scubainit: Change ownership of /dev/std* before switching users

Fixes #126

Author: JonathonReinhart

scubainit/scubainit.c

@@ -660,6 +660,22 @@ main(int argc, char **argv)
             goto fail;
         if (add_shadow(ETC_SHADOW, m_user) != 0)
             goto fail;
+
+        /**
+         * Change ownership of /dev/std*
+         * See issue #126
+         */
+        for (int fd = 0; fd <= 2; fd++) {
+            if (!isatty(fd)) {
+                verbose("fd %d: is not a TTY; not changing ownership\n", fd);
+                continue;
+            }
+            verbose("fd %d: is a TTY; changing owner to %d:%d\n", fd, m_uid, m_gid);
+            if (fchown(fd, m_uid, m_gid) != 0) {
+                errmsg("Failed to fchown(%d, %d, %d): %m\n", fd, m_uid, m_gid);
+                goto fail;
+            }
+        }
     }
 
     /* Call pre-su hook */

tests/test_main.py

@@ -265,6 +265,24 @@ def test_redirect_stdin(self):
 
         assert_str_equalish(out, test_str)
 
+    def test_dev_stdout(self):
+        """Verify processes can write to /dev/stdout"""
+        with open(".scuba.yml", "w") as f:
+            f.write("image: {}\n".format(DOCKER_IMAGE))
+
+        test_str = "Writing to /dev/stdout works"
+        args = [
+            #'--verbose',
+            "/bin/sh",
+            "-c",
+            'echo "{}" > /dev/stdout'.format(test_str),
+        ]
+
+        # We have to mock tty, otherwise the container will get a pipe and scubainit can't chown that
+        out, _ = self.run_scuba(args, mock_isatty=True)
+
+        assert_str_equalish(out, test_str)
+
     def _test_user(
         self,
         expected_uid,