From f07fa8df6e2670e04e5f3d9f3a32a5d32f9fc70e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Thu, 1 Jun 2017 05:40:59 +0200 Subject: [PATCH] start: log sending and receiving of tty fds This is a potentially security sensitive operation and I really want to keep an eye on *when exactly* this is send. So add more logging on the TRACE() level. Signed-off-by: Christian Brauner --- src/lxc/conf.c | 19 ++++++++++++++----- src/lxc/start.c | 16 ++++++++++++---- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index fb82303c8..25c0aca25 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -4107,21 +4107,30 @@ static int send_fd(int sock, int fd) static int send_ttys_to_parent(struct lxc_handler *handler) { + int i, ret; struct lxc_conf *conf = handler->conf; const struct lxc_tty_info *tty_info = &conf->tty_info; - int i; int sock = handler->ttysock[0]; for (i = 0; i < tty_info->nbtty; i++) { struct lxc_pty_info *pty_info = &tty_info->pty_info[i]; - if (send_fd(sock, pty_info->slave) < 0) - goto bad; + ret = send_fd(sock, pty_info->slave); + if (ret >= 0) + send_fd(sock, pty_info->master); + TRACE("sending pty \"%s\" with master fd %d and slave fd %d to " + "parent", + pty_info->name, pty_info->master, pty_info->slave); close(pty_info->slave); pty_info->slave = -1; - if (send_fd(sock, pty_info->master) < 0) - goto bad; close(pty_info->master); pty_info->master = -1; + if (ret < 0) { + ERROR("failed to send pty \"%s\" with master fd %d and " + "slave fd %d to parent : %s", + pty_info->name, pty_info->master, pty_info->slave, + strerror(errno)); + goto bad; + } } close(handler->ttysock[0]); diff --git a/src/lxc/start.c b/src/lxc/start.c index f1b3f8e11..36f8b2318 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1021,8 +1021,9 @@ static int recv_fd(int sock, int *fd) static int recv_ttys_from_child(struct lxc_handler *handler) { + int i, ret; + int sock = handler->ttysock[1]; struct lxc_conf *conf = handler->conf; - int i, sock = handler->ttysock[1]; struct lxc_tty_info *tty_info = &conf->tty_info; if (!conf->tty) @@ -1035,11 +1036,18 @@ static int recv_ttys_from_child(struct lxc_handler *handler) for (i = 0; i < conf->tty; i++) { struct lxc_pty_info *pty_info = &tty_info->pty_info[i]; pty_info->busy = 0; - if (recv_fd(sock, &pty_info->slave) < 0 || - recv_fd(sock, &pty_info->master) < 0) { - ERROR("Error receiving tty info from child process."); + ret = recv_fd(sock, &pty_info->slave); + if (ret >= 0) + recv_fd(sock, &pty_info->master); + if (ret < 0) { + ERROR("failed to receive pty with master fd %d and " + "slave fd %d from child: %s", + pty_info->master, pty_info->slave, + strerror(errno)); return -1; } + TRACE("received pty with master fd %d and slave fd %d from child", + pty_info->master, pty_info->slave); } tty_info->nbtty = conf->tty; -- 2.47.3