[pbuilder] 02/06: pbuilder-modules: Use a new /dev/pts instance inside the chroot

Mattia Rizzolo mattia at debian.org
Sun Mar 12 09:12:29 UTC 2017


This is an automated email from the git hooks/post-receive script.

mattia pushed a commit to branch wip/next
in repository pbuilder.

commit 4a4134dd801193408a42b5db13854757644d57ed
Author: James Clarke <jrtc27 at debian.org>
Date:   Mon Mar 6 22:00:50 2017 +0000

    pbuilder-modules: Use a new /dev/pts instance inside the chroot
    
    This allows for better isolation as the build process is no longer able
    to see the host's PTYs, other than the controlling terminal (if there is
    one). By using a new instance, we can also control the permissions of
    /dev/pts/ptmx, ensuring that the build process is always able to create
    new PTYs, even if the host's has the default 000 mode.
    
    Since the mountpoint binary moved from initscripts to util-linux, the
    extra alternative versioned dependencies are needed to ensure that one
    of them provides it. Both jessie and stretch have the providing package
    as (transitively) essential, but we should guard against FrankenDebians.
    
    Closes: #841935
    Thanks: Simon McVittie <smcv at debian.org> for the thorough investigation
    Signed-off-by: Mattia Rizzolo <mattia at debian.org>
---
 debian/control   |  1 +
 pbuilder-modules | 38 +++++++++++++++++++++++++++++++++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index 53e07bb..4c94ad1 100644
--- a/debian/control
+++ b/debian/control
@@ -25,6 +25,7 @@ Multi-Arch: foreign
 Depends:
  debootstrap | cdebootstrap,
  dpkg-dev (>= 1.17.0),
+ util-linux (>= 2.26.2-4) | initscripts (<< 2.88dsf-59.1),
  wget,
  ${misc:Depends},
 Recommends:
diff --git a/pbuilder-modules b/pbuilder-modules
index 18e14b5..00300b8 100644
--- a/pbuilder-modules
+++ b/pbuilder-modules
@@ -276,6 +276,12 @@ function umountproc () {
         umount_one "$SELINUX"
     fi
     if [ "$DEB_BUILD_ARCH_OS" = "linux" ] && [ "$USEDEVPTS" = "yes" ]; then
+        if mountpoint -q "$BUILDPLACE/dev/console"; then
+            umount_one "dev/console"
+        fi
+        if mountpoint -q "$BUILDPLACE/dev/ptmx"; then
+            umount_one "dev/ptmx"
+        fi
         umount_one "dev/pts"
     fi
     if [ "$DEB_BUILD_ARCH_OS" = "kfreebsd" ] || [ "$USEDEVFS" = "yes" ]; then
@@ -383,8 +389,38 @@ function mountproc () {
         TTYGRP=5
         TTYMODE=620
         [ -f /etc/default/devpts ] && . /etc/default/devpts
-        mount -t devpts none "$BUILDPLACE/dev/pts" -onoexec,nosuid,gid=$TTYGRP,mode=$TTYMODE
+        # Even wheezy has CONFIG_DEVPTS_MULTIPLE_INSTANCES=y, so no need to
+        # fall back to the old method with just /dev/ptmx.
+        mount -t devpts devpts "$BUILDPLACE/dev/pts" -o newinstance,noexec,nosuid,gid=$TTYGRP,mode=$TTYMODE,ptmxmode=0666
         mounted[${#mounted[@]}]="$BUILDPLACE/dev/pts"
+
+        # If /dev/ptmx is a symlink, it should be /dev/ptmx -> pts/ptmx
+        # and since ptmxmode is 0666, /dev/pts/ptmx will have mode 0666.
+        # However, if it is not a symlink, then any PTYs created inside the
+        # chroot will not be visible. We could delete /dev/ptmx and replace
+        # it with a symlink, but it's safer just to bind-mount it.
+        # This is based on the recommendations in
+        # Documentation/filesystems/devpts.txt
+        # (linux.git commit 784c4d8b1b1e66f8c45e8b889613f4982f525b2b)
+        if [ ! -L "$BUILDPLACE/dev/ptmx" ]; then
+            log.i "redirecting /dev/ptmx to /dev/pts/ptmx"
+            mount --bind "$BUILDPLACE/dev/pts/ptmx" "$BUILDPLACE/dev/ptmx"
+            mounted[${#mounted[@]}]="$BUILDPLACE/dev/ptmx"
+        fi
+
+        # If there is a controlling TTY, it must be available to the chroot.
+        # The standard practice (at least by lxc and systemd-nspawn) is to
+        # bind-mount it onto /dev/console.
+        if CURRENT_TTY="$(tty)"; then
+            # We need /dev/console to exist to be able to bind-mount onto it.
+            # Might as well make the proper device node rather than a file.
+            if [ ! -e "$BUILDPLACE/dev/console" ]; then
+                log.i "creating /dev/console"
+                mknod -m 600 "$BUILDPLACE/dev/console" c 5 1
+            fi
+            log.i "mounting $CURRENT_TTY over /dev/console"
+            mount --bind "$CURRENT_TTY" "$BUILDPLACE/dev/console"
+        fi
     fi
     if [ -n "$SELINUX" ]; then
         log.i "mounting selinux filesystem"

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pbuilder/pbuilder.git



More information about the Pbuilder-maint mailing list