *value);
71 static bool stdfd_is_pty(void);
72 static int lxc_attach_create_log_file(const char *log_file);
73
74 static int elevated_privileges;
75 static signed long new_personality = -1;
76 static int namespace_flags = -1;
77 static int remount_sys_proc;
78 static lxc_attach_env_policy_t env_policy = LXC_ATTACH_KEEP_ENV;
79 static char **extra_env;
80 static ssize_t extra_env_size;
81 static char **extra_keep;
82 static ssize_t extra_keep_size;
83
84 static const struct option my_longopts[] = {
85 {"elevated-privileges", optional_argument, 0, 'e'},
86 {"arch", required_argument, 0, 'a'},
87 {"namespaces", required_argument, 0, 's'},
88 {"remount-sys-proc", no_argument, 0, 'R'},
89 /* TODO: decide upon short option names */
90 {"clear-env", no_argument, 0, 500},
91 {"keep-env", no_argument, 0, 501},
92 {"keep-var", required_argument, 0, 502},
93 {"set-var", required_argument, 0, 'v'},
94 {"pty-log", required_argument, 0, 'L'},
95 {"rcfile", required_argument, 0, 'f'},
96 {"uid", required_argument, 0, 'u'},
97 {"gid", required_argument, 0, 'g'},
98 LXC_COMMON_OPTIONS
99 };
100
101 static struct lxc_arguments my_args = {
102 .progname = "lxc-attach",
103 .help = "\
104 --name=NAME [-- COMMAND]\n\
105 \n\
106 Execute the specified COMMAND - enter the container NAME\n\
107 \n\
108 Options :\n\
109 -n, --name=NAME NAME of the container\n\
110 -e, --elevated-privileges=PRIVILEGES\n\
111 Use elevated privileges instead of those of the\n\
112 container. If you don't specify privileges to be\n\
113 elevated as OR'd list: CAP, CGROUP and LSM (capabilities,\n\
114 cgroup and restrictions, respectively) then all of them\n\
115 will be elevated.\n\
116 WARNING: This may leak privileges into the container.\n\
117 Use with care.\n\
118 -a, --arch=ARCH Use ARCH for program instead of container's own\n\
119 architecture.\n\
120 -s, --namespaces=FLAGS\n\
121 Don't attach to all the namespaces of the container\n\
122 but just to the following OR'd list of flags:\n\
123 MOUNT, PID, UTSNAME, IPC, USER or NETWORK.\n\
124 WARNING: Using -s implies -e with all privileges\n\
125 elevated, it may therefore leak privileges into the\n\
126 container. Use with care.\n\
127 -R, --remount-sys-proc\n\
128 Remount /sys and /proc if not attaching to the\n\
129 mount namespace when using -s in order to properly\n\
130 reflect the correct namespace context. See the\n\
131 lxc-attach(1) manual page for details.\n\
132 --clear-env Clear all environment variables before attaching.\n\
133 The attached shell/program will start with only\n\
134 container=lxc set.\n\
135 --keep-env Keep all current environment variables. This\n\
136 is the current default behaviour, but is likely to\n\
137 change in the future.\n\
138 -L, --pty-log=FILE\n\
139 Log pty output to FILE\n\
140 -v, --set-var Set an additional variable that is seen by the\n\
141 attached program in the container. May be specified\n\
142 multiple times.\n\
143 --keep-var Keep an additional environment variable. Only\n\
144 applicable if --clear-env is specified. May be used\n\
145 multiple times.\n\
146 -f, --rcfile=FILE\n\
147 Load configuration file FILE\n\
148 -u, --uid=UID Execute COMMAND with UID inside the container\n\
149 -g, --gid=GID Execute COMMAND with GID inside the container\n\
150 ",
151 .options = my_longopts,
152 .parser = my_parser,
153 .checker = NULL,
154 .log_priority = "ERROR",
155 .log_file = "none",
156 };
157
158 static int my_parser(struct lxc_arguments *args, int c, char *arg)
159 {
160 int ret;
161
162 switch (c) {
163 case 'e':
164 ret = lxc_fill_elevated_privileges(arg, &elevated_privileges);
165 if (ret)
166 return -1;
167 break;
168 case 'R': remount_sys_proc = 1; break;
169 case 'a':
170 new_personality = lxc_config_parse_arch(arg);
171 if (new_personality < 0) {
172 ERROR("Invalid architecture specified: %s", arg);
173 return -1;
174 }
175 break;
176 case 's':
177 namespace_flags = 0;
178
179 if (lxc_namespace_2_std_identifiers(arg) < 0)
180 return -1;
181
182 ret = lxc_fill_namespace_flags(arg, &namespace_flags);
183 if (ret)
184 return -1;
185
186 /* -s implies -e */
187 lxc_fill_elevated_privileges(NULL, &elevated_privileges);
188 break;
189 case 500: /* clear-env */
190 env_policy = LXC_ATTACH_CLEAR_ENV;
191 break;
192 case 501: /* keep-env */
193 env_policy = LXC_ATTACH_KEEP_ENV;
194 break;
195 case 502: /* keep-var */
196 ret = add_to_simple_array(&extra_keep, &extra_keep_size, arg);
197 if (ret < 0) {
198 ERROR("Failed to alloc memory");
199 return -1;
200 }
201 break;
202 case 'v':
203 ret = add_to_simple_array(&extra_env, &extra_env_size, arg);
204 if (ret < 0) {
205 ERROR("Failed to alloc memory");
206 return -1;
207 }
208 break;
209 case 'L':
210 args->console_log = arg;
211 break;
212 case 'f':
213 args->rcfile = arg;
214 break;
215 case 'u':
216 if (lxc_safe_uint(arg, &args->uid) < 0)
217 return -1;
218 break;
219 case 'g':
220 if (lxc_safe_uint(arg, &args->gid) < 0)
221 return -1;
222 break;
223 }
224
225 return 0;
226 }
227
228 static int add_to_simple_array(char ***array, ssize_t *capacity, char *value)
229 {
230 ssize_t count = 0;
231
232 if (!array)
233 return -1;
234
235 if (*array)
236 for (; (*array)[count]; count++);
237
238 /* we have to reallocate */
239 if (count >= *capacity - 1) {
240 ssize_t new_capacity = ((count + 1) / 32 + 1) * 32;
241
242 char **new_array = realloc((void*)*array, sizeof(char *) * new_capacity);
243 if (!new_array)
244 return -1;
245
246 memset(&new_array[count], 0, sizeof(char*)*(new_capacity - count));
247
248 *array = new_array;
249 *capacity = new_capacity;
250 }
251
252 if (!(*array))
253 return -1;
254
255 (*array)[count] = value;
256 return 0;
257 }
258
259 static bool stdfd_is_pty(void)
260 {
261 if (isatty(STDIN_FILENO))
262 return true;
263
264 if (isatty(STDOUT_FILENO))
265 return true;
266
267 if (isatty(STDERR_FILENO))
268 return true;
269
270 return false;
271 }
272
273 static int lxc_attach_create_log_file(const char *log_file)
274 {
275 int fd;
276
277 fd = open(log_file, O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0600);
278 if (fd < 0) {
279 ERROR("Failed to open log file \"%s\"", log_file);
280 return -1;
281 }
282
283 return fd;
284 }
285
286 int main(int argc, char *argv[])
287 {
288 int ret = -1;
289 int wexit = 0;
290 struct lxc_log log;
291 pid_t pid;
292 lxc_attach_options_t attach_options = LXC_ATTACH_OPTIONS_DEFAULT;
293 lxc_attach_command_t command = (lxc_attach_command_t){.program = NULL};
294
295 if (lxc_caps_init())
296 exit(EXIT_FAILURE);
297
298 if (lxc_arguments_parse(&my_args, argc, argv))
299 exit(EXIT_FAILURE);
300
301 log.name = my_args.name;
302 log.file = my_args.log_file;
303 log.level = my_args.log_priority;
304 log.prefix = my_args.progname;
305 log.quiet = my_args.quiet;
306 log.lxcpath = my_args.lxcpath[0];
307
308 if (lxc_log_init(&log))
309 exit(EXIT_FAILURE);
310
311 if (geteuid())
312 if (access(my_args.lxcpath[0], O_RDONLY) < 0) {
313 ERROR("You lack access to %s", my_args.lxcpath[0]);
314 exit(EXIT_FAILURE);
315 }
316
317 struct lxc_container *c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
318 if (!c)
319 exit(EXIT_FAILURE);
320
321 if (my_args.rcfile) {
322 c->clear_config(c);
323 if (!c->load_config(c, my_args.rcfile)) {
324 ERROR("Failed to load rcfile");
325 lxc_container_put(c);
326 exit(EXIT_FAILURE);
327 }
328
329 c->configfile = strdup(my_args.rcfile);
330 if (!c->configfile) {
331 ERROR("Out of memory setting new config filename");
332 lxc_container_put(c);
333 exit(EXIT_FAILURE);
334 }
335 }
336
337 if (!c->may_control(c)) {
338 ERROR("Insufficent privileges to control %s", c->name);
339 lxc_container_put(c);
340 exit(EXIT_FAILURE);
341 }
342
343 if (remount_sys_proc)
344 attach_options.attach_flags |= LXC_ATTACH_REMOUNT_PROC_SYS;
345
346 if (elevated_privileges)
347 attach_options.attach_flags &= ~(elevated_privileges);
348
349 if (stdfd_is_pty())
350 attach_options.attach_flags |= LXC_ATTACH_TERMINAL;
351
352 attach_options.namespaces = namespace_flags;
353 attach_options.personality = new_personality;
354 attach_options.env_policy = env_policy;
355 attach_options.extra_env_vars = extra_env;
356 attach_options.extra_keep_env = extra_keep;
357
358 if (my_args.argc > 0) {
359 command.program = my_args.argv[0];
360 command.argv = (char**)my_args.argv;
361 }
362
363 if (my_args.console_log) {
364 attach_options.log_fd = lxc_attach_create_log_file(my_args.console_log);
365 if (attach_options.log_fd < 0)
366 goto out;
367 }
368
369 if (my_args.uid)
370 attach_options.uid = my_args.uid;
371
372 if (my_args.gid)
373 attach_options.gid = my_args.gid;
374
375 if (command.program) {
376 ret = c->attach_run_wait(c, &attach_options, command.program,
377 (const char **)command.argv);
378 if (ret < 0)
379 goto out;
380 } else {
381 ret = c->attach(c, lxc_attach_run_shell, NULL, &attach_options, &pid);
382 if (ret < 0)
383 goto out;
384
385 ret = lxc_wait_for_pid_status(pid);
386 if (ret < 0)
387 goto out;
388 }
389 if (WIFEXITED(ret))
390 wexit = WEXITSTATUS(ret);
391
392 out:
393 lxc_container_put(c);
394 if (ret >= 0)
395 exit(wexit);
396
397 exit(EXIT_FAILURE);
398 }
LXC mirror