[lxc-devel] [lxc/master] conf: fix devpts mounting when fully unprivileged

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180821/002a5f79/attachment.bin>
-------------- next part --------------
From fb75f789212a5326ecd904f171360d73e57b26a3 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 21 Aug 2018 14:16:09 +0200
Subject: [PATCH] conf: fix devpts mounting when fully unprivileged

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.c | 49 +++++++++++++++++++++++++++----------------------
 1 file changed, 27 insertions(+), 22 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 9ce6689df..894d3981c 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1625,8 +1625,15 @@ static const struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf,
 static int lxc_setup_devpts(struct lxc_conf *conf)
 {
 	int ret;
-	char default_devpts_mntopts[] = "gid=5,newinstance,ptmxmode=0666,mode=0620";
+	char **it;
 	char devpts_mntopts[256];
+	char default_devpts_mntopts[256] = "gid=5,newinstance,ptmxmode=0666,mode=0620";
+	char *mount_options[4] = {
+	    NULL,
+	    NULL,
+	    NULL,
+	    NULL,
+	};
 
 	if (conf->pty_max <= 0) {
 		DEBUG("No new devpts instance will be mounted since no pts "
@@ -1652,29 +1659,27 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
 		return -1;
 	}
 
-	/* mount new devpts instance */
-	ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, devpts_mntopts);
-	if (ret < 0) {
-		/* try mounting without "max" */
-		if (errno == EINVAL) {
-			devpts_mntopts[sizeof(default_devpts_mntopts) - 1] = '\0';
-			ret = mount("devpts", "/dev/pts", "devpts",
-				    MS_NOSUID | MS_NOEXEC, devpts_mntopts);
-			if (ret < 0) {
-				SYSERROR("Failed to mount new devpts instance");
-				return -1;
-			}
-		}
+	/* gid=5 && max= */
+	mount_options[0] = devpts_mntopts;
+	/* !gid=5 && max= */
+	mount_options[1] = devpts_mntopts + sizeof("gid=5");
+	/* gid=5 && !max= */
+	mount_options[2] = default_devpts_mntopts;
+	/* !gid=5 && !max= */
+	mount_options[2] = default_devpts_mntopts + sizeof("gid=5");
 
-		/* try mounting without gid=5 */
-		ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC,
-			    devpts_mntopts + sizeof("gid=5"));
-		if (ret < 0) {
-			SYSERROR("Failed to mount new devpts instance");
-			return -1;
-		}
+	for (ret = -1, it = mount_options; it && *it; it++) {
+		/* mount new devpts instance */
+		ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, *it);
+		if (ret == 0)
+			break;
+	}
+
+	if (ret < 0) {
+		SYSERROR("Failed to mount new devpts instance");
+		return -1;
 	}
-	DEBUG("Mount new devpts instance with options \"%s\"", devpts_mntopts);
+	DEBUG("Mount new devpts instance with options \"%s\"", *it);
 
 	/* Remove any pre-existing /dev/ptmx file. */
 	ret = remove("/dev/ptmx");