From 531514e8231e7f42efb7e7992d62e516f9577363 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 12 Apr 2019 18:20:18 +0200
Subject: [PATCH 1/2] rootless: set controlling terminal for podman in the
 userns

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/rootless/rootless_linux.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 9cb79ed4d8..d6a2793a7f 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -16,6 +16,8 @@
 #include <sys/types.h>
 #include <sys/prctl.h>
 #include <dirent.h>
+#include <termios.h>
+#include <sys/ioctl.h>
 
 static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces";
 static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone";
@@ -178,6 +180,11 @@ reexec_userns_join (int userns, int mountns)
       _exit (EXIT_FAILURE);
     }
 
+  if (isatty (1) && ioctl (1, TIOCSCTTY, 0) == -1) {
+      fprintf (stderr, "cannot ioctl(TIOCSCTTY): %s\n", strerror (errno));
+      _exit (EXIT_FAILURE);
+  }
+
   if (setns (userns, 0) < 0)
     {
       fprintf (stderr, "cannot setns: %s\n", strerror (errno));

From 814066ee3b6047c3a582d3bfb508895763379acb Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 12 Apr 2019 18:08:26 +0200
Subject: [PATCH 2/2] rootless: do not block SIGTSTP

we were previously proxying all the signals, but doing that for
SIGTSTP prevented the main process to be stopped by the tty.

Closes: https://github.com/containers/libpod/issues/2775

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/rootless/rootless_linux.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 1d1b1713d3..2c99f41a4e 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -28,6 +28,10 @@ extern int reexec_userns_join(int userns, int mountns);
 */
 import "C"
 
+const (
+	numSig = 65 // max number of signals
+)
+
 func runInUser() error {
 	os.Setenv("_CONTAINERS_USERNS_CONFIGURED", "done")
 	return nil
@@ -283,7 +287,15 @@ func BecomeRootInUserNS() (bool, int, error) {
 
 	c := make(chan os.Signal, 1)
 
-	gosignal.Notify(c)
+	signals := []os.Signal{}
+	for sig := 0; sig < numSig; sig++ {
+		if sig == int(syscall.SIGTSTP) {
+			continue
+		}
+		signals = append(signals, syscall.Signal(sig))
+	}
+
+	gosignal.Notify(c, signals...)
 	defer gosignal.Reset()
 	go func() {
 		for s := range c {