Merge pull request #1354 from crosbymichael/dup-io

dqminh · web-flow · commit 291bf601105c · 2017-03-03T14:22:04.000Z
Don't fchown when inheriting io
diff --git a/tty.go b/tty.go
@@ -7,7 +7,6 @@ import (
 	"io"
 	"os"
 	"sync"
-	"syscall"
 
 	"github.com/docker/docker/pkg/term"
 	"github.com/opencontainers/runc/libcontainer"
@@ -28,9 +27,9 @@ func (t *tty) copyIO(w io.Writer, r io.ReadCloser) {
 	r.Close()
 }
 
-// setup standard pipes so that the TTY of the calling runc process
-// is not inherited by the container.
-func createStdioPipes(p *libcontainer.Process, rootuid, rootgid int) (*tty, error) {
+// setup pipes for the process so that advanced features like c/r are able to easily checkpoint
+// and restore the process's IO without depending on a host specific path or device
+func setupProcessPipes(p *libcontainer.Process, rootuid, rootgid int) (*tty, error) {
 	i, err := p.InitializeIO(rootuid, rootgid)
 	if err != nil {
 		return nil, err
@@ -62,19 +61,10 @@ func createStdioPipes(p *libcontainer.Process, rootuid, rootgid int) (*tty, erro
 	return t, nil
 }
 
-func dupStdio(process *libcontainer.Process, rootuid, rootgid int) error {
+func inheritStdio(process *libcontainer.Process) error {
 	process.Stdin = os.Stdin
 	process.Stdout = os.Stdout
 	process.Stderr = os.Stderr
-	for _, fd := range []uintptr{
-		os.Stdin.Fd(),
-		os.Stdout.Fd(),
-		os.Stderr.Fd(),
-	} {
-		if err := syscall.Fchown(int(fd), rootuid, rootgid); err != nil {
-			return err
-		}
-	}
 	return nil
 }
 
diff --git a/utils_linux.go b/utils_linux.go
@@ -110,19 +110,15 @@ func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, det
 		process.Stderr = nil
 		return &tty{}, nil
 	}
-
-	// When we detach, we just dup over stdio and call it a day. There's no
-	// requirement that we set up anything nice for our caller or the
-	// container.
+	// when runc will detach the caller provides the stdio to runc via runc's 0,1,2
+	// and the container's process inherits runc's stdio.
 	if detach {
-		if err := dupStdio(process, rootuid, rootgid); err != nil {
+		if err := inheritStdio(process); err != nil {
 			return nil, err
 		}
 		return &tty{}, nil
 	}
-
-	// XXX: This doesn't sit right with me. It's ugly.
-	return createStdioPipes(process, rootuid, rootgid)
+	return setupProcessPipes(process, rootuid, rootgid)
 }
 
 // createPidFile creates a file with the processes pid inside it atomically

Original file line number	Diff line number	Diff line change
`@@ -110,19 +110,15 @@ func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, det`
`110`	`110`	`process.Stderr = nil`
`111`	`111`	`return &tty{}, nil`
`112`	`112`	`}`
`113`		`-`
`114`		`- // When we detach, we just dup over stdio and call it a day. There's no`
`115`		`- // requirement that we set up anything nice for our caller or the`
`116`		`- // container.`
	`113`	`+ // when runc will detach the caller provides the stdio to runc via runc's 0,1,2`
	`114`	`+ // and the container's process inherits runc's stdio.`
`117`	`115`	`if detach {`
`118`		`- if err := dupStdio(process, rootuid, rootgid); err != nil {`
	`116`	`+ if err := inheritStdio(process); err != nil {`
`119`	`117`	`return nil, err`
`120`	`118`	`}`
`121`	`119`	`return &tty{}, nil`
`122`	`120`	`}`
`123`		`-`
`124`		`- // XXX: This doesn't sit right with me. It's ugly.`
`125`		`- return createStdioPipes(process, rootuid, rootgid)`
	`121`	`+ return setupProcessPipes(process, rootuid, rootgid)`
`126`	`122`	`}`
`127`	`123`
`128`	`124`	`// createPidFile creates a file with the processes pid inside it atomically`