From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 13 Dec 2013 16:50:28 +0000 (+0000)
Subject: Set the 'container_ttys' env variable for LXC consoles
X-Git-Tag: CVE-2013-6436~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=daf08f36b525dc9e0f8469ee29ea9ebfd3aa860e;p=thirdparty%2Flibvirt.git

Set the 'container_ttys' env variable for LXC consoles

Systemd specified that any /dev/pts/NNN device on which it
is expected to spawn a agetty login, should be listed in
the 'container_ttys' env variable. It should just contain
the relative paths, eg 'pts/0' not '/dev/pts/0' and should
be space separated.

http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d97ff7dd71902a5604c2fed8964925d54e09de9

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 6a9f53a7d4..c6bdc8cfdf 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -196,10 +196,33 @@ int lxcContainerHasReboot(void)
  *
  * Returns a virCommandPtr
  */
-static virCommandPtr lxcContainerBuildInitCmd(virDomainDefPtr vmDef)
+static virCommandPtr lxcContainerBuildInitCmd(virDomainDefPtr vmDef,
+                                              char **ttyPaths,
+                                              size_t nttyPaths)
 {
     char uuidstr[VIR_UUID_STRING_BUFLEN];
     virCommandPtr cmd;
+    virBuffer buf = VIR_BUFFER_INITIALIZER;
+    size_t i;
+
+    /* 'container_ptys' must exclude the PTY associated with
+     * the /dev/console device, hence start at 1 not 0
+     */
+    for (i = 1; i < nttyPaths; i++) {
+        if (!STRPREFIX(ttyPaths[i], "/dev/")) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("Expected a /dev path for '%s'"),
+                           ttyPaths[i]);
+            virBufferFreeAndReset(&buf);
+            return NULL;
+        }
+        virBufferAdd(&buf, ttyPaths[i] + 5, -1);
+        virBufferAddChar(&buf, ' ');
+    }
+    virBufferTrim(&buf, NULL, 1);
+
+    if (virBufferError(&buf))
+        return NULL;
 
     virUUIDFormat(vmDef->uuid, uuidstr);
 
@@ -212,11 +235,14 @@ static virCommandPtr lxcContainerBuildInitCmd(virDomainDefPtr vmDef)
     virCommandAddEnvString(cmd, "TERM=linux");
     virCommandAddEnvString(cmd, "container=lxc-libvirt");
     virCommandAddEnvPair(cmd, "container_uuid", uuidstr);
+    if (nttyPaths > 1)
+        virCommandAddEnvPair(cmd, "container_ttys", virBufferCurrentContent(&buf));
     virCommandAddEnvPair(cmd, "LIBVIRT_LXC_UUID", uuidstr);
     virCommandAddEnvPair(cmd, "LIBVIRT_LXC_NAME", vmDef->name);
     if (vmDef->os.cmdline)
         virCommandAddEnvPair(cmd, "LIBVIRT_LXC_CMDLINE", vmDef->os.cmdline);
 
+    virBufferFreeAndReset(&buf);
     return cmd;
 }
 
@@ -1789,7 +1815,9 @@ static int lxcContainerChild(void *data)
     if ((hasReboot = lxcContainerHasReboot()) < 0)
         goto cleanup;
 
-    cmd = lxcContainerBuildInitCmd(vmDef);
+    cmd = lxcContainerBuildInitCmd(vmDef,
+                                   argv->ttyPaths,
+                                   argv->nttyPaths);
     virCommandWriteArgLog(cmd, 1);
 
     if (lxcContainerSetID(vmDef) < 0)