From: Christian Brauner Date: Fri, 21 May 2021 08:06:27 +0000 (+0200) Subject: conf: move file descriptor synchronization with child into single function X-Git-Tag: lxc-5.0.0~165^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=493ae3fe7e660975d8083db4e423e551276de7f8;p=thirdparty%2Flxc.git conf: move file descriptor synchronization with child into single function Signed-off-by: Christian Brauner --- diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 9e3d79a0d..0fc9ddd3c 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1635,7 +1635,7 @@ static const struct id_map *find_mapped_nsid_entry(const struct lxc_conf *conf, return retmap; } -int lxc_setup_devpts_parent(struct lxc_handler *handler) +static int lxc_setup_devpts_parent(struct lxc_handler *handler) { int ret; @@ -4013,6 +4013,71 @@ int lxc_idmapped_mounts_parent(struct lxc_handler *handler) } } +static int lxc_recv_ttys_from_child(struct lxc_handler *handler) +{ + int i; + struct lxc_terminal_info *tty; + int ret = -1; + int sock = handler->data_sock[1]; + struct lxc_conf *conf = handler->conf; + struct lxc_tty_info *ttys = &conf->ttys; + + if (!conf->ttys.max) + return 0; + + ttys->tty = malloc(sizeof(*ttys->tty) * ttys->max); + if (!ttys->tty) + return -1; + + for (i = 0; i < conf->ttys.max; i++) { + int ttyx = -EBADF, ttyy = -EBADF; + + ret = lxc_abstract_unix_recv_two_fds(sock, &ttyx, &ttyy); + if (ret < 0) + break; + + tty = &ttys->tty[i]; + tty->busy = -1; + tty->ptx = ttyx; + tty->pty = ttyy; + TRACE("Received pty with ptx fd %d and pty fd %d from child", tty->ptx, tty->pty); + } + + if (ret < 0) + SYSERROR("Failed to receive %zu ttys from child", ttys->max); + else + TRACE("Received %zu ttys from child", ttys->max); + + return ret; +} + +int lxc_sync_fds_parent(struct lxc_handler *handler) +{ + int ret; + + ret = lxc_seccomp_recv_notifier_fd(&handler->conf->seccomp, handler->data_sock[1]); + if (ret < 0) + return syserror_ret(ret, "Failed to receive seccomp notify fd from child"); + + ret = lxc_setup_devpts_parent(handler); + if (ret < 0) + return syserror_ret(ret, "Failed to receive devpts fd from child"); + + /* Read tty fds allocated by child. */ + ret = lxc_recv_ttys_from_child(handler); + if (ret < 0) + return syserror_ret(ret, "Failed to receive tty info from child process"); + + if (handler->ns_clone_flags & CLONE_NEWNET) { + ret = lxc_network_recv_name_and_ifindex_from_child(handler); + if (ret < 0) + return syserror_ret(ret, "Failed to receive names and ifindices for network devices from child"); + } + + TRACE("Finished syncing file descriptors with child"); + return 0; +} + int lxc_setup(struct lxc_handler *handler) { int ret; diff --git a/src/lxc/conf.h b/src/lxc/conf.h index a185b2023..8702fdcfe 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -582,7 +582,7 @@ static inline int chown_mapped_root(const char *path, const struct lxc_conf *con return userns_exec_mapped_root(path, -EBADF, conf); } -__hidden int lxc_setup_devpts_parent(struct lxc_handler *handler); +__hidden extern int lxc_sync_fds_parent(struct lxc_handler *handler); static inline const char *get_rootfs_mnt(const struct lxc_rootfs *rootfs) { diff --git a/src/lxc/start.c b/src/lxc/start.c index 21e70dce8..e9ff4e266 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1464,44 +1464,6 @@ out_error: return -1; } -static int lxc_recv_ttys_from_child(struct lxc_handler *handler) -{ - int i; - struct lxc_terminal_info *tty; - int ret = -1; - int sock = handler->data_sock[1]; - struct lxc_conf *conf = handler->conf; - struct lxc_tty_info *ttys = &conf->ttys; - - if (!conf->ttys.max) - return 0; - - ttys->tty = malloc(sizeof(*ttys->tty) * ttys->max); - if (!ttys->tty) - return -1; - - for (i = 0; i < conf->ttys.max; i++) { - int ttyx = -EBADF, ttyy = -EBADF; - - ret = lxc_abstract_unix_recv_two_fds(sock, &ttyx, &ttyy); - if (ret < 0) - break; - - tty = &ttys->tty[i]; - tty->busy = -1; - tty->ptx = ttyx; - tty->pty = ttyy; - TRACE("Received pty with ptx fd %d and pty fd %d from child", tty->ptx, tty->pty); - } - - if (ret < 0) - SYSERROR("Failed to receive %zu ttys from child", ttys->max); - else - TRACE("Received %zu ttys from child", ttys->max); - - return ret; -} - int resolve_clone_flags(struct lxc_handler *handler) { int i; @@ -1959,33 +1921,12 @@ static int lxc_spawn(struct lxc_handler *handler) if (!lxc_sync_wake_child(handler, START_SYNC_FDS)) goto out_delete_net; - ret = lxc_seccomp_recv_notifier_fd(&handler->conf->seccomp, data_sock1); + ret = lxc_sync_fds_parent(handler); if (ret < 0) { - SYSERROR("Failed to receive seccomp notify fd from child"); + SYSERROR("Failed to sync file descriptors with child"); goto out_delete_net; } - ret = lxc_setup_devpts_parent(handler); - if (ret < 0) { - SYSERROR("Failed to receive devpts fd from child"); - goto out_delete_net; - } - - /* Read tty fds allocated by child. */ - ret = lxc_recv_ttys_from_child(handler); - if (ret < 0) { - ERROR("Failed to receive tty info from child process"); - goto out_delete_net; - } - - if (handler->ns_clone_flags & CLONE_NEWNET) { - ret = lxc_network_recv_name_and_ifindex_from_child(handler); - if (ret < 0) { - ERROR("Failed to receive names and ifindices for network devices from child"); - goto out_delete_net; - } - } - /* * Tell the child to complete its initialization and wait for it to * exec or return an error. (The child will never return