|
 |
6b51a25 |
From 1c553ea3cd03017547a25221db79c423c83d1005 Mon Sep 17 00:00:00 2001
|
|
|
6b51a25 |
From: Pino Toscano <ptoscano@redhat.com>
|
|
|
6b51a25 |
Date: Thu, 19 Nov 2015 17:34:11 +0100
|
|
|
6b51a25 |
Subject: [PATCH 1/5] daemon: always provide stdin when running chroot commands
|
|
|
6b51a25 |
(RHBZ#1280029)
|
|
|
6b51a25 |
|
|
|
6b51a25 |
When running commands in the mounted guest (using the "command" API, and
|
|
|
6b51a25 |
APIs based on it), provide the /dev/null from the appliance as open fd
|
|
|
6b51a25 |
for stdin. Commands usually assume stdin is open if they didn't close
|
|
|
6b51a25 |
it explicitly, so this should avoid crashes or misbehavings due to that.
|
|
|
6b51a25 |
|
|
|
6b51a25 |
(cherry picked from commit fd2f175ee79d29df101d353e2f380db27b19553a)
|
|
|
6b51a25 |
---
|
|
|
6b51a25 |
daemon/command.c | 19 +++++++++++++++++--
|
|
|
6b51a25 |
1 file changed, 17 insertions(+), 2 deletions(-)
|
|
|
6b51a25 |
|
|
|
6b51a25 |
diff --git a/daemon/command.c b/daemon/command.c
|
|
|
6b51a25 |
index 1593de9..27a4d0c 100644
|
|
|
6b51a25 |
--- a/daemon/command.c
|
|
|
6b51a25 |
+++ b/daemon/command.c
|
|
|
6b51a25 |
@@ -23,6 +23,8 @@
|
|
|
6b51a25 |
#include <stdbool.h>
|
|
|
6b51a25 |
#include <string.h>
|
|
|
6b51a25 |
#include <sys/stat.h>
|
|
|
6b51a25 |
+#include <sys/types.h>
|
|
|
6b51a25 |
+#include <fcntl.h>
|
|
|
6b51a25 |
|
|
|
6b51a25 |
#include "guestfs_protocol.h"
|
|
|
6b51a25 |
#include "daemon.h"
|
|
|
6b51a25 |
@@ -242,7 +244,7 @@ do_command (char *const *argv)
|
|
|
6b51a25 |
{
|
|
|
6b51a25 |
char *out;
|
|
|
6b51a25 |
CLEANUP_FREE char *err = NULL;
|
|
|
6b51a25 |
- int r;
|
|
|
6b51a25 |
+ int r, dev_null_fd, flags;
|
|
|
6b51a25 |
CLEANUP_BIND_STATE struct bind_state bind_state = { .mounted = false };
|
|
|
6b51a25 |
CLEANUP_RESOLVER_STATE struct resolver_state resolver_state =
|
|
|
6b51a25 |
{ .mounted = false };
|
|
|
6b51a25 |
@@ -259,6 +261,17 @@ do_command (char *const *argv)
|
|
|
6b51a25 |
return NULL;
|
|
|
6b51a25 |
}
|
|
|
6b51a25 |
|
|
|
6b51a25 |
+ /* Provide /dev/null as stdin for the command, since we want
|
|
|
6b51a25 |
+ * to make sure processes have an open stdin, and it is not
|
|
|
6b51a25 |
+ * possible to rely on the guest to provide it (Linux guests
|
|
|
6b51a25 |
+ * get /dev dynamically populated at runtime by udev).
|
|
|
6b51a25 |
+ */
|
|
|
6b51a25 |
+ dev_null_fd = open ("/dev/null", O_RDONLY|O_CLOEXEC);
|
|
|
6b51a25 |
+ if (dev_null_fd == -1) {
|
|
|
6b51a25 |
+ reply_with_perror ("/dev/null");
|
|
|
6b51a25 |
+ return NULL;
|
|
|
6b51a25 |
+ }
|
|
|
6b51a25 |
+
|
|
|
6b51a25 |
if (bind_mount (&bind_state) == -1)
|
|
|
6b51a25 |
return NULL;
|
|
|
6b51a25 |
if (enable_network) {
|
|
|
6b51a25 |
@@ -266,8 +279,10 @@ do_command (char *const *argv)
|
|
|
6b51a25 |
return NULL;
|
|
|
6b51a25 |
}
|
|
|
6b51a25 |
|
|
|
6b51a25 |
+ flags = COMMAND_FLAG_CHROOT_COPY_FILE_TO_STDIN | dev_null_fd;
|
|
|
6b51a25 |
+
|
|
|
6b51a25 |
CHROOT_IN;
|
|
|
6b51a25 |
- r = commandv (&out, &err, (const char * const *) argv);
|
|
|
6b51a25 |
+ r = commandvf (&out, &err, flags, (const char * const *) argv);
|
|
|
6b51a25 |
CHROOT_OUT;
|
|
|
6b51a25 |
|
|
|
6b51a25 |
free_bind_state (&bind_state);
|
|
|
6b51a25 |
--
|
|
|
6b51a25 |
2.5.0
|
|
|
6b51a25 |
|