Merge pull request #11390 from giuseppe/logging-passthrough

logging: new mode -l passthrough

Author: openshift-merge-robot

cmd/podman/common/completion.go

@@ -771,10 +771,13 @@ func AutocompleteImageVolume(cmd *cobra.Command, args []string, toComplete strin
 }
 
 // AutocompleteLogDriver - Autocomplete log-driver options.
-// -> "journald", "none", "k8s-file"
+// -> "journald", "none", "k8s-file", "passthrough"
 func AutocompleteLogDriver(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	// don't show json-file
 	logDrivers := []string{define.JournaldLogging, define.NoLogging, define.KubernetesLogging}
+	if !registry.IsRemote() {
+		logDrivers = append(logDrivers, define.PassthroughLogging)
+	}
 	return logDrivers, cobra.ShellCompDirectiveNoFileComp
 }
 

cmd/podman/containers/create.go

@@ -19,6 +19,7 @@ import (
 	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/containers/podman/v3/pkg/specgenutil"
 	"github.com/containers/podman/v3/pkg/util"
+	"github.com/mattn/go-isatty"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -161,7 +162,9 @@ func create(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	fmt.Println(report.Id)
+	if cliVals.LogDriver != define.PassthroughLogging {
+		fmt.Println(report.Id)
+	}
 	return nil
 }
 
@@ -188,6 +191,14 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra
 			vals.UserNS = "private"
 		}
 	}
+	if cliVals.LogDriver == define.PassthroughLogging {
+		if isatty.IsTerminal(0) || isatty.IsTerminal(1) || isatty.IsTerminal(2) {
+			return vals, errors.New("the '--log-driver passthrough' option cannot be used on a TTY")
+		}
+		if registry.IsRemote() {
+			return vals, errors.New("the '--log-driver passthrough' option is not supported in remote mode")
+		}
+	}
 
 	if !isInfra {
 		if c.Flag("shm-size").Changed {

cmd/podman/containers/run.go

@@ -158,8 +158,13 @@ func run(cmd *cobra.Command, args []string) error {
 		runOpts.InputStream = nil
 	}
 
+	passthrough := cliVals.LogDriver == define.PassthroughLogging
+
 	// If attach is set, clear stdin/stdout/stderr and only attach requested
 	if cmd.Flag("attach").Changed {
+		if passthrough {
+			return errors.Wrapf(define.ErrInvalidArg, "cannot specify --attach with --log-driver=passthrough")
+		}
 		runOpts.OutputStream = nil
 		runOpts.ErrorStream = nil
 		if !cliVals.Interactive {
@@ -179,6 +184,7 @@ func run(cmd *cobra.Command, args []string) error {
 			}
 		}
 	}
+
 	cliVals.PreserveFDs = runOpts.PreserveFDs
 	s := specgen.NewSpecGenerator(imageName, cliVals.RootFS)
 	if err := specgenutil.FillOutSpecGen(s, &cliVals, args); err != nil {
@@ -200,7 +206,7 @@ func run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	if runOpts.Detach {
+	if runOpts.Detach && !passthrough {
 		fmt.Println(report.Id)
 		return nil
 	}

docs/source/markdown/podman-create.1.md

@@ -513,7 +513,11 @@ Not implemented
 
 #### **--log-driver**="*k8s-file*"
 
-Logging driver for the container. Currently available options are *k8s-file*, *journald*, and *none*, with *json-file* aliased to *k8s-file* for scripting compatibility.
+Logging driver for the container. Currently available options are *k8s-file*, *journald*, *none* and *passthrough*, with *json-file* aliased to *k8s-file* for scripting compatibility.
+
+The *passthrough* driver passes down the standard streams (stdin, stdout, stderr) to the
+container.  It is not allowed with the remote Podman client and on a tty, since it is
+vulnerable to attacks via TIOCSTI.
 
 #### **--log-opt**=*name*=*value*
 

docs/source/markdown/podman-run.1.md

@@ -538,7 +538,12 @@ Not implemented.
 
 #### **--log-driver**="*driver*"
 
-Logging driver for the container. Currently available options are **k8s-file**, **journald**, and **none**, with **json-file** aliased to **k8s-file** for scripting compatibility.
+Logging driver for the container. Currently available options are **k8s-file**, **journald**, **none** and **passthrough**, with **json-file** aliased to **k8s-file** for scripting compatibility.
+
+The **passthrough** driver passes down the standard streams (stdin, stdout, stderr) to the
+container.  It is not allowed with the remote Podman client and on a tty, since it is
+vulnerable to attacks via TIOCSTI.
+
 
 #### **--log-opt**=*name*=*value*
 

go.mod

@@ -41,6 +41,7 @@ require (
 	github.com/hpcloud/tail v1.0.0
 	github.com/json-iterator/go v1.1.12
 	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/mattn/go-isatty v0.0.12
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6
 	github.com/mrunalp/fileutils v0.5.0
 	github.com/onsi/ginkgo v1.16.4

libpod/container_api.go

@@ -229,6 +229,10 @@ func (c *Container) Kill(signal uint) error {
 // This function returns when the attach finishes. It does not hold the lock for
 // the duration of its runtime, only using it at the beginning to verify state.
 func (c *Container) Attach(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize) error {
+	switch c.LogDriver() {
+	case define.PassthroughLogging:
+		return errors.Wrapf(define.ErrNoLogs, "this container is using the 'passthrough' log driver, cannot attach")
+	}
 	if !c.batched {
 		c.lock.Lock()
 		if err := c.syncContainer(); err != nil {

libpod/container_log.go

@@ -18,7 +18,7 @@ import (
 var logDrivers []string
 
 func init() {
-	logDrivers = append(logDrivers, define.KubernetesLogging, define.NoLogging)
+	logDrivers = append(logDrivers, define.KubernetesLogging, define.NoLogging, define.PassthroughLogging)
 }
 
 // Log is a runtime function that can read one or more container logs.
@@ -34,6 +34,8 @@ func (r *Runtime) Log(ctx context.Context, containers []*Container, options *log
 // ReadLog reads a containers log based on the input options and returns log lines over a channel.
 func (c *Container) ReadLog(ctx context.Context, options *logs.LogOptions, logChannel chan *logs.LogLine) error {
 	switch c.LogDriver() {
+	case define.PassthroughLogging:
+		return errors.Wrapf(define.ErrNoLogs, "this container is using the 'passthrough' log driver, cannot read logs")
 	case define.NoLogging:
 		return errors.Wrapf(define.ErrNoLogs, "this container is using the 'none' log driver, cannot read logs")
 	case define.JournaldLogging:

libpod/define/config.go

@@ -78,6 +78,9 @@ const JSONLogging = "json-file"
 // NoLogging is the string conmon expects when specifying to use no log driver whatsoever
 const NoLogging = "none"
 
+// PassthroughLogging is the string conmon expects when specifying to use the passthrough driver
+const PassthroughLogging = "passthrough"
+
 // Strings used for --sdnotify option to podman
 const (
 	SdNotifyModeContainer = "container"

libpod/oci_attach_linux.go

@@ -40,7 +40,9 @@ func openUnixSocket(path string) (*net.UnixConn, error) {
 // Does not check if state is appropriate
 // started is only required if startContainer is true
 func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize, startContainer bool, started chan bool, attachRdy chan<- bool) error {
-	if !streams.AttachOutput && !streams.AttachError && !streams.AttachInput {
+	passthrough := c.LogDriver() == define.PassthroughLogging
+
+	if !streams.AttachOutput && !streams.AttachError && !streams.AttachInput && !passthrough {
 		return errors.Wrapf(define.ErrInvalidArg, "must provide at least one stream to attach to")
 	}
 	if startContainer && started == nil {
@@ -52,24 +54,27 @@ func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-
 		return err
 	}
 
-	logrus.Debugf("Attaching to container %s", c.ID())
+	var conn *net.UnixConn
+	if !passthrough {
+		logrus.Debugf("Attaching to container %s", c.ID())
 
-	registerResizeFunc(resize, c.bundlePath())
+		registerResizeFunc(resize, c.bundlePath())
 
-	attachSock, err := c.AttachSocketPath()
-	if err != nil {
-		return err
-	}
+		attachSock, err := c.AttachSocketPath()
+		if err != nil {
+			return err
+		}
 
-	conn, err := openUnixSocket(attachSock)
-	if err != nil {
-		return errors.Wrapf(err, "failed to connect to container's attach socket: %v", attachSock)
-	}
-	defer func() {
-		if err := conn.Close(); err != nil {
-			logrus.Errorf("Unable to close socket: %q", err)
+		conn, err = openUnixSocket(attachSock)
+		if err != nil {
+			return errors.Wrapf(err, "failed to connect to container's attach socket: %v", attachSock)
 		}
-	}()
+		defer func() {
+			if err := conn.Close(); err != nil {
+				logrus.Errorf("unable to close socket: %q", err)
+			}
+		}()
+	}
 
 	// If starting was requested, start the container and notify when that's
 	// done.
@@ -80,6 +85,10 @@ func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-
 		started <- true
 	}
 
+	if passthrough {
+		return nil
+	}
+
 	receiveStdoutError, stdinDone := setupStdioChannels(streams, conn, detachKeys)
 	if attachRdy != nil {
 		attachRdy <- true