From 104cddbc69578c6fb50ff8543313c54e474473af Mon Sep 17 00:00:00 2001 From: MarcKe Date: Thu, 22 Feb 2024 09:36:44 +0100 Subject: [PATCH 1/2] namespace-sandbox: add devpts mount and ptmx symlink there was an issue with simply mounting /dev/pts and /dev/ptmx from the host to the sandbox enviroment via provideSandbox. the mount of /dev/ptmx was unusable. thus making it impossible to use pseudoterminals. creating a new devpts mount inside the sandbox fixes this issue. --- src/namespace-sandbox/namespace-sandbox.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/namespace-sandbox/namespace-sandbox.c b/src/namespace-sandbox/namespace-sandbox.c index 649ba4586..9c0e2f6d1 100644 --- a/src/namespace-sandbox/namespace-sandbox.c +++ b/src/namespace-sandbox/namespace-sandbox.c @@ -69,6 +69,9 @@ struct Options { const char *host_name; // Host name (-H) }; +// forward declaration +static int CreateTarget(const char *path, bool is_directory); + // Child function used by CheckNamespacesSupported() in call to clone(). static int CheckNamespacesSupportedChild(void *arg) { return 0; } @@ -416,6 +419,11 @@ static void SetupDevices() { CHECK_CALL(mount(devs[i], devs[i] + 1, NULL, MS_BIND, NULL)); } + // devtps mount with ptmx symlink for pseudoterminals + CreateTarget("dev/pts", true); + CHECK_CALL(mount("devpts", "dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, "ptmxmode=0666")); + CHECK_CALL(symlink("pts/ptmx", "dev/ptmx")); + CHECK_CALL(symlink("/proc/self/fd", "dev/fd")); } From 766a8a9a83c6f25e95aaf70b906a997b86048aa1 Mon Sep 17 00:00:00 2001 From: MarcKe Date: Thu, 22 Feb 2024 09:47:35 +0100 Subject: [PATCH 2/2] namespace-sandbox: replace tabs with spaces --- src/namespace-sandbox/namespace-sandbox.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/namespace-sandbox/namespace-sandbox.c b/src/namespace-sandbox/namespace-sandbox.c index 9c0e2f6d1..4cc9700b7 100644 --- a/src/namespace-sandbox/namespace-sandbox.c +++ b/src/namespace-sandbox/namespace-sandbox.c @@ -152,7 +152,7 @@ static void AddMountSource(char *source, struct Options *opt) { // should be mounted in the sandbox in the same path as outside. if (opt->mount_sources[opt->num_mounts] != NULL) { opt->mount_targets[opt->num_mounts] = opt->mount_sources[opt->num_mounts]; - opt->mount_rw[opt->num_mounts] = false; + opt->mount_rw[opt->num_mounts] = false; opt->num_mounts++; } if (source != NULL) { @@ -299,9 +299,9 @@ static void ParseCommandLine(int argc, char *const *argv, struct Options *opt) { if (opt->mount_sources[opt->num_mounts] == NULL) { Usage(argc, argv, "The -m option must be preceded by an -M option."); } - opt->mount_rw[opt->num_mounts] = false; + opt->mount_rw[opt->num_mounts] = false; opt->mount_targets[opt->num_mounts] = optarg; - opt->num_mounts++; + opt->num_mounts++; break; case 'w': if (optarg[0] != '/') { @@ -311,9 +311,9 @@ static void ParseCommandLine(int argc, char *const *argv, struct Options *opt) { if (opt->mount_sources[opt->num_mounts] == NULL) { Usage(argc, argv, "The -w option must be preceded by an -M option."); } - opt->mount_rw[opt->num_mounts] = true; + opt->mount_rw[opt->num_mounts] = true; opt->mount_targets[opt->num_mounts] = optarg; - opt->num_mounts++; + opt->num_mounts++; break; case 'n': opt->create_netns = 1; @@ -542,7 +542,7 @@ static void SetupDirectories(struct Options *opt, uid_t uid) { strcat(user_friendly_mount_target, opt->mount_targets[i]); PRINT_DEBUG("mount: %s -> %s (%s)\n", opt->mount_sources[i], user_friendly_mount_target, - opt->mount_rw[i] ? "rw" : "ro"); + opt->mount_rw[i] ? "rw" : "ro"); free(user_friendly_mount_target); } }