Create nspawn console tty in the child#12758
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
fbuihuu
force-pushed
the
nspawn-console-tty
branch
2 times, most recently
from
73fc5ad to
65f5747
Compare
keszybz
left a comment
keszybz
left a comment
There was a problem hiding this comment.
Looks very nice. I'll leave it open for a bit though to let other people review if they wish to.
|
|
||
| if (do_chmod) | ||
| if (chmod(fd_path, mode & 07777) < 0) | ||
| if (fchmod_opath(fd, mode & 07777) < 0) |
There was a problem hiding this comment.
Instead of doing the xsprintf once, now we'll do it twice (sometimes). The compiler might be able to optimize it away, because chmod takes a const*. OK, seems reasonable to do this like this.
fbuihuu
force-pushed
the
nspawn-console-tty
branch
from
65f5747 to
a8b088c
Compare
|
Thanks for the review @keszybz, I addressed your comment and force pushed a new version. |
|
Hmm, https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/#executionenvironment says
So those docs would need adjusting. |
|
Indeed although bind mounting a tty is still a possible solution for setting up /dev/console. Maybe a more generic wording would be better, something like "make some suitable TTY available through /dev/console" ? |
poettering
left a comment
poettering
left a comment
There was a problem hiding this comment.
looks pretty good, some comments though
src/basic/terminal-util.c
Outdated
| if (unlockpt(fd) < 0) | ||
| return -errno; | ||
|
|
||
| *master = TAKE_FD(fd); |
There was a problem hiding this comment.
why not just return this directly? i.e. do return TAKE_FD(fd); here? no need for the additional return param
src/basic/terminal-util.c
Outdated
| } | ||
|
|
||
| int ptsname_namespace(int pty, char **ret) { | ||
| int openpt_allocate(int flags, int *master, char **console) { |
There was a problem hiding this comment.
why call the return param console here? that name mostly makes sense in the nspawn usecase, but i figure this one should be generic, hence maybe ret_slave?
src/basic/terminal-util.c
Outdated
|
|
||
| int openpt_in_namespace(pid_t pid, int flags) { | ||
| _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, usernsfd = -1, rootfd = -1; | ||
| int openpt_allocate_in_namespace(pid_t pid, int flags, int *master, char **console) { |
There was a problem hiding this comment.
why return the fd as parameter instead of as return value like before?
also, as above, console → ret_slave?
src/machine/machine.c
Outdated
| } | ||
|
|
||
| int machine_openpt(Machine *m, int flags) { | ||
| int machine_openpt(Machine *m, int flags, int *master, char **console) { |
src/nspawn/nspawn.c
Outdated
| static int setup_dev_console(const char *dest, const char *console) { | ||
| _cleanup_umask_ mode_t u; | ||
| const char *to; | ||
| static int setup_stdio(const char *console) { |
There was a problem hiding this comment.
the parameter is always "/dev/console", no? hence should be good to just drop it and use the literal string in this function
poettering
added
the
reviewed/needs-rework 🔨
fstat(2) is fine with O_PATH fds. For changing owership of a file opened with O_PATH, there's fchownat(2). Only changing permissions is problematic but we introduced fchmod_opath() for that purpose.
No functional changes.
The console tty is now allocated from within the container so it's not necessary anymore to allocate it from the host and bind mount the pty slave into the container. The pty master is sent to the host. /dev/console is now a symlink pointing to the pty slave. This might also be less confusing for applications running inside the container and the overall result looks cleaner (we don't need to apply manually the passed selinux context, if any, to the allocated pty for instance).
fbuihuu
force-pushed
the
nspawn-console-tty
branch
from
a8b088c to
31532b5
Compare
|
Thanks for the feedback @poettering , I force pushed a new version addressing your comments. |
fbuihuu
removed
the
reviewed/needs-rework 🔨
|
This pull request introduces 2 alerts when merging 31532b5 into b337d89 - view on LGTM.com new alerts:
|
fbuihuu
force-pushed
the
nspawn-console-tty
branch
from
31532b5 to
7f10988
Compare
Allocating a pty is done in a couple of places so let's introduce a new helper which does the job. Also the new function, as well as openpt_in_namespace(), returns both pty master and slave so the callers don't need to know about the pty slave allocation details. For the same reasons machine_openpt() prototype has also been changed to return both pty master and slave so callers don't need to allocate a pty slave which might be in a different namespace. Finally openpt_in_namespace() has been renamed into openpt_allocate_in_namespace().
fbuihuu
force-pushed
the
nspawn-console-tty
branch
from
7f10988 to
dc98cae
Compare
poettering
added
the
good-to-merge/waiting-for-ci 👍
|
lgtm |
4 participants
No description provided.