runsc: enable terminals in the sandbox.
runsc now mounts the devpts filesystem, so you get a real terminal using ssh+sshd. PiperOrigin-RevId: 200244830 Change-Id: If577c805ad0138fda13103210fa47178d8ac6605
This commit is contained in:
parent
48335318a2
commit
2dc9cd7bf7
|
@ -35,6 +35,7 @@ go_library(
|
||||||
"//pkg/sentry/fs/ramfs",
|
"//pkg/sentry/fs/ramfs",
|
||||||
"//pkg/sentry/fs/sys",
|
"//pkg/sentry/fs/sys",
|
||||||
"//pkg/sentry/fs/tmpfs",
|
"//pkg/sentry/fs/tmpfs",
|
||||||
|
"//pkg/sentry/fs/tty",
|
||||||
"//pkg/sentry/inet",
|
"//pkg/sentry/inet",
|
||||||
"//pkg/sentry/kernel",
|
"//pkg/sentry/kernel",
|
||||||
"//pkg/sentry/kernel/auth",
|
"//pkg/sentry/kernel/auth",
|
||||||
|
|
|
@ -27,6 +27,7 @@ import (
|
||||||
_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/proc"
|
_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/proc"
|
||||||
_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/sys"
|
_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/sys"
|
||||||
_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/tmpfs"
|
_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/tmpfs"
|
||||||
|
_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/tty"
|
||||||
|
|
||||||
specs "github.com/opencontainers/runtime-spec/specs-go"
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
||||||
"gvisor.googlesource.com/gvisor/pkg/abi/linux"
|
"gvisor.googlesource.com/gvisor/pkg/abi/linux"
|
||||||
|
@ -109,6 +110,14 @@ func configureMounts(ctx context.Context, spec *specs.Spec, conf *Config, mns *f
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Always mount /dev/pts.
|
||||||
|
if err := mountSubmount(ctx, spec, conf, mns, nil, specs.Mount{
|
||||||
|
Type: "devpts",
|
||||||
|
Destination: "/dev/pts",
|
||||||
|
}); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// Mount proc and sys even if the user did not ask for it, as the spec
|
// Mount proc and sys even if the user did not ask for it, as the spec
|
||||||
// says we SHOULD.
|
// says we SHOULD.
|
||||||
if !procMounted {
|
if !procMounted {
|
||||||
|
@ -214,7 +223,7 @@ func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs.
|
||||||
var fsName string
|
var fsName string
|
||||||
var useOverlay bool
|
var useOverlay bool
|
||||||
switch m.Type {
|
switch m.Type {
|
||||||
case "proc", "sysfs", "devtmpfs":
|
case "devpts", "devtmpfs", "proc", "sysfs":
|
||||||
fsName = m.Type
|
fsName = m.Type
|
||||||
case "none":
|
case "none":
|
||||||
fsName = "sysfs"
|
fsName = "sysfs"
|
||||||
|
|
Loading…
Reference in New Issue