[Bug 1263738] Re: login console 0 in user namespace container is not configured right

Seth Forshee seth.forshee+lp at canonical.com
Wed Jan 15 17:44:57 UTC 2014


The same basic sequence of events happens with and without user
namespaces. init sheds its tty with setsid() but then opens
/dev/console, which as the effect of making /dev/console it's
controlling tty. Later getty also opens /dev/console and tries the
TIOCSCTTY ioctl on the fd. At this point I think the following code in
the kernel handling of that ioctl comes into play:

        if (tty->session) { 
                /* 
                 * This tty is already the controlling 
                 * tty for another session group! 
                 */ 
                if (arg == 1 && capable(CAP_SYS_ADMIN)) { 
                        /* 
                         * Steal it away 
                         */ 
                        read_lock(&tasklist_lock); 
                        session_clear_tty(tty->session); 
                        read_unlock(&tasklist_lock); 
                } else { 
                        ret = -EPERM; 
                        goto unlock; 
                } 
        } 

I.e. getty doesn't have CAP_SYS_ADMIN and thus can't steal the console
from init. I'm not sure what the fix is yet, whether there's something
we can do here which can allow root within a namespace to steal the
console or whether upstart just needs to explicitly shed the console
after opening it.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1263738

Title:
  login console 0 in user namespace container is not configured right

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1263738/+subscriptions



More information about the Ubuntu-server-bugs mailing list