2164 }
2165 (void) close(slavefd);
2166 slavefd = newslave;
2167
2168 /*
2169 * dup the slave to the various FDs, so that when the
2170 * spawned process does a write/read it maps to the slave
2171 * pty.
2172 */
2173 (void) dup2(slavefd, STDIN_FILENO);
2174 (void) dup2(slavefd, STDOUT_FILENO);
2175 (void) dup2(slavefd, STDERR_FILENO);
2176 if (slavefd != STDIN_FILENO && slavefd != STDOUT_FILENO &&
2177 slavefd != STDERR_FILENO) {
2178 (void) close(slavefd);
2179 }
2180
2181 /*
2182 * In failsafe mode, we don't use login(1), so don't try
2183 * setting up a utmpx entry.
2184 */
2185 if (!failsafe)
2186 if (setup_utmpx(slaveshortname) == -1)
2187 return (1);
2188
2189 /*
2190 * The child needs to run as root to
2191 * execute the brand's login program.
2192 */
2193 if (setuid(0) == -1) {
2194 zperror(gettext("insufficient privilege"));
2195 return (1);
2196 }
2197
2198 (void) execve(new_args[0], new_args, new_env);
2199 zperror(gettext("exec failure"));
2200 return (1);
2201 }
2202
2203 (void) ct_tmpl_clear(tmpl_fd);
2204 (void) close(tmpl_fd);
2205
|
2164 }
2165 (void) close(slavefd);
2166 slavefd = newslave;
2167
2168 /*
2169 * dup the slave to the various FDs, so that when the
2170 * spawned process does a write/read it maps to the slave
2171 * pty.
2172 */
2173 (void) dup2(slavefd, STDIN_FILENO);
2174 (void) dup2(slavefd, STDOUT_FILENO);
2175 (void) dup2(slavefd, STDERR_FILENO);
2176 if (slavefd != STDIN_FILENO && slavefd != STDOUT_FILENO &&
2177 slavefd != STDERR_FILENO) {
2178 (void) close(slavefd);
2179 }
2180
2181 /*
2182 * In failsafe mode, we don't use login(1), so don't try
2183 * setting up a utmpx entry.
2184 *
2185 * A branded zone may have very different utmpx semantics.
2186 * At the moment, we only have two brand types:
2187 * Solaris-like (native, sn1) and Linux. In the Solaris
2188 * case, we know exactly how to do the necessary utmpx
2189 * setup. Fortunately for us, the Linux /bin/login is
2190 * prepared to deal with a non-initialized utmpx entry, so
2191 * we can simply skip it. If future brands don't fall into
2192 * either category, we'll have to add a per-brand utmpx
2193 * setup hook.
2194 */
2195 if (!failsafe && (strcmp(zonebrand, "lx") != 0))
2196 if (setup_utmpx(slaveshortname) == -1)
2197 return (1);
2198
2199 /*
2200 * The child needs to run as root to
2201 * execute the brand's login program.
2202 */
2203 if (setuid(0) == -1) {
2204 zperror(gettext("insufficient privilege"));
2205 return (1);
2206 }
2207
2208 (void) execve(new_args[0], new_args, new_env);
2209 zperror(gettext("exec failure"));
2210 return (1);
2211 }
2212
2213 (void) ct_tmpl_clear(tmpl_fd);
2214 (void) close(tmpl_fd);
2215
|