Re: runit: run process in a tty

From: Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups_at_NTLWorld.COM>
Date: Sat, 17 Oct 2020 11:43:32 +0100

Kian Kasad:

> Unable to open file: /dev/tty2: Operation not permitted.
>

Operating systems do a whole bunch of stuff when connecting user
programs to terminals, including changing the permissions of the
terminal device file to allow the logged-in user access. If you check
the terminal device file of a terminal where you have actually logged
in, you will find that it is owned by you, and that the device files of
terminals where you have not logged in are owned by the superuser. This
is one of several things that the login process does.

Taking ly's supplied systemd service unit and converting it using the
nosh toolset's convert-systemd-units command
(http://jdebp.uk./Softwares/nosh/guide/commands/convert-systemd-units.xml),
one obtains the following, which demonstrates that there are extra steps
involved and provides at least a pointer to how a "run" script for a
runit service should be constructed.

> % convert-systemd-units --no-systemd-quirks ./ly.service
> convert-systemd-units: WARNING: ./ly.service: Unused setting: [install] alias = display-manager.service
> %
> % system-control print-service-scripts ./ly
> start:#!/bin/nosh
> start:#Start file generated from ./ly.service
> start:true
> stop:#!/bin/nosh
> stop:#Stop file generated from ./ly.service
> stop:true
> run:#!/bin/nosh
> run:#Run file generated from ./ly.service
> run:#TUI display manager
> run:vc-get-tty /dev/tty2
> run:open-controlling-tty --revoke
> run:vc-reset-tty --hard-reset
> run:/usr/bin/ly
> restart:#!/bin/sh
> restart:#Restart file generated from ./ly.service
> restart:exec true # ignore script arguments
> %

Notice how the service invokes the open-controlling-tty program
(http://jdebp.uk./Softwares/nosh/guide/commands/open-controlling-tty.xml)
to open the terminal device file as standard I/O and to make it the
service's controlling terminal. It knows what terminal device because
that has been set up by the vc-get-tty program
(http://jdebp.uk./Softwares/nosh/guide/commands/vc-get-tty.xml) which
was passed the name "/dev/tty2".

Notice also how the service runs the "ly" program as the superuser. It
does not drop privileges by switching to an unprivileged account.

Furthermore, notice that there are two separate places where one tells
"ly" what terminal to use: in the service definition, as here, and in
the program's own configuration file.
Received on Sat Oct 17 2020 - 10:43:32 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC