Draft: Implementing Controlling Terminal in relibc, kernel and ptyd
The proposed solution for Controlling Terminal is to implement it between relibc, the kernel and ptyd, with the kernel providing two new services. In future, the new services can be moved to an external scheme.
Terminology:
-
ptyd has
control_term
andsubterm
, withcontrol_term
being the unique "real"pty
that handles I/O, andsubterm
being a non-unique read/write client - Controlling Terminal and
control_term
are unrelated terminology - We will use
pty
to mean "real" pty,subterm
being a non-unique reference - Controlling Terminal must be a "real"
pty
-
pty
can currently be identified by ptyd with an integer handle -
Issue: An application does not know its "real"
pty
, only itssubterm
-
Issue: ptyd does not currently track ownership and is insecure - it should support ownership and possibly
CAP_SYS_ADMIN
access in future
The following services are needed.
-
Feature 1: A
controlling_terminal(sid)
service that can be can be mutated by the Session Leader (pid == sid
) and propagated to past or futurefork
'd children in the same Session-
setsid
will create a new session and clearcontrolling_terminal
-
ioctl
withTIOCSCTTY
set will cause relibc to attempt to setcontrolling_terminal
using thissubterm
- setting
controlling_terminal
will fail if there is already one, if this process is not allowed to set it (rules TBD), or if thispty
is already a Controlling Terminal - the
controlling_terminal
service will ask for thepty
for thissubterm
- the service will track the
pty
to ensure there is no duplicated use
-
-
Feature 2: A
give_up_controlling_terminal(pid)
service that will be called upon death of the Session Leader or onioctl(TIOCNOTTY)
- if called by the Session Leader, send
SIGHUP
andSIGCONT
to the foreground process group and delete the controlling terminal for all session members - the
pty
is then available for another Session to "steal" it - otherwise, delete the controlling terminal for this process only (see Feature 3)
- if called by the Session Leader, send
- Feature 3: A process that is not a Session Leader either has the same (possibly None) Controlling Terminal as its Session Leader, or it may have None, in variance from other members of the Session. There is some commentary that says this feature should not be used.
-
Feature 4: If we want to support the "Set Controlling Terminal on Open" behavior, we can do that by adding a relay through the
libc:
scheme. If process uses the pathlibc:term/pty/n
, relibc would treat it asopen("pty:n")
followed by the equivalent ofioctl(TIOSCTTY)
Edited by Ron Williams