runsc: enable terminals in the sandbox.

runsc now mounts the devpts filesystem, so you get a real terminal using ssh+sshd. PiperOrigin-RevId: 200244830 Change-Id: If577c805ad0138fda13103210fa47178d8ac6605
2018-06-12 11:02:35 -07:00 · 2018-06-12 11:02:35 -07:00 · 2dc9cd7bf7
parent 48335318a2
commit 2dc9cd7bf7
2 changed files with 11 additions and 1 deletions
--- a/runsc/boot/BUILD
+++ b/runsc/boot/BUILD
@ -35,6 +35,7 @@ go_library(
        "//pkg/sentry/fs/ramfs",
        "//pkg/sentry/fs/sys",
        "//pkg/sentry/fs/tmpfs",
+        "//pkg/sentry/fs/tty",
        "//pkg/sentry/inet",
        "//pkg/sentry/kernel",
        "//pkg/sentry/kernel/auth",
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@ -27,6 +27,7 @@ import (
 	_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/proc"
 	_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/sys"
 	_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/tmpfs"
+	_ "gvisor.googlesource.com/gvisor/pkg/sentry/fs/tty"

 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
@ -109,6 +110,14 @@ func configureMounts(ctx context.Context, spec *specs.Spec, conf *Config, mns *f
 		return err
 	}

+	// Always mount /dev/pts.
+	if err := mountSubmount(ctx, spec, conf, mns, nil, specs.Mount{
+		Type:        "devpts",
+		Destination: "/dev/pts",
+	}); err != nil {
+		return err
+	}
+
 	// Mount proc and sys even if the user did not ask for it, as the spec
 	// says we SHOULD.
 	if !procMounted {
@ -214,7 +223,7 @@ func mountSubmount(ctx context.Context, spec *specs.Spec, conf *Config, mns *fs.
 	var fsName string
 	var useOverlay bool
 	switch m.Type {
-	case "proc", "sysfs", "devtmpfs":
+	case "devpts", "devtmpfs", "proc", "sysfs":
 		fsName = m.Type
 	case "none":
 		fsName = "sysfs"