Commit Graph

24 Commits

Author SHA1 Message Date
Mrunal Patel 00dc70017d
Merge pull request #1895 from giuseppe/fix-tty-hang
tty: close epollConsole on errors
2018-09-20 10:02:08 -07:00
Giuseppe Scrivano ec0d23a92f
tty: close epollConsole on errors
make sure epollConsole is closed before returning an error.  It solves
a hang when using these commands with a container that uses a
terminal:

runc run foo &
ssh root@localhost runc exec foo echo hello

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2018-09-20 16:51:51 +02:00
Yan Zhu feb90346e0 doc: fix typo
Signed-off-by: Yan Zhu <yanzhu@alauda.io>
2018-09-07 11:58:59 +08:00
Michael Crosby f364c1a58c Set ClearONLCR in tests
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-09-25 13:35:22 -04:00
Daniel Dao 6cfb498d2c
tty: remove remaining usages of docker/pkg/term
This removes usages of docker/pkg/term to set raw terminal, handle interrupt
and restore the terminal, and instead use containerd/console and handle
interrupt ourselves.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-07-28 12:36:32 +01:00
Daniel Dao 91eafcbc65
tty: move IO of master pty to be done with epoll
This moves all console code to use github.com/containerd/console library to
handle console I/O. Also move to use EpollConsole by default when user requests
a terminal so we can still cope when the other side temporarily goes away.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-07-28 12:35:02 +01:00
W. Trevor King 830c0d70df libcontainer/console_linux.go: Make SaneTerminal public
And use it only in local tooling that is forwarding the pseudoterminal
master.  That way runC no longer has an opinion on the onlcr setting
for folks who are creating a terminal and detaching.  They'll use
--console-socket and can setup the pseudoterminal however they like
without runC having an opinion.  With this commit, the only cases
where runC still has applies SaneTerminal is when *it* is the process
consuming the master descriptor.

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-06-07 21:32:41 -07:00
Michael Crosby 00a0ecf554 Add separate console socket
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-03-16 10:23:59 -07:00
Michael Crosby eebdb644f9 Don't fchown when inheriting io
This is a fix for rootless containers and general io handling.  The
higher level systems must preparte the IO for the container in the
detach case and make sure it is setup correctly for the container's
process.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-03-02 10:06:10 -08:00
Mrunal Patel 84a3bd250c Simplify error handling on function return
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-06 15:57:31 -08:00
Aleksa Sarai 7df64f8886
runc: implement --console-socket
This allows for higher-level orchestrators to be able to have access to
the master pty file descriptor without keeping the runC process running.
This is key to having (detach && createTTY) with a _real_ pty created
inside the container, which is then sent to a higher level orchestrator
over an AF_UNIX socket.

This patch is part of the console rewrite patchset.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-12-01 15:49:36 +11:00
Aleksa Sarai 244c9fc426
*: console rewrite
This implements {createTTY, detach} and all of the combinations and
negations of the two that were previously implemented. There are some
valid questions about out-of-OCI-scope topics like !createTTY and how
things should be handled (why do we dup the current stdio to the
process, and how is that not a security issue). However, these will be
dealt with in a separate patchset.

In order to allow for late console setup, split setupRootfs into the
"preparation" section where all of the mounts are created and the
"finalize" section where we pivot_root and set things as ro. In between
the two we can set up all of the console mountpoints and symlinks we
need.

We use two-stage synchronisation to ensures that when the syscalls are
reordered in a suboptimal way, an out-of-place read() on the parentPipe
will not gobble the ancilliary information.

This patch is part of the console rewrite patchset.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-12-01 15:49:36 +11:00
Aleksa Sarai 1a913c7b89 *: correctly chown() consoles
In user namespaces, we need to make sure we don't chown() the console to
unmapped users. This means we need to get both the UID and GID of the
root user in the container when changing the owner.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-05-22 22:37:13 +10:00
Jessica Frazelle 2c5b10189c
remove deadcode
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-03-17 13:36:28 -07:00
Michael Crosby 8d0a05b8dd Wait for pipes to write all data before exit
Add a waitgroup to wait for the io.Copy of stdout/err to finish before
existing runc.  The problem happens more in exec because it is really
fast and the pipe has data buffered but not yet read after the process
has already exited.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-26 12:14:47 -08:00
Michael Crosby fbc74c0eba Add detach and pid-file to restore
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-05 11:56:21 -08:00
Michael Crosby 4c4c9b85b7 Add --console to specify path to use from runc
This flag allows systems that are running runc to allocate tty's that
they own and provide to the container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-01-07 15:01:36 -08:00
Michael Crosby 29b139f702 Move STDIO initialization to libcontainer.Process
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-12-10 16:11:49 -08:00
Michael Crosby 4a91d2c6e7 Fix STDIO ownership for non-tty processes
When we are using user namespaces we need to make sure that when we do
not have a TTY we change the ownership of the pipe()'s used for the
process to the root user within the container so that when you call
open() on any of the /proc/self/fd/*'s you do not get an EPERM.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-09-18 11:35:23 -07:00
Lai Jiangshan 29ced936a6 richer information error message for terminal
When we use ```cat | runc``` or ```runc /dev/stdin < config.json```,
it will fail and output ```FATA[0000] Container start failed: inappropriate ioctl for device```.
It is hard for the users to find out the reason from the message:
the config.json enables the terminal but the user redirect the stdin
to an non-terminal file.

After this patch, the output will be
```FATA[0000] Container start failed: Failed to set the terminal from the stdin: inappropriate ioctl for device```
So the user can disable the terminal in the config.json.

See the #202

Cc: W. Trevor King <wking@tremily.us> (@wking)
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
2015-08-20 08:25:40 +08:00
Jin-Hwan Jeong 094a83b25e in signals.go: depeding -> depending
in tty.go: pty -> tty

Signed-off-by: Jin-Hwan Jeong <jhjeong.kr@gmail.com>
2015-07-15 10:11:24 +09:00
Marianna 5aa82c950d Enable build on unsupported platforms
Should compile now without errors but changes needed to be added for each system so it actually works.
main_unsupported.go is a new file with all the unsupported commands
Fixes #9

Signed-off-by: Marianna <mtesselh@gmail.com>
2015-06-29 17:03:44 -07:00
Zefan Li cbf3d12cb3 Remove nsinit from comments
Signed-off-by: Zefan Li <lizefan@huawei.com>
2015-06-24 11:29:50 +08:00
Michael Crosby 9fac183294 Initial commit of runc binary
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:34:13 -07:00