• Danny Auble's avatar
    The openpty(3) call used by slurmstepd to allocate a pseudo-terminal · 2a1c08b0
    Danny Auble authored
    is a convenience function in BSD and glibc that internally calls
    the equivalent of
    
        int masterfd = open("/dev/ptmx", flags);
        grantpt (masterfd);
        unlockpt (masterfd);
        int slavefd = open (slave, O_RDRW|O_NOCTTY);
    
    (in psuedocode)
    
    On Linux, with some combinations of glibc/kernel (in this
    case glibc-2.14/Linux-3.1), the equivalent of grantpt(3) was failing
    in slurmstepd with EPERM, because the allocated pty was getting
    root ownership instead of the user running the slurm job.
    
    From the POSIX description of grantpt:
    
     "The grantpt() function shall change the mode and ownership of the
      slave pseudo-terminal device... The user ID of the slave shall
      be set to the real UID of the calling process..."
    
     http://pubs.opengroup.org/onlinepubs/007904875/functions/grantpt.html
    
    This means that for POSIX-compliance, the real user id of slurmstepd
    must be the user executing the SLURM job at the time openpty(3) is
    called. Unfortunately, the real user id of slurmstepd at this
    point is still root, and only the effective uid is set to the user.
    
    This patch is a work-around that uses the (non-portable) setresuid(2)
    system call to reset the real and effective uids of the slurmstepd
    process to the job user, but keep the saved uid of root. Then after
    the openpty(3) call, the previous credentials are reestablished
    using the same call.
    2a1c08b0
To find the state of this project's repository at the time of any of these versions, check out the tags.