Skip to content

Commit e4c1fed

Browse files
scubainit: Change ownership of /dev/std* before switching users
Fixes #126
1 parent b086413 commit e4c1fed

File tree

2 files changed

+34
-0
lines changed

2 files changed

+34
-0
lines changed

scubainit/scubainit.c

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -660,6 +660,22 @@ main(int argc, char **argv)
660660
goto fail;
661661
if (add_shadow(ETC_SHADOW, m_user) != 0)
662662
goto fail;
663+
664+
/**
665+
* Change ownership of /dev/std*
666+
* See issue #126
667+
*/
668+
for (int fd = 0; fd <= 2; fd++) {
669+
if (!isatty(fd)) {
670+
verbose("fd %d: is not a TTY; not changing ownership\n", fd);
671+
continue;
672+
}
673+
verbose("fd %d: is a TTY; changing owner to %d:%d\n", fd, m_uid, m_gid);
674+
if (fchown(fd, m_uid, m_gid) != 0) {
675+
errmsg("Failed to fchown(%d, %d, %d): %m\n", fd, m_uid, m_gid);
676+
goto fail;
677+
}
678+
}
663679
}
664680

665681
/* Call pre-su hook */

tests/test_main.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -265,6 +265,24 @@ def test_redirect_stdin(self):
265265

266266
assert_str_equalish(out, test_str)
267267

268+
def test_dev_stdout(self):
269+
"""Verify processes can write to /dev/stdout"""
270+
with open(".scuba.yml", "w") as f:
271+
f.write("image: {}\n".format(DOCKER_IMAGE))
272+
273+
test_str = "Writing to /dev/stdout works"
274+
args = [
275+
#'--verbose',
276+
"/bin/sh",
277+
"-c",
278+
'echo "{}" > /dev/stdout'.format(test_str),
279+
]
280+
281+
# We have to mock tty, otherwise the container will get a pipe and scubainit can't chown that
282+
out, _ = self.run_scuba(args, mock_isatty=True)
283+
284+
assert_str_equalish(out, test_str)
285+
268286
def _test_user(
269287
self,
270288
expected_uid,

0 commit comments

Comments
 (0)