conmon: Build argv instead of commandline to spawn runtime

This means we don't have to spawn via a shell, but it also
means we do the right thing for any input that would have
needed to be escaped. For instance if the container name had
a $ in i, or even worse, a back-quote!

Signed-off-by: Alexander Larsson <alexl@redhat.com>
This commit is contained in:
Alexander Larsson 2017-06-02 14:27:00 +02:00
parent d2f09ef483
commit 829ec7f351

View file

@ -429,7 +429,7 @@ int main(int argc, char *argv[])
int num_stdio_fds = 0; int num_stdio_fds = 0;
GError *error = NULL; GError *error = NULL;
GOptionContext *context; GOptionContext *context;
_cleanup_gstring_ GString *cmd = NULL; GPtrArray *runtime_argv = NULL;
/* Used for OOM notification API */ /* Used for OOM notification API */
_cleanup_close_ int efd = -1; _cleanup_close_ int efd = -1;
@ -552,27 +552,40 @@ int main(int argc, char *argv[])
slavefd_stderr = fds[1]; slavefd_stderr = fds[1];
} }
cmd = g_string_new(runtime_path); runtime_argv = g_ptr_array_new();
g_ptr_array_add(runtime_argv, runtime_path);
/* Generate the cmdline. */ /* Generate the cmdline. */
if (!exec && systemd_cgroup) if (!exec && systemd_cgroup)
g_string_append_printf(cmd, " --systemd-cgroup"); g_ptr_array_add(runtime_argv, "--systemd-cgroup");
if (exec) if (exec) {
g_string_append_printf(cmd, " exec -d --pid-file %s", pid_file); g_ptr_array_add (runtime_argv, "exec");
else g_ptr_array_add (runtime_argv, "-d");
g_string_append_printf(cmd, " create --bundle %s --pid-file %s", bundle_path, pid_file); g_ptr_array_add (runtime_argv, "--pid-file");
g_ptr_array_add (runtime_argv, pid_file);
} else {
g_ptr_array_add (runtime_argv, "create");
g_ptr_array_add (runtime_argv, "--bundle");
g_ptr_array_add (runtime_argv, bundle_path);
g_ptr_array_add (runtime_argv, "--pid-file");
g_ptr_array_add (runtime_argv, pid_file);
}
if (terminal) if (terminal) {
g_string_append_printf(cmd, " --console-socket %s", csname); g_ptr_array_add(runtime_argv, "--console-socket");
g_ptr_array_add(runtime_argv, csname);
}
/* Set the exec arguments. */ /* Set the exec arguments. */
if (exec) { if (exec) {
g_string_append_printf(cmd, " --process %s", exec_process_spec); g_ptr_array_add(runtime_argv, "--process");
g_ptr_array_add(runtime_argv, exec_process_spec);
} }
/* Container name comes last. */ /* Container name comes last. */
g_string_append_printf(cmd, " %s", cid); g_ptr_array_add(runtime_argv, cid);
g_ptr_array_add(runtime_argv, NULL);
/* /*
* We have to fork here because the current runC API dups the stdio of the * We have to fork here because the current runC API dups the stdio of the
@ -587,8 +600,6 @@ int main(int argc, char *argv[])
if (create_pid < 0) { if (create_pid < 0) {
pexit("Failed to fork the create command"); pexit("Failed to fork the create command");
} else if (!create_pid) { } else if (!create_pid) {
char *argv[] = {"sh", "-c", cmd->str, NULL};
/* We only need to touch the stdio if we have terminal=false. */ /* We only need to touch the stdio if we have terminal=false. */
/* FIXME: This results in us not outputting runc error messages to crio's log. */ /* FIXME: This results in us not outputting runc error messages to crio's log. */
if (slavefd_stdout >= 0) { if (slavefd_stdout >= 0) {
@ -600,11 +611,12 @@ int main(int argc, char *argv[])
pexit("Failed to dup over stderr"); pexit("Failed to dup over stderr");
} }
/* Exec into the process. TODO: Don't use the shell. */ execv(g_ptr_array_index(runtime_argv,0), (char **)runtime_argv->pdata);
execv("/bin/sh", argv);
exit(127); exit(127);
} }
g_ptr_array_free (runtime_argv, TRUE);
/* The runtime has that fd now. We don't need to touch it anymore. */ /* The runtime has that fd now. We don't need to touch it anymore. */
close(slavefd_stdout); close(slavefd_stdout);
close(slavefd_stderr); close(slavefd_stderr);