[lxc-devel] [PATCH 1/2] Remove process_lock() except where actually needed

Andrey Mazo mazo at telum.ru
Tue Dec 24 10:44:53 UTC 2013


Functions like open(), close(), socket(), socketpair(), pipe() and mkdir()
are generally thin wrappers around kernel-provided system calls.
It's the kernel not libc, who ensures race-free handling of file
descriptors.
Thus locking around these functions is unnecessary even on somewhat buggy libcs.

fopen(), fclose() and other stdio functions may maintain internal lists
of open file handles and thus can be prone to race-conditions.
Hopefully, most libcs utilize proper locking or other ways to ensure
thread-safety of these functions.
Bionic used to have non-thread-safe stdio [2] but that must be fixed
since android 4.3 [3, 4].

S.Çağlar Onur showed [1] that openpty() (because of nsswitch) is not thread-safe though.
So we workaround it by protecting openpty() calls with process_lock()/process_unlock().

Because of the need to guard openpty() with process_lock()/process_unlock(),
process_unlock() is still used after fork().

This commit reverts most of 025ed0f3911836b71f498d8368725c77a7e1932a.

[1] https://github.com/lxc/lxc/pull/106#issuecomment-31077269
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=687367
[3] https://android.googlesource.com/platform/bionic/+/f582340a6a48588aa50da17e1620e8f91b146941
[4] https://android.googlesource.com/platform/bionic/+/6b3f49a5374305ce9690c3c5ca2aadc90f54c521

Signed-off-by: Andrey Mazo <mazo at telum.ru>
---
 src/lxc/af_unix.c      |  17 ---------
 src/lxc/attach.c       |  32 ----------------
 src/lxc/bdev.c         |  58 +---------------------------
 src/lxc/caps.c         |   5 ---
 src/lxc/cgroup.c       |  35 -----------------
 src/lxc/commands.c     |  11 ------
 src/lxc/conf.c         |  70 ----------------------------------
 src/lxc/console.c      |  18 ---------
 src/lxc/freezer.c      |   5 ---
 src/lxc/log.c          |   7 ----
 src/lxc/lsm/apparmor.c |  11 ------
 src/lxc/lxccontainer.c | 101 -------------------------------------------------
 src/lxc/lxclock.c      |   9 -----
 src/lxc/lxcutmp.c      |  11 ------
 src/lxc/mainloop.c     |  11 +-----
 src/lxc/monitor.c      |  19 +---------
 src/lxc/network.c      |  20 +---------
 src/lxc/nl.c           |   5 ---
 src/lxc/parse.c        |   5 ---
 src/lxc/seccomp.c      |   5 ---
 src/lxc/start.c        |  29 --------------
 src/lxc/state.c        |   5 ---
 src/lxc/sync.c         |   7 ----
 src/lxc/utils.c        |  47 +++--------------------
 src/lxc/utils.h        |   2 -
 25 files changed, 10 insertions(+), 535 deletions(-)

diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 6f0183d..830b941 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -31,7 +31,6 @@
 #include <sys/un.h>
 
 #include "log.h"
-#include "lxclock.h"
 
 lxc_log_define(lxc_af_unix, lxc);
 
@@ -44,9 +43,7 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
 	if (flags & O_TRUNC)
 		unlink(path);
 
-	process_lock();
 	fd = socket(PF_UNIX, type, 0);
-	process_unlock();
 	if (fd < 0)
 		return -1;
 
@@ -60,9 +57,7 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
 
 	len = strlen(&path[1]) + 1;
 	if (len >= sizeof(addr.sun_path) - 1) {
-		process_lock();
 		close(fd);
-		process_unlock();
 		errno = ENAMETOOLONG;
 		return -1;
 	}
@@ -71,18 +66,14 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
 
 	if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) {
 		int tmp = errno;
-		process_lock();
 		close(fd);
-		process_unlock();
 		errno = tmp;
 		return -1;
 	}
 
 	if (type == SOCK_STREAM && listen(fd, 100)) {
 		int tmp = errno;
-		process_lock();
 		close(fd);
-		process_unlock();
 		errno = tmp;
 		return -1;
 	}
@@ -99,9 +90,7 @@ int lxc_abstract_unix_close(int fd)
 	    addr.sun_path[0])
 		unlink(addr.sun_path);
 
-	process_lock();
 	close(fd);
-	process_unlock();
 
 	return 0;
 }
@@ -112,9 +101,7 @@ int lxc_abstract_unix_connect(const char *path)
 	size_t len;
 	struct sockaddr_un addr;
 
-	process_lock();
 	fd = socket(PF_UNIX, SOCK_STREAM, 0);
-	process_unlock();
 	if (fd < 0)
 		return -1;
 
@@ -124,9 +111,7 @@ int lxc_abstract_unix_connect(const char *path)
 
 	len = strlen(&path[1]) + 1;
 	if (len >= sizeof(addr.sun_path) - 1) {
-		process_lock();
 		close(fd);
-		process_unlock();
 		errno = ENAMETOOLONG;
 		return -1;
 	}
@@ -138,9 +123,7 @@ int lxc_abstract_unix_connect(const char *path)
 		/* special case to connect to older containers */
 		if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
 			return fd;
-		process_lock();
 		close(fd);
-		process_unlock();
 		errno = tmp;
 		return -1;
 	}
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index aea0c33..6749617 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -79,9 +79,7 @@ struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
 	/* read capabilities */
 	snprintf(proc_fn, MAXPATHLEN, "/proc/%d/status", pid);
 
-	process_lock();
 	proc_file = fopen(proc_fn, "r");
-	process_unlock();
 	if (!proc_file) {
 		SYSERROR("Could not open %s", proc_fn);
 		goto out_error;
@@ -98,9 +96,7 @@ struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
 
 	if (line)
 		free(line);
-	process_lock();
 	fclose(proc_file);
-	process_unlock();
 
 	if (!found) {
 		SYSERROR("Could not read capability bounding set from %s", proc_fn);
@@ -111,18 +107,14 @@ struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
 	/* read personality */
 	snprintf(proc_fn, MAXPATHLEN, "/proc/%d/personality", pid);
 
-	process_lock();
 	proc_file = fopen(proc_fn, "r");
-	process_unlock();
 	if (!proc_file) {
 		SYSERROR("Could not open %s", proc_fn);
 		goto out_error;
 	}
 
 	ret = fscanf(proc_file, "%lx", &info->personality);
-	process_lock();
 	fclose(proc_file);
-	process_unlock();
 
 	if (ret == EOF || ret == 0) {
 		SYSERROR("Could not read personality from %s", proc_fn);
@@ -178,19 +170,15 @@ int lxc_attach_to_ns(pid_t pid, int which)
 		}
 
 		snprintf(path, MAXPATHLEN, "/proc/%d/ns/%s", pid, ns[i]);
-		process_lock();
 		fd[i] = open(path, O_RDONLY | O_CLOEXEC);
-		process_unlock();
 		if (fd[i] < 0) {
 			saved_errno = errno;
 
 			/* close all already opened file descriptors before
 			 * we return an error, so we don't leak them
 			 */
-			process_lock();
 			for (j = 0; j < i; j++)
 				close(fd[j]);
-			process_unlock();
 
 			errno = saved_errno;
 			SYSERROR("failed to open '%s'", path);
@@ -210,9 +198,7 @@ int lxc_attach_to_ns(pid_t pid, int which)
 			return -1;
 		}
 
-		process_lock();
 		close(fd[i]);
-		process_unlock();
 	}
 
 	return 0;
@@ -400,18 +386,14 @@ char *lxc_attach_getpwshell(uid_t uid)
 	 * getent program, and we need to capture its
 	 * output, so we use a pipe for that purpose
 	 */
-	process_lock();
 	ret = pipe(pipes);
-	process_unlock();
 	if (ret < 0)
 		return NULL;
 
 	pid = fork();
 	if (pid < 0) {
-		process_lock();
 		close(pipes[0]);
 		close(pipes[1]);
-		process_unlock();
 		return NULL;
 	}
 
@@ -423,13 +405,9 @@ char *lxc_attach_getpwshell(uid_t uid)
 		int found = 0;
 		int status;
 
-		process_lock();
 		close(pipes[1]);
-		process_unlock();
 
-		process_lock();
 		pipe_f = fdopen(pipes[0], "r");
-		process_unlock();
 		while (getline(&line, &line_bufsz, pipe_f) != -1) {
 			char *token;
 			char *saveptr = NULL;
@@ -486,9 +464,7 @@ char *lxc_attach_getpwshell(uid_t uid)
 		}
 
 		free(line);
-		process_lock();
 		fclose(pipe_f);
-		process_unlock();
 	again:
 		if (waitpid(pid, &status, 0) < 0) {
 			if (errno == EINTR)
@@ -683,9 +659,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
 	 *   close socket                                 close socket
 	 *                                                run program
 	 */
-	process_lock();
 	ret = socketpair(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, ipc_sockets);
-	process_unlock();
 	if (ret < 0) {
 		SYSERROR("could not set up required IPC mechanism for attaching");
 		free(cwd);
@@ -721,9 +695,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
 		/* inital thread, we close the socket that is for the
 		 * subprocesses
 		 */
-		process_lock();
 		close(ipc_sockets[1]);
-		process_unlock();
 		free(cwd);
 
 		/* get pid from intermediate process */
@@ -795,9 +767,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
 
 		/* now shut down communication with child, we're done */
 		shutdown(ipc_sockets[0], SHUT_RDWR);
-		process_lock();
 		close(ipc_sockets[0]);
-		process_unlock();
 		lxc_proc_put_context_info(init_ctx);
 
 		/* we're done, the child process should now execute whatever
@@ -813,9 +783,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
 		 * otherwise the pid we're waiting for may never exit
 		 */
 		shutdown(ipc_sockets[0], SHUT_RDWR);
-		process_lock();
 		close(ipc_sockets[0]);
-		process_unlock();
 		if (to_cleanup_pid)
 			(void) wait_for_pid(to_cleanup_pid);
 		lxc_proc_put_context_info(init_ctx);
diff --git a/src/lxc/bdev.c b/src/lxc/bdev.c
index f7a6031..b737eff 100644
--- a/src/lxc/bdev.c
+++ b/src/lxc/bdev.c
@@ -96,15 +96,11 @@ static int blk_getsize(struct bdev *bdev, unsigned long *size)
 	if (strcmp(bdev->type, "loop") == 0)
 		path = bdev->src + 5;
 
-	process_lock();
 	fd = open(path, O_RDONLY);
-	process_unlock();
 	if (fd < 0)
 		return -1;
 	ret = ioctl(fd, BLKGETSIZE64, size);
-	process_lock();
 	close(fd);
-	process_unlock();
 	return ret;
 }
 
@@ -260,23 +256,17 @@ static int detect_fs(struct bdev *bdev, char *type, int len)
 	if (strcmp(bdev->type, "loop") == 0)
 		srcdev = bdev->src + 5;
 
-	process_lock();
 	ret = pipe(p);
-	process_unlock();
 	if (ret < 0)
 		return -1;
 	if ((pid = fork()) < 0)
 		return -1;
 	if (pid > 0) {
 		int status;
-		process_lock();
 		close(p[1]);
-		process_unlock();
 		memset(type, 0, len);
 		ret = read(p[0], type, len-1);
-		process_lock();
 		close(p[0]);
-		process_unlock();
 		if (ret < 0) {
 			SYSERROR("error reading from pipe");
 			wait(&status);
@@ -504,9 +494,7 @@ static int zfs_list_entry(const char *path, char *output, size_t inlen)
 	struct lxc_popen_FILE *f;
 	int found=0;
 
-	process_lock();
 	f = lxc_popen("zfs list 2> /dev/null");
-	process_unlock();
 	if (f == NULL) {
 		SYSERROR("popen failed");
 		return 0;
@@ -517,9 +505,7 @@ static int zfs_list_entry(const char *path, char *output, size_t inlen)
 			break;
 		}
 	}
-	process_lock();
 	(void) lxc_pclose(f);
-	process_unlock();
 
 	return found;
 }
@@ -778,15 +764,11 @@ static int lvm_detect(const char *path)
 		ERROR("lvm uuid pathname too long");
 		return 0;
 	}
-	process_lock();
 	fout = fopen(devp, "r");
-	process_unlock();
 	if (!fout)
 		return 0;
 	ret = fread(buf, 1, 4, fout);
-	process_lock();
 	fclose(fout);
-	process_unlock();
 	if (ret != 4 || strncmp(buf, "LVM-", 4) != 0)
 		return 0;
 	return 1;
@@ -825,9 +807,7 @@ static int lvm_compare_lv_attr(const char *path, int pos, const char expected) {
 	if (ret < 0 || ret >= len)
 		return -1;
 
-	process_lock();
 	f = lxc_popen(cmd);
-	process_unlock();
 
 	if (f == NULL) {
 		SYSERROR("popen failed");
@@ -836,9 +816,7 @@ static int lvm_compare_lv_attr(const char *path, int pos, const char expected) {
 
 	ret = fgets(output, 12, f->f) == NULL;
 
-	process_lock();
 	status = lxc_pclose(f);
-	process_unlock();
 
 	if (ret || WEXITSTATUS(status))
 		// Assume either vg or lvs do not exist, default
@@ -1182,17 +1160,13 @@ static bool is_btrfs_fs(const char *path)
 	struct btrfs_ioctl_space_args sargs;
 
 	// make sure this is a btrfs filesystem
-	process_lock();
 	fd = open(path, O_RDONLY);
-	process_unlock();
 	if (fd < 0)
 		return false;
 	sargs.space_slots = 0;
 	sargs.total_spaces = 0;
 	ret = ioctl(fd, BTRFS_IOC_SPACE_INFO, &sargs);
-	process_lock();
 	close(fd);
-	process_unlock();
 	if (ret < 0)
 		return false;
 
@@ -1290,9 +1264,7 @@ static int btrfs_subvolume_create(const char *path)
 	}
 	*p = '\0';
 
-	process_lock();
 	fd = open(newfull, O_RDONLY);
-	process_unlock();
 	if (fd < 0) {
 		ERROR("Error opening %s", newfull);
 		free(newfull);
@@ -1306,9 +1278,7 @@ static int btrfs_subvolume_create(const char *path)
 	INFO("btrfs: snapshot create ioctl returned %d", ret);
 
 	free(newfull);
-	process_lock();
 	close(fd);
-	process_unlock();
 	return ret;
 }
 
@@ -1330,14 +1300,12 @@ static int btrfs_snapshot(const char *orig, const char *new)
 	}
 	newname = basename(newfull);
 	newdir = dirname(newfull);
-	process_lock();
 	fd = open(orig, O_RDONLY);
-	fddst = open(newdir, O_RDONLY);
-	process_unlock();
 	if (fd < 0) {
 		SYSERROR("Error opening original rootfs %s", orig);
 		goto out;
 	}
+	fddst = open(newdir, O_RDONLY);
 	if (fddst < 0) {
 		SYSERROR("Error opening new container dir %s", newdir);
 		goto out;
@@ -1351,12 +1319,10 @@ static int btrfs_snapshot(const char *orig, const char *new)
 	INFO("btrfs: snapshot create ioctl returned %d", ret);
 
 out:
-	process_lock();
 	if (fddst != -1)
 		close(fddst);
 	if (fd != -1)
 		close(fd);
-	process_unlock();
 	if (newfull)
 		free(newfull);
 	return ret;
@@ -1427,9 +1393,7 @@ static int btrfs_destroy(struct bdev *orig)
 	}
 	*p = '\0';
 
-	process_lock();
 	fd = open(newfull, O_RDONLY);
-	process_unlock();
 	if (fd < 0) {
 		ERROR("Error opening %s", newfull);
 		free(newfull);
@@ -1443,9 +1407,7 @@ static int btrfs_destroy(struct bdev *orig)
 	INFO("btrfs: snapshot create ioctl returned %d", ret);
 
 	free(newfull);
-	process_lock();
 	close(fd);
-	process_unlock();
 	return ret;
 }
 
@@ -1485,9 +1447,7 @@ static int find_free_loopdev(int *retfd, char *namep)
 	DIR *dir;
 	int fd = -1;
 
-	process_lock();
 	dir = opendir("/dev");
-	process_unlock();
 	if (!dir) {
 		SYSERROR("Error opening /dev");
 		return -1;
@@ -1498,15 +1458,11 @@ static int find_free_loopdev(int *retfd, char *namep)
 			break;
 		if (strncmp(direntp->d_name, "loop", 4) != 0)
 			continue;
-		process_lock();
 		fd = openat(dirfd(dir), direntp->d_name, O_RDWR);
-		process_unlock();
 		if (fd < 0)
 			continue;
 		if (ioctl(fd, LOOP_GET_STATUS64, &lo) == 0 || errno != ENXIO) {
-			process_lock();
 			close(fd);
-			process_unlock();
 			fd = -1;
 			continue;
 		}
@@ -1514,9 +1470,7 @@ static int find_free_loopdev(int *retfd, char *namep)
 		snprintf(namep, 100, "/dev/%s", direntp->d_name);
 		break;
 	}
-	process_lock();
 	closedir(dir);
-	process_unlock();
 	if (fd == -1) {
 		ERROR("No loop device found");
 		return -1;
@@ -1539,9 +1493,7 @@ static int loop_mount(struct bdev *bdev)
 	if (find_free_loopdev(&lfd, loname) < 0)
 		return -22;
 
-	process_lock();
 	ffd = open(bdev->src + 5, O_RDWR);
-	process_unlock();
 	if (ffd < 0) {
 		SYSERROR("Error opening backing file %s\n", bdev->src);
 		goto out;
@@ -1565,14 +1517,12 @@ static int loop_mount(struct bdev *bdev)
 		bdev->lofd = lfd;
 
 out:
-	process_lock();
 	if (ffd > -1)
 		close(ffd);
 	if (ret < 0) {
 		close(lfd);
 		bdev->lofd = -1;
 	}
-	process_unlock();
 	return ret;
 }
 
@@ -1586,9 +1536,7 @@ static int loop_umount(struct bdev *bdev)
 		return -22;
 	ret = umount(bdev->dest);
 	if (bdev->lofd >= 0) {
-		process_lock();
 		close(bdev->lofd);
-		process_unlock();
 		bdev->lofd = -1;
 	}
 	return ret;
@@ -1598,9 +1546,7 @@ static int do_loop_create(const char *path, unsigned long size, const char *fsty
 {
 	int fd, ret;
 	// create the new loopback file.
-	process_lock();
 	fd = creat(path, S_IRUSR|S_IWUSR);
-	process_unlock();
 	if (fd < 0)
 		return -1;
 	if (lseek(fd, size, SEEK_SET) < 0) {
@@ -1613,9 +1559,7 @@ static int do_loop_create(const char *path, unsigned long size, const char *fsty
 		close(fd);
 		return -1;
 	}
-	process_lock();
 	ret = close(fd);
-	process_unlock();
 	if (ret < 0) {
 		SYSERROR("Error closing new loop file");
 		return -1;
diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 9afd6ac..e2093c2 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -31,7 +31,6 @@
 
 #include "config.h"
 #include "log.h"
-#include "lxclock.h"
 
 lxc_log_define(lxc_caps, lxc);
 
@@ -192,9 +191,7 @@ static int _real_caps_last_cap(void)
 
 	/* try to get the maximum capability over the kernel
 	* interface introduced in v3.2 */
-	process_lock();
 	fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY);
-	process_unlock();
 	if (fd >= 0) {
 		char buf[32];
 		char *ptr;
@@ -208,9 +205,7 @@ static int _real_caps_last_cap(void)
 				result = -1;
 		}
 
-		process_lock();
 		close(fd);
-		process_unlock();
 	}
 
 	/* try to get it manually by trying to get the status of
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index f2a686a..ce6b739 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -45,7 +45,6 @@
 #include "conf.h"
 #include "utils.h"
 #include "bdev.h"
-#include "lxclock.h"
 
 #include <lxc/log.h>
 #include <lxc/cgroup.h>
@@ -118,9 +117,7 @@ static bool find_cgroup_subsystems(char ***kernel_subsystems)
 	size_t kernel_subsystems_capacity = 0;
 	int r;
 
-	process_lock();
 	proc_cgroups = fopen_cloexec("/proc/cgroups", "r");
-	process_unlock();
 	if (!proc_cgroups)
 		return false;
 
@@ -160,9 +157,7 @@ static bool find_cgroup_subsystems(char ***kernel_subsystems)
 	bret = true;
 
 out:
-	process_lock();
 	fclose(proc_cgroups);
-	process_unlock();
 	free(line);
 	return bret;
 }
@@ -182,13 +177,11 @@ static bool find_cgroup_hierarchies(struct cgroup_meta_data *meta_data,
 	bool bret = false;
 	size_t hierarchy_capacity = 0;
 
-	process_lock();
 	proc_self_cgroup = fopen_cloexec("/proc/self/cgroup", "r");
 	/* if for some reason (because of setns() and pid namespace for example),
 	 * /proc/self is not valid, we try /proc/1/cgroup... */
 	if (!proc_self_cgroup)
 		proc_self_cgroup = fopen_cloexec("/proc/1/cgroup", "r");
-	process_unlock();
 	if (!proc_self_cgroup)
 		return false;
 
@@ -267,9 +260,7 @@ static bool find_cgroup_hierarchies(struct cgroup_meta_data *meta_data,
 	bret = true;
 
 out:
-	process_lock();
 	fclose(proc_self_cgroup);
-	process_unlock();
 	free(line);
 	return bret;
 }
@@ -287,13 +278,11 @@ static bool find_hierarchy_mountpts( struct cgroup_meta_data *meta_data, char **
 	size_t token_capacity = 0;
 	int r;
 
-	process_lock();
 	proc_self_mountinfo = fopen_cloexec("/proc/self/mountinfo", "r");
 	/* if for some reason (because of setns() and pid namespace for example),
 	 * /proc/self is not valid, we try /proc/1/cgroup... */
 	if (!proc_self_mountinfo)
 		proc_self_mountinfo = fopen_cloexec("/proc/1/mountinfo", "r");
-	process_unlock();
 	if (!proc_self_mountinfo)
 		return false;
 
@@ -398,9 +387,7 @@ static bool find_hierarchy_mountpts( struct cgroup_meta_data *meta_data, char **
 	bret = true;
 
 out:
-	process_lock();
 	fclose(proc_self_mountinfo);
-	process_unlock();
 	free(tokens);
 	free(line);
 	return bret;
@@ -1473,9 +1460,7 @@ struct cgroup_process_info *lxc_cgroup_process_info_getx(const char *proc_pid_cg
 	struct cgroup_process_info **cptr = &result;
 	struct cgroup_process_info *entry = NULL;
 
-	process_lock();
 	proc_pid_cgroup = fopen_cloexec(proc_pid_cgroup_str, "r");
-	process_unlock();
 	if (!proc_pid_cgroup)
 		return NULL;
 
@@ -1545,18 +1530,14 @@ struct cgroup_process_info *lxc_cgroup_process_info_getx(const char *proc_pid_cg
 		entry = NULL;
 	}
 
-	process_lock();
 	fclose(proc_pid_cgroup);
-	process_unlock();
 	free(line);
 	return result;
 
 out_error:
 	saved_errno = errno;
-	process_lock();
 	if (proc_pid_cgroup)
 		fclose(proc_pid_cgroup);
-	process_unlock();
 	lxc_cgroup_process_info_free(result);
 	lxc_cgroup_process_info_free(entry);
 	free(line);
@@ -1817,9 +1798,7 @@ bool cgroup_devices_has_allow_or_deny(struct lxc_handler *h, char *v, bool for_a
 		return false;
 	}
 
-	process_lock();
 	devices_list = fopen_cloexec(path, "r");
-	process_unlock();
 	if (!devices_list) {
 		free(path);
 		return false;
@@ -1839,9 +1818,7 @@ bool cgroup_devices_has_allow_or_deny(struct lxc_handler *h, char *v, bool for_a
 	}
 
 out:
-	process_lock();
 	fclose(devices_list);
-	process_unlock();
 	free(line);
 	free(path);
 	return ret;
@@ -1863,9 +1840,7 @@ int cgroup_recursive_task_count(const char *cgroup_path)
 	if (!dent_buf)
 		return -1;
 
-	process_lock();
 	d = opendir(cgroup_path);
-	process_unlock();
 	if (!d) {
 		free(dent_buf);
 		return 0;
@@ -1884,17 +1859,13 @@ int cgroup_recursive_task_count(const char *cgroup_path)
 			continue;
 		sub_path = lxc_string_join("/", parts, false);
 		if (!sub_path) {
-			process_lock();
 			closedir(d);
-			process_unlock();
 			free(dent_buf);
 			return -1;
 		}
 		r = stat(sub_path, &st);
 		if (r < 0) {
-			process_lock();
 			closedir(d);
-			process_unlock();
 			free(dent_buf);
 			free(sub_path);
 			return -1;
@@ -1910,9 +1881,7 @@ int cgroup_recursive_task_count(const char *cgroup_path)
 		}
 		free(sub_path);
 	}
-	process_lock();
 	closedir(d);
-	process_unlock();
 	free(dent_buf);
 
 	return n;
@@ -1925,9 +1894,7 @@ int count_lines(const char *fn)
 	size_t sz = 0;
 	int n = 0;
 
-	process_lock();
 	f = fopen_cloexec(fn, "r");
-	process_unlock();
 	if (!f)
 		return -1;
 
@@ -1935,9 +1902,7 @@ int count_lines(const char *fn)
 		n++;
 	}
 	free(line);
-	process_lock();
 	fclose(f);
-	process_unlock();
 	return n;
 }
 
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index de0b3e3..19a416f 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -46,7 +46,6 @@
 #include "mainloop.h"
 #include "af_unix.h"
 #include "config.h"
-#include "lxclock.h"
 
 /*
  * This file provides the different functions for clients to
@@ -749,9 +748,7 @@ static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
 {
 	lxc_console_free(handler->conf, fd);
 	lxc_mainloop_del_handler(descr, fd);
-	process_lock();
 	close(fd);
-	process_unlock();
 }
 
 static int lxc_cmd_handler(int fd, uint32_t events, void *data,
@@ -824,9 +821,7 @@ static int lxc_cmd_accept(int fd, uint32_t events, void *data,
 {
 	int opt = 1, ret = -1, connection;
 
-	process_lock();
 	connection = accept(fd, NULL, 0);
-	process_unlock();
 	if (connection < 0) {
 		SYSERROR("failed to accept connection");
 		return -1;
@@ -853,9 +848,7 @@ out:
 	return ret;
 
 out_close:
-	process_lock();
 	close(connection);
-	process_unlock();
 	goto out;
 }
 
@@ -884,9 +877,7 @@ int lxc_cmd_init(const char *name, struct lxc_handler *handler,
 
 	if (fcntl(fd, F_SETFD, FD_CLOEXEC)) {
 		SYSERROR("failed to set sigfd to close-on-exec");
-		process_lock();
 		close(fd);
-		process_unlock();
 		return -1;
 	}
 
@@ -903,9 +894,7 @@ int lxc_cmd_mainloop_add(const char *name,
 	ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
 	if (ret) {
 		ERROR("failed to add handler for command socket");
-		process_lock();
 		close(fd);
-		process_unlock();
 	}
 
 	return ret;
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 0e5b6f6..68f9716 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -284,9 +284,7 @@ static int run_buffer(char *buffer)
 	char *output;
 	int ret;
 
-	process_lock();
 	f = lxc_popen(buffer);
-	process_unlock();
 	if (!f) {
 		SYSERROR("popen failed");
 		return -1;
@@ -295,9 +293,7 @@ static int run_buffer(char *buffer)
 	output = malloc(LXC_LOG_BUFFER_SIZE);
 	if (!output) {
 		ERROR("failed to allocate memory for script output");
-		process_lock();
 		lxc_pclose(f);
-		process_unlock();
 		return -1;
 	}
 
@@ -306,9 +302,7 @@ static int run_buffer(char *buffer)
 
 	free(output);
 
-	process_lock();
 	ret = lxc_pclose(f);
-	process_unlock();
 	if (ret == -1) {
 		SYSERROR("Script exited on error");
 		return -1;
@@ -513,9 +507,7 @@ static int setup_lodev(const char *rootfs, int fd, struct loop_info64 *loinfo)
 	int rfd;
 	int ret = -1;
 
-	process_lock();
 	rfd = open(rootfs, O_RDWR);
-	process_unlock();
 	if (rfd < 0) {
 		SYSERROR("failed to open '%s'", rootfs);
 		return -1;
@@ -537,9 +529,7 @@ static int setup_lodev(const char *rootfs, int fd, struct loop_info64 *loinfo)
 
 	ret = 0;
 out:
-	process_lock();
 	close(rfd);
-	process_unlock();
 
 	return ret;
 }
@@ -552,9 +542,7 @@ static int mount_rootfs_file(const char *rootfs, const char *target)
 	DIR *dir;
 	char path[MAXPATHLEN];
 
-	process_lock();
 	dir = opendir("/dev");
-	process_unlock();
 	if (!dir) {
 		SYSERROR("failed to open '/dev'");
 		return -1;
@@ -578,25 +566,19 @@ static int mount_rootfs_file(const char *rootfs, const char *target)
 		if (rc < 0 || rc >= MAXPATHLEN)
 			continue;
 
-		process_lock();
 		fd = open(path, O_RDWR);
-		process_unlock();
 		if (fd < 0)
 			continue;
 
 		if (ioctl(fd, LOOP_GET_STATUS64, &loinfo) == 0) {
-			process_lock();
 			close(fd);
-			process_unlock();
 			continue;
 		}
 
 		if (errno != ENXIO) {
 			WARN("unexpected error for ioctl on '%s': %m",
 			     direntp->d_name);
-			process_lock();
 			close(fd);
-			process_unlock();
 			continue;
 		}
 
@@ -605,17 +587,13 @@ static int mount_rootfs_file(const char *rootfs, const char *target)
 		ret = setup_lodev(rootfs, fd, &loinfo);
 		if (!ret)
 			ret = mount_unknow_fs(path, target, 0);
-		process_lock();
 		close(fd);
-		process_unlock();
 
 		break;
 	}
 
-	process_lock();
 	if (closedir(dir))
 		WARN("failed to close directory");
-	process_unlock();
 
 	return ret;
 }
@@ -661,9 +639,7 @@ int pin_rootfs(const char *rootfs)
 	if (ret >= MAXPATHLEN)
 		return -1;
 
-	process_lock();
 	fd = open(absrootfspin, O_CREAT | O_RDWR, S_IWUSR|S_IRUSR);
-	process_unlock();
 	if (fd < 0)
 		return fd;
 	(void)unlink(absrootfspin);
@@ -840,17 +816,13 @@ static int setup_tty(const struct lxc_rootfs *rootfs,
 				ERROR("pathname too long for ttys");
 				return -1;
 			}
-			process_lock();
 			ret = creat(lxcpath, 0660);
-			process_unlock();
 			if (ret==-1 && errno != EEXIST) {
 				SYSERROR("error creating %s\n", lxcpath);
 				return -1;
 			}
-			process_lock();
 			if (ret >= 0)
 				close(ret);
-			process_unlock();
 			ret = unlink(path);
 			if (ret && errno != ENOENT) {
 				SYSERROR("error unlinking %s\n", path);
@@ -876,16 +848,12 @@ static int setup_tty(const struct lxc_rootfs *rootfs,
 		} else {
 			/* If we populated /dev, then we need to create /dev/ttyN */
 			if (access(path, F_OK)) {
-				process_lock();
 				ret = creat(path, 0660);
-				process_unlock();
 				if (ret==-1) {
 					SYSERROR("error creating %s\n", path);
 					/* this isn't fatal, continue */
 				} else {
-					process_lock();
 					close(ret);
-					process_unlock();
 				}
 			}
 			if (mount(pty_info->name, path, "none", MS_BIND, 0)) {
@@ -1157,9 +1125,7 @@ int mount_check_fs( const char *dir, char *fstype )
 		return 0;
 	}
 
-	process_lock();
 	f = fopen("/proc/self/mounts", "r");
-	process_unlock();
 	if (!f)
 		return 0;
 	while ((p = fgets(buf, LINELEN, f))) {
@@ -1193,9 +1159,7 @@ int mount_check_fs( const char *dir, char *fstype )
 		}
 	}
 
-	process_lock();
 	fclose(f);
-	process_unlock();
 
 	DEBUG("mount_check_fs returning %d last %s\n", found_fs, fstype);
 
@@ -1455,9 +1419,7 @@ int detect_shared_rootfs(void)
 	int i;
 	char *p2;
 
-	process_lock();
 	f = fopen("/proc/self/mountinfo", "r");
-	process_unlock();
 	if (!f)
 		return 0;
 	while ((p = fgets(buf, LINELEN, f))) {
@@ -1473,16 +1435,12 @@ int detect_shared_rootfs(void)
 			// this is '/'.  is it shared?
 			p = index(p2+1, ' ');
 			if (p && strstr(p, "shared:")) {
-				process_lock();
 				fclose(f);
-				process_unlock();
 				return 1;
 			}
 		}
 	}
-	process_lock();
 	fclose(f);
-	process_unlock();
 	return 0;
 }
 
@@ -1738,17 +1696,13 @@ static int setup_ttydir_console(const struct lxc_rootfs *rootfs,
 		return -1;
 	}
 
-	process_lock();
 	ret = creat(lxcpath, 0660);
-	process_unlock();
 	if (ret==-1 && errno != EEXIST) {
 		SYSERROR("error %d creating %s\n", errno, lxcpath);
 		return -1;
 	}
-	process_lock();
 	if (ret >= 0)
 		close(ret);
-	process_unlock();
 
 	if (console->master < 0) {
 		INFO("no console");
@@ -2132,9 +2086,7 @@ static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
 	if (!fstab)
 		return 0;
 
-	process_lock();
 	file = setmntent(fstab, "r");
-	process_unlock();
 	if (!file) {
 		SYSERROR("failed to use '%s'", fstab);
 		return -1;
@@ -2142,9 +2094,7 @@ static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
 
 	ret = mount_file_entries(rootfs, file, lxc_name);
 
-	process_lock();
 	endmntent(file);
-	process_unlock();
 	return ret;
 }
 
@@ -2156,9 +2106,7 @@ static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list
 	char *mount_entry;
 	int ret;
 
-	process_lock();
 	file = tmpfile();
-	process_unlock();
 	if (!file) {
 		ERROR("tmpfile error: %m");
 		return -1;
@@ -2173,9 +2121,7 @@ static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list
 
 	ret = mount_file_entries(rootfs, file, lxc_name);
 
-	process_lock();
 	fclose(file);
-	process_unlock();
 	return ret;
 }
 
@@ -2321,18 +2267,14 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
 	ifr.ifr_name[IFNAMSIZ-1] = '\0';
 	memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr));
 
-	process_lock();
 	fd = socket(AF_INET, SOCK_DGRAM, 0);
-	process_unlock();
 	if (fd < 0) {
 		ERROR("socket failure : %s", strerror(errno));
 		return -1;
 	}
 
 	ret = ioctl(fd, SIOCSIFHWADDR, &ifr);
-	process_lock();
 	close(fd);
-	process_unlock();
 	if (ret)
 		ERROR("ioctl failure : %s", strerror(errno));
 
@@ -3112,9 +3054,7 @@ static int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
 		fprintf(stderr, "%s: path name too long", __func__);
 		return -E2BIG;
 	}
-	process_lock();
 	f = fopen(path, "w");
-	process_unlock();
 	if (!f) {
 		perror("open");
 		return -EINVAL;
@@ -3122,9 +3062,7 @@ static int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
 	ret = fwrite(buf, buf_size, 1, f);
 	if (ret < 0)
 		SYSERROR("writing id mapping");
-	process_lock();
 	closeret = fclose(f);
-	process_unlock();
 	if (closeret)
 		SYSERROR("writing id mapping");
 	return ret < 0 ? ret : closeret;
@@ -3344,10 +3282,8 @@ void lxc_delete_tty(struct lxc_tty_info *tty_info)
 	for (i = 0; i < tty_info->nbtty; i++) {
 		struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
 
-		process_lock();
 		close(pty_info->master);
 		close(pty_info->slave);
-		process_unlock();
 	}
 
 	free(tty_info->pty_info);
@@ -4084,9 +4020,7 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
 	int p[2];
 	struct lxc_list *idmap;
 
-	process_lock();
 	ret = pipe(p);
-	process_unlock();
 	if (ret < 0) {
 		SYSERROR("opening pipe");
 		return -1;
@@ -4098,9 +4032,7 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
 	pid = lxc_clone(run_userns_fn, &d, CLONE_NEWUSER);
 	if (pid < 0)
 		goto err;
-	process_lock();
 	close(p[0]);
-	process_unlock();
 	p[0] = -1;
 
 	if ((idmap = idmap_add_id(conf, geteuid())) == NULL) {
@@ -4127,10 +4059,8 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
 		goto err;
 	}
 err:
-	process_lock();
 	if (p[0] != -1)
 		close(p[0]);
 	close(p[1]);
-	process_unlock();
 	return -1;
 }
diff --git a/src/lxc/console.c b/src/lxc/console.c
index 5d91f24..86e5e05 100644
--- a/src/lxc/console.c
+++ b/src/lxc/console.c
@@ -202,9 +202,7 @@ out:
 static void lxc_console_sigwinch_fini(struct lxc_tty_state *ts)
 {
 	if (ts->sigfd >= 0) {
-		process_lock();
 		close(ts->sigfd);
-		process_unlock();
 	}
 	lxc_list_del(&ts->node);
 	sigprocmask(SIG_SETMASK, &ts->oldmask, NULL);
@@ -227,9 +225,7 @@ static int lxc_console_cb_con(int fd, uint32_t events, void *data,
 	if (!r) {
 		INFO("console client on fd %d has exited", fd);
 		lxc_mainloop_del_handler(descr, fd);
-		process_lock();
 		close(fd);
-		process_unlock();
 		return 0;
 	}
 
@@ -345,10 +341,8 @@ static void lxc_console_peer_proxy_free(struct lxc_console *console)
 		lxc_console_sigwinch_fini(console->tty_state);
 		console->tty_state = NULL;
 	}
-	process_lock();
 	close(console->peerpty.master);
 	close(console->peerpty.slave);
-	process_unlock();
 	console->peerpty.master = -1;
 	console->peerpty.slave = -1;
 	console->peerpty.busy = -1;
@@ -492,23 +486,19 @@ static void lxc_console_peer_default(struct lxc_console *console)
 	 */
 	if (!path && !access("/dev/tty", F_OK)) {
 		int fd;
-		process_lock();
 		fd = open("/dev/tty", O_RDWR);
 		if (fd >= 0) {
 			close(fd);
 			path = "/dev/tty";
 		}
-		process_unlock();
 	}
 
 	if (!path)
 		goto out;
 
 	DEBUG("opening %s for console peer", path);
-	process_lock();
 	console->peer = lxc_unpriv(open(path, O_CLOEXEC | O_RDWR | O_CREAT |
 					O_APPEND, 0600));
-	process_unlock();
 	if (console->peer < 0)
 		goto out;
 
@@ -539,9 +529,7 @@ err2:
 	free(console->tios);
 	console->tios = NULL;
 err1:
-	process_lock();
 	close(console->peer);
-	process_unlock();
 	console->peer = -1;
 out:
 	DEBUG("no console peer");
@@ -555,13 +543,11 @@ void lxc_console_delete(struct lxc_console *console)
 	free(console->tios);
 	console->tios = NULL;
 
-	process_lock();
 	close(console->peer);
 	close(console->master);
 	close(console->slave);
 	if (console->log_fd >= 0)
 		close(console->log_fd);
-	process_unlock();
 
 	console->peer = -1;
 	console->master = -1;
@@ -607,11 +593,9 @@ int lxc_console_create(struct lxc_conf *conf)
 	lxc_console_peer_default(console);
 
 	if (console->log_path) {
-		process_lock();
 		console->log_fd = lxc_unpriv(open(console->log_path,
 						  O_CLOEXEC | O_RDWR |
 						  O_CREAT | O_APPEND, 0600));
-		process_unlock();
 		if (console->log_fd < 0) {
 			SYSERROR("failed to open '%s'", console->log_path);
 			goto err;
@@ -774,10 +758,8 @@ err4:
 err3:
 	lxc_console_sigwinch_fini(ts);
 err2:
-	process_lock();
 	close(masterfd);
 	close(ttyfd);
-	process_unlock();
 err1:
 	tcsetattr(stdinfd, TCSAFLUSH, &oldtios);
 
diff --git a/src/lxc/freezer.c b/src/lxc/freezer.c
index 41dc61e..be97d75 100644
--- a/src/lxc/freezer.c
+++ b/src/lxc/freezer.c
@@ -34,7 +34,6 @@
 #include "error.h"
 #include "state.h"
 #include "monitor.h"
-#include "lxclock.h"
 
 #include <lxc/log.h>
 #include <lxc/cgroup.h>
@@ -53,9 +52,7 @@ static int do_unfreeze(const char *nsgroup, int freeze, const char *name, const
 		return -1;
 	}
 
-	process_lock();
 	fd = open(freezer, O_RDWR);
-	process_unlock();
 	if (fd < 0) {
 		SYSERROR("failed to open freezer at '%s'", nsgroup);
 		return -1;
@@ -117,9 +114,7 @@ static int do_unfreeze(const char *nsgroup, int freeze, const char *name, const
 	}
 
 out:
-	process_lock();
 	close(fd);
-	process_unlock();
 	return ret;
 }
 
diff --git a/src/lxc/log.c b/src/lxc/log.c
index d6ce361..86f7cd4 100644
--- a/src/lxc/log.c
+++ b/src/lxc/log.c
@@ -36,7 +36,6 @@
 #include "log.h"
 #include "caps.h"
 #include "utils.h"
-#include "lxclock.h"
 
 #define LXC_LOG_PREFIX_SIZE	32
 #define LXC_LOG_BUFFER_SIZE	512
@@ -162,10 +161,8 @@ static int log_open(const char *name)
 	int fd;
 	int newfd;
 
-	process_lock();
 	fd = lxc_unpriv(open(name, O_CREAT | O_WRONLY |
 			     O_APPEND | O_CLOEXEC, 0666));
-	process_unlock();
 	if (fd == -1) {
 		ERROR("failed to open log file \"%s\" : %s", name,
 		      strerror(errno));
@@ -179,9 +176,7 @@ static int log_open(const char *name)
 	if (newfd == -1)
 		ERROR("failed to dup log fd %d : %s", fd, strerror(errno));
 
-	process_lock();
 	close(fd);
-	process_unlock();
 	return newfd;
 }
 
@@ -248,9 +243,7 @@ static int __lxc_log_set_file(const char *fname, int create_dirs)
 {
 	if (lxc_log_fd != -1) {
 		// we are overriding the default.
-		process_lock();
 		close(lxc_log_fd);
-		process_unlock();
 		free(log_fname);
 	}
 
diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index f7f2ff9..fdae5e6 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -27,7 +27,6 @@
 #include <sys/mount.h>
 #include <sys/apparmor.h>
 #include "log.h"
-#include "lxclock.h"
 #include "lsm/lsm.h"
 
 lxc_log_define(lxc_apparmor, lxc);
@@ -50,15 +49,11 @@ static int apparmor_enabled(void)
 	ret = stat(AA_MOUNT_RESTR, &statbuf);
 	if (ret != 0)
 		return 0;
-	process_lock();
 	fin = fopen(AA_ENABLED_FILE, "r");
-	process_unlock();
 	if (!fin)
 		return 0;
 	ret = fscanf(fin, "%c", &e);
-	process_lock();
 	fclose(fin);
-	process_unlock();
 	if (ret == 1 && e == 'Y')
 		return 1;
 	return 0;
@@ -78,9 +73,7 @@ static char *apparmor_process_label_get(pid_t pid)
 		return NULL;
 	}
 again:
-	process_lock();
 	f = fopen(path, "r");
-	process_unlock();
 	if (!f) {
 		SYSERROR("opening %s\n", path);
 		if (buf)
@@ -92,17 +85,13 @@ again:
 	if (!newbuf) {
 		free(buf);
 		ERROR("out of memory");
-		process_lock();
 		fclose(f);
-		process_unlock();
 		return NULL;
 	}
 	buf = newbuf;
 	memset(buf, 0, sz);
 	ret = fread(buf, 1, sz - 1, f);
-	process_lock();
 	fclose(f);
-	process_unlock();
 	if (ret < 0) {
 		ERROR("reading %s\n", path);
 		free(buf);
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 203f4a8..e1d004f 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -112,9 +112,7 @@ int ongoing_create(struct lxc_container *c)
 
 	if (!file_exists(path))
 		return 0;
-	process_lock();
 	fd = open(path, O_RDWR);
-	process_unlock();
 	if (fd < 0) {
 		// give benefit of the doubt
 		SYSERROR("Error opening partial file");
@@ -127,15 +125,11 @@ int ongoing_create(struct lxc_container *c)
 	lk.l_pid = -1;
 	if (fcntl(fd, F_GETLK, &lk) == 0 && lk.l_pid != -1) {
 		// create is still ongoing
-		process_lock();
 		close(fd);
-		process_unlock();
 		return 1;
 	}
 	// create completed but partial is still there.
-	process_lock();
 	close(fd);
-	process_unlock();
 	return 2;
 }
 
@@ -152,10 +146,8 @@ int create_partial(struct lxc_container *c)
 		ERROR("Error writing partial pathname");
 		return -1;
 	}
-	process_lock();
 	if ((fd=open(path, O_RDWR | O_CREAT | O_EXCL, 0755)) < 0) {
 		SYSERROR("Erorr creating partial file");
-		process_unlock();
 		return -1;
 	}
 	lk.l_type = F_WRLCK;
@@ -165,10 +157,8 @@ int create_partial(struct lxc_container *c)
 	if (fcntl(fd, F_SETLKW, &lk) < 0) {
 		SYSERROR("Error locking partial file %s", path);
 		close(fd);
-		process_unlock();
 		return -1;
 	}
-	process_unlock();
 
 	return fd;
 }
@@ -180,9 +170,7 @@ void remove_partial(struct lxc_container *c, int fd)
 	char *path = alloca(len);
 	int ret;
 
-	process_lock();
 	close(fd);
-	process_unlock();
 	ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name);
 	if (ret < 0 || ret >= len) {
 		ERROR("Error writing partial pathname");
@@ -518,9 +506,7 @@ static bool am_single_threaded(void)
 	DIR *dir;
 	int count=0;
 
-	process_lock();
 	dir = opendir("/proc/self/task");
-	process_unlock();
 	if (!dir) {
 		INFO("failed to open /proc/self/task");
 		return false;
@@ -538,9 +524,7 @@ static bool am_single_threaded(void)
 		if (++count > 1)
 			break;
 	}
-	process_lock();
 	closedir(dir);
-	process_unlock();
 	return count == 1;
 }
 
@@ -1063,9 +1047,7 @@ bool prepend_lxc_header(char *path, const char *t, char *const argv[])
 	char *tpath;
 #endif
 
-	process_lock();
 	f = fopen(path, "r");
-	process_unlock();
 	if (f == NULL)
 		return false;
 
@@ -1081,9 +1063,7 @@ bool prepend_lxc_header(char *path, const char *t, char *const argv[])
 		goto out_free_contents;
 
 	contents[flen] = '\0';
-	process_lock();
 	ret = fclose(f);
-	process_unlock();
 	f = NULL;
 	if (ret < 0)
 		goto out_free_contents;
@@ -1104,9 +1084,7 @@ bool prepend_lxc_header(char *path, const char *t, char *const argv[])
 	free(tpath);
 #endif
 
-	process_lock();
 	f = fopen(path, "w");
-	process_unlock();
 	if (f == NULL) {
 		SYSERROR("reopening config for writing");
 		free(contents);
@@ -1131,9 +1109,7 @@ bool prepend_lxc_header(char *path, const char *t, char *const argv[])
 	if (fwrite(contents, 1, flen, f) != flen) {
 		SYSERROR("Writing original contents");
 		free(contents);
-		process_lock();
 		fclose(f);
-		process_unlock();
 		return false;
 	}
 	ret = 0;
@@ -1142,9 +1118,7 @@ out_free_contents:
 out_error:
 	if (f) {
 		int newret;
-		process_lock();
 		newret = fclose(f);
-		process_unlock();
 		if (ret == 0)
 			ret = newret;
 	}
@@ -1400,12 +1374,10 @@ static inline void exit_from_ns(struct lxc_container *c, int *old_netns, int *ne
 	/* Switch back to original netns */
 	if (*old_netns >= 0 && setns(*old_netns, CLONE_NEWNET))
 		SYSERROR("failed to setns");
-	process_lock();
 	if (*new_netns >= 0)
 		close(*new_netns);
 	if (*old_netns >= 0)
 		close(*old_netns);
-	process_unlock();
 }
 
 static inline bool enter_to_ns(struct lxc_container *c, int *old_netns, int *new_netns) {
@@ -1416,9 +1388,7 @@ static inline bool enter_to_ns(struct lxc_container *c, int *old_netns, int *new
 		goto out;
 
 	/* Save reference to old netns */
-	process_lock();
 	*old_netns = open("/proc/self/ns/net", O_RDONLY);
-	process_unlock();
 	if (*old_netns < 0) {
 		SYSERROR("failed to open /proc/self/ns/net");
 		goto out;
@@ -1429,9 +1399,7 @@ static inline bool enter_to_ns(struct lxc_container *c, int *old_netns, int *new
 	if (ret < 0 || ret >= MAXPATHLEN)
 		goto out;
 
-	process_lock();
 	*new_netns = open(new_netns_path, O_RDONLY);
-	process_unlock();
 	if (*new_netns < 0) {
 		SYSERROR("failed to open %s", new_netns_path);
 		goto out;
@@ -1712,15 +1680,11 @@ static bool lxcapi_save_config(struct lxc_container *c, const char *alt_file)
 	if (lret)
 		return false;
 
-	process_lock();
 	fout = fopen(alt_file, "w");
-	process_unlock();
 	if (!fout)
 		goto out;
 	write_config(fout, c->lxc_conf);
-	process_lock();
 	fclose(fout);
-	process_unlock();
 	ret = true;
 
 out:
@@ -1744,35 +1708,25 @@ static bool mod_rdep(struct lxc_container *c, bool inc)
 			c->name);
 	if (ret < 0 || ret > MAXPATHLEN)
 		goto out;
-	process_lock();
 	f = fopen(path, "r");
-	process_unlock();
 	if (f) {
 		ret = fscanf(f, "%d", &v);
-		process_lock();
 		fclose(f);
-		process_unlock();
 		if (ret != 1) {
 			ERROR("Corrupted file %s", path);
 			goto out;
 		}
 	}
 	v += inc ? 1 : -1;
-	process_lock();
 	f = fopen(path, "w");
-	process_unlock();
 	if (!f)
 		goto out;
 	if (fprintf(f, "%d\n", v) < 0) {
 		ERROR("Error writing new snapshots value");
-		process_lock();
 		fclose(f);
-		process_unlock();
 		goto out;
 	}
-	process_lock();
 	ret = fclose(f);
-	process_unlock();
 	if (ret != 0) {
 		SYSERROR("Error writing to or closing snapshots file");
 		goto out;
@@ -1808,9 +1762,7 @@ static void mod_all_rdeps(struct lxc_container *c, bool inc)
 		ERROR("Path name too long");
 		return;
 	}
-	process_lock();
 	f = fopen(path, "r");
-	process_unlock();
 	if (f == NULL)
 		return;
 	while (getline(&lxcpath, &pathlen, f) != -1) {
@@ -1833,9 +1785,7 @@ static void mod_all_rdeps(struct lxc_container *c, bool inc)
 out:
 	if (lxcpath) free(lxcpath);
 	if (lxcname) free(lxcname);
-	process_lock();
 	fclose(f);
-	process_unlock();
 }
 
 static bool has_snapshots(struct lxc_container *c)
@@ -1849,15 +1799,11 @@ static bool has_snapshots(struct lxc_container *c)
 			c->name);
 	if (ret < 0 || ret > MAXPATHLEN)
 		goto out;
-	process_lock();
 	f = fopen(path, "r");
-	process_unlock();
 	if (!f)
 		goto out;
 	ret = fscanf(f, "%d", &v);
-	process_lock();
 	fclose(f);
-	process_unlock();
 	if (ret != 1)
 		goto out;
 	bret = v != 0;
@@ -2128,21 +2074,15 @@ static int copy_file(const char *old, const char *new)
 		return -1;
 	}
 
-	process_lock();
 	in = open(old, O_RDONLY);
-	process_unlock();
 	if (in < 0) {
 		SYSERROR("Error opening original file %s", old);
 		return -1;
 	}
-	process_lock();
 	out = open(new, O_CREAT | O_EXCL | O_WRONLY, 0644);
-	process_unlock();
 	if (out < 0) {
 		SYSERROR("Error opening new file %s", new);
-		process_lock();
 		close(in);
-		process_unlock();
 		return -1;
 	}
 
@@ -2160,10 +2100,8 @@ static int copy_file(const char *old, const char *new)
 			goto err;
 		}
 	}
-	process_lock();
 	close(in);
 	close(out);
-	process_unlock();
 
 	// we set mode, but not owner/group
 	ret = chmod(new, sbuf.st_mode);
@@ -2175,10 +2113,8 @@ static int copy_file(const char *old, const char *new)
 	return 0;
 
 err:
-	process_lock();
 	close(in);
 	close(out);
-	process_unlock();
 	return -1;
 }
 
@@ -2229,17 +2165,13 @@ static int copyhooks(struct lxc_container *oldc, struct lxc_container *c)
 static void new_hwaddr(char *hwaddr)
 {
 	FILE *f;
-	process_lock();
 	f = fopen("/dev/urandom", "r");
-	process_unlock();
 	if (f) {
 		unsigned int seed;
 		int ret = fread(&seed, sizeof(seed), 1, f);
 		if (ret != 1)
 			seed = time(NULL);
-		process_lock();
 		fclose(f);
-		process_unlock();
 		srand(seed);
 	} else
 		srand(time(NULL));
@@ -2329,19 +2261,15 @@ static bool add_rdepends(struct lxc_container *c, struct lxc_container *c0)
 		c->name);
 	if (ret < 0 || ret >= MAXPATHLEN)
 		return false;
-	process_lock();
 	f = fopen(path, "a");
-	process_unlock();
 	if (!f)
 		return false;
 	bret = true;
 	// if anything goes wrong, just return an error
 	if (fprintf(f, "%s\n%s\n", c0->config_path, c0->name) < 0)
 		bret = false;
-	process_lock();
 	if (fclose(f) != 0)
 		bret = false;
-	process_unlock();
 	return bret;
 }
 
@@ -2526,17 +2454,13 @@ struct lxc_container *lxcapi_clone(struct lxc_container *c, const char *newname,
 	}
 
 	// copy the configuration, tweak it as needed,
-	process_lock();
 	fout = fopen(newpath, "w");
-	process_unlock();
 	if (!fout) {
 		SYSERROR("open %s", newpath);
 		goto out;
 	}
 	write_config(fout, c->lxc_conf);
-	process_lock();
 	fclose(fout);
-	process_unlock();
 
 	sprintf(newpath, "%s/%s/rootfs", l, n);
 	if (mkdir(newpath, 0755) < 0) {
@@ -2720,9 +2644,7 @@ static int lxcapi_snapshot(struct lxc_container *c, const char *commentfile)
 
 	char *dfnam = alloca(strlen(snappath) + strlen(newname) + 5);
 	sprintf(dfnam, "%s/%s/ts", snappath, newname);
-	process_lock();
 	f = fopen(dfnam, "w");
-	process_unlock();
 	if (!f) {
 		ERROR("Failed to open %s\n", dfnam);
 		return -1;
@@ -2732,9 +2654,7 @@ static int lxcapi_snapshot(struct lxc_container *c, const char *commentfile)
 		fclose(f);
 		return -1;
 	}
-	process_lock();
 	ret = fclose(f);
-	process_unlock();
 	if (ret != 0) {
 		SYSERROR("Writing timestamp");
 		return -1;
@@ -2788,9 +2708,7 @@ static char *get_timestamp(char* snappath, char *name)
 	ret = snprintf(path, MAXPATHLEN, "%s/%s/ts", snappath, name);
 	if (ret < 0 || ret >= MAXPATHLEN)
 		return NULL;
-	process_lock();
 	fin = fopen(path, "r");
-	process_unlock();
 	if (!fin)
 		return NULL;
 	(void) fseek(fin, 0, SEEK_END);
@@ -2807,9 +2725,7 @@ static char *get_timestamp(char* snappath, char *name)
 			}
 		}
 	}
-	process_lock();
 	fclose(fin);
-	process_unlock();
 	return s;
 }
 
@@ -2829,9 +2745,7 @@ static int lxcapi_snapshot_list(struct lxc_container *c, struct lxc_snapshot **r
 		ERROR("path name too long");
 		return -1;
 	}
-	process_lock();
 	dir = opendir(snappath);
-	process_unlock();
 	if (!dir) {
 		INFO("failed to open %s - assuming no snapshots", snappath);
 		return 0;
@@ -2874,10 +2788,8 @@ static int lxcapi_snapshot_list(struct lxc_container *c, struct lxc_snapshot **r
 		count++;
 	}
 
-	process_lock();
 	if (closedir(dir))
 		WARN("failed to close directory");
-	process_unlock();
 
 	*ret_snaps = snaps;
 	return count;
@@ -2889,10 +2801,8 @@ out_free:
 			lxcsnap_free(&snaps[i]);
 		free(snaps);
 	}
-	process_lock();
 	if (closedir(dir))
 		WARN("failed to close directory");
-	process_unlock();
 	return -1;
 }
 
@@ -3242,10 +3152,7 @@ int list_defined_containers(const char *lxcpath, char ***names, struct lxc_conta
 	if (!lxcpath)
 		lxcpath = default_lxc_path();
 
-	process_lock();
 	dir = opendir(lxcpath);
-	process_unlock();
-
 	if (!dir) {
 		SYSERROR("opendir on lxcpath");
 		return -1;
@@ -3304,9 +3211,7 @@ int list_defined_containers(const char *lxcpath, char ***names, struct lxc_conta
 		nfound++;
 	}
 
-	process_lock();
 	closedir(dir);
-	process_unlock();
 	return nfound;
 
 free_bad:
@@ -3320,9 +3225,7 @@ free_bad:
 			lxc_container_put((*cret)[i]);
 		free(*cret);
 	}
-	process_lock();
 	closedir(dir);
-	process_unlock();
 	return -1;
 }
 
@@ -3345,9 +3248,7 @@ int list_active_containers(const char *lxcpath, char ***nret,
 	if (nret)
 		*nret = NULL;
 
-	process_lock();
 	FILE *f = fopen("/proc/net/unix", "r");
-	process_unlock();
 	if (!f)
 		return -1;
 
@@ -3429,9 +3330,7 @@ out:
 	if (line)
 		free(line);
 
-	process_lock();
 	fclose(f);
-	process_unlock();
 	return ret;
 }
 
diff --git a/src/lxc/lxclock.c b/src/lxc/lxclock.c
index 64823d2..28691b0 100644
--- a/src/lxc/lxclock.c
+++ b/src/lxc/lxclock.c
@@ -119,9 +119,7 @@ static char *lxclock_name(const char *p, const char *n)
 		free(dest);
 		return NULL;
 	}
-	process_lock();
 	ret = mkdir_p(dest, 0755);
-	process_unlock();
 	if (ret < 0) {
 		free(dest);
 		return NULL;
@@ -217,12 +215,10 @@ int lxclock(struct lxc_lock *l, int timeout)
 			ret = -2;
 			goto out;
 		}
-		process_lock();
 		if (l->u.f.fd == -1) {
 			l->u.f.fd = open(l->u.f.fname, O_RDWR|O_CREAT,
 					S_IWUSR | S_IRUSR);
 			if (l->u.f.fd == -1) {
-				process_unlock();
 				ERROR("Error opening %s", l->u.f.fname);
 				goto out;
 			}
@@ -232,7 +228,6 @@ int lxclock(struct lxc_lock *l, int timeout)
 		lk.l_start = 0;
 		lk.l_len = 0;
 		ret = fcntl(l->u.f.fd, F_SETLKW, &lk);
-		process_unlock();
 		if (ret == -1)
 			saved_errno = errno;
 		break;
@@ -258,7 +253,6 @@ int lxcunlock(struct lxc_lock *l)
 		}
 		break;
 	case LXC_LOCK_FLOCK:
-		process_lock();
 		if (l->u.f.fd != -1) {
 			lk.l_type = F_UNLCK;
 			lk.l_whence = SEEK_SET;
@@ -271,7 +265,6 @@ int lxcunlock(struct lxc_lock *l)
 			l->u.f.fd = -1;
 		} else
 			ret = -2;
-		process_unlock();
 		break;
 	}
 
@@ -299,12 +292,10 @@ void lxc_putlock(struct lxc_lock *l)
 		}
 		break;
 	case LXC_LOCK_FLOCK:
-		process_lock();
 		if (l->u.f.fd != -1) {
 			close(l->u.f.fd);
 			l->u.f.fd = -1;
 		}
-		process_unlock();
 		if (l->u.f.fname) {
 			free(l->u.f.fname);
 			l->u.f.fname = NULL;
diff --git a/src/lxc/lxcutmp.c b/src/lxc/lxcutmp.c
index d4a180c..6c9e6f2 100644
--- a/src/lxc/lxcutmp.c
+++ b/src/lxc/lxcutmp.c
@@ -62,7 +62,6 @@ static int timerfd_settime (int __ufd, int __flags,
 #include "mainloop.h"
 #include "lxc.h"
 #include "log.h"
-#include "lxclock.h"
 
 #ifndef __USE_GNU
 #define __USE_GNU
@@ -344,9 +343,7 @@ run_ok:
 
 	memset(utmp_data, 0, sizeof(struct lxc_utmp));
 
-	process_lock();
 	fd = inotify_init();
-	process_unlock();
 	if (fd < 0) {
 		SYSERROR("failed to inotify_init");
 		goto out;
@@ -380,9 +377,7 @@ run_ok:
 
 	return 0;
 out_close:
-	process_lock();
 	close(fd);
-	process_unlock();
 out:
 	free(utmp_data);
 	return -1;
@@ -432,9 +427,7 @@ int lxc_utmp_add_timer(struct lxc_epoll_descr *descr,
 	struct itimerspec timeout;
 	struct lxc_utmp *utmp_data = (struct lxc_utmp *)data;
 
-	process_lock();
 	fd = timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK | TFD_CLOEXEC);
-	process_unlock();
 	if (fd < 0) {
 		SYSERROR("failed to create timer");
 		return -1;
@@ -458,9 +451,7 @@ int lxc_utmp_add_timer(struct lxc_epoll_descr *descr,
 
 	if (lxc_mainloop_add_handler(descr, fd, callback, utmp_data)) {
 		SYSERROR("failed to add utmp timer to mainloop");
-		process_lock();
 		close(fd);
-		process_unlock();
 		return -1;
 	}
 
@@ -481,9 +472,7 @@ int lxc_utmp_del_timer(struct lxc_epoll_descr *descr,
 		SYSERROR("failed to del utmp timer from mainloop");
 
 	/* shutdown timer_fd */
-	process_lock();
 	close(utmp_data->timer_fd);
-	process_unlock();
 	utmp_data->timer_fd = -1;
 
 	if (result < 0)
diff --git a/src/lxc/mainloop.c b/src/lxc/mainloop.c
index ec0c252..85b3ab9 100644
--- a/src/lxc/mainloop.c
+++ b/src/lxc/mainloop.c
@@ -29,7 +29,6 @@
 #include <sys/epoll.h>
 
 #include "mainloop.h"
-#include "lxclock.h"
 
 struct mainloop_handler {
 	lxc_mainloop_callback_t callback;
@@ -133,16 +132,12 @@ int lxc_mainloop_del_handler(struct lxc_epoll_descr *descr, int fd)
 int lxc_mainloop_open(struct lxc_epoll_descr *descr)
 {
 	/* hint value passed to epoll create */
-	process_lock();
 	descr->epfd = epoll_create(2);
-	process_unlock();
 	if (descr->epfd < 0)
 		return -1;
 
 	if (fcntl(descr->epfd, F_SETFD, FD_CLOEXEC)) {
-		process_lock();
 		close(descr->epfd);
-		process_unlock();
 		return -1;
 	}
 
@@ -153,7 +148,6 @@ int lxc_mainloop_open(struct lxc_epoll_descr *descr)
 int lxc_mainloop_close(struct lxc_epoll_descr *descr)
 {
 	struct lxc_list *iterator, *next;
-	int ret;
 
 	iterator = descr->handlers.next;
 	while (iterator != &descr->handlers) {
@@ -165,9 +159,6 @@ int lxc_mainloop_close(struct lxc_epoll_descr *descr)
 		iterator = next;
 	}
 
-	process_lock();
-	ret = close(descr->epfd);
-	process_unlock();
-	return ret;
+	return close(descr->epfd);
 }
 
diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
index 1eae8e6..7e0a713 100644
--- a/src/lxc/monitor.c
+++ b/src/lxc/monitor.c
@@ -64,9 +64,7 @@ int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path, size_t fifo_path
 			ERROR("rundir/lxcpath (%s/%s) too long for monitor fifo", rundir, lxcpath);
 			return -1;
 		}
-		process_lock();
 		ret = mkdir_p(fifo_path, 0755);
-		process_unlock();
 		if (ret < 0) {
 			ERROR("unable to create monitor fifo dir %s", fifo_path);
 			return ret;
@@ -91,9 +89,7 @@ static void lxc_monitor_fifo_send(struct lxc_msg *msg, const char *lxcpath)
 	if (ret < 0)
 		return;
 
-	process_lock();
 	fd = open(fifo_path, O_WRONLY);
-	process_unlock();
 	if (fd < 0) {
 		/* it is normal for this open to fail when there is no monitor
 		 * running, so we don't log it
@@ -103,16 +99,12 @@ static void lxc_monitor_fifo_send(struct lxc_msg *msg, const char *lxcpath)
 
 	ret = write(fd, msg, sizeof(*msg));
 	if (ret != sizeof(*msg)) {
-		process_lock();
 		close(fd);
-		process_unlock();
 		SYSERROR("failed to write monitor fifo %s", fifo_path);
 		return;
 	}
 
-	process_lock();
 	close(fd);
-	process_unlock();
 }
 
 void lxc_monitor_send_state(const char *name, lxc_state_t state, const char *lxcpath)
@@ -129,12 +121,7 @@ void lxc_monitor_send_state(const char *name, lxc_state_t state, const char *lxc
 /* routines used by monitor subscribers (lxc-monitor) */
 int lxc_monitor_close(int fd)
 {
-	int ret;
-
-	process_lock();
-	ret = close(fd);
-	process_unlock();
-	return ret;
+	return close(fd);
 }
 
 /* Note we don't use SHA-1 here as we don't want to depend on HAVE_GNUTLS.
@@ -200,9 +187,7 @@ int lxc_monitor_open(const char *lxcpath)
 	if (lxc_monitor_sock_name(lxcpath, &addr) < 0)
 		return -1;
 
-	process_lock();
 	fd = socket(PF_UNIX, SOCK_STREAM, 0);
-	process_unlock();
 	if (fd < 0) {
 		ERROR("socket : %s", strerror(errno));
 		return -1;
@@ -229,9 +214,7 @@ int lxc_monitor_open(const char *lxcpath)
 	}
 	return fd;
 err1:
-	process_lock();
 	close(fd);
-	process_unlock();
 	return ret;
 }
 
diff --git a/src/lxc/network.c b/src/lxc/network.c
index e5dc34d..361bb99 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -30,6 +30,7 @@
 #include <string.h>
 #include <stdio.h>
 #include <ctype.h>
+#include <time.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
@@ -48,7 +49,6 @@
 #include "nl.h"
 #include "network.h"
 #include "conf.h"
-#include "lxclock.h"
 
 #if HAVE_IFADDRS_H
 #include <ifaddrs.h>
@@ -588,18 +588,14 @@ static int proc_sys_net_write(const char *path, const char *value)
 {
 	int fd, err = 0;
 
-	process_lock();
 	fd = open(path, O_WRONLY);
-	process_unlock();
 	if (fd < 0)
 		return -errno;
 
 	if (write(fd, value, strlen(value)) < 0)
 		err = -errno;
 
-	process_lock();
 	close(fd);
-	process_unlock();
 	return err;
 }
 
@@ -1081,9 +1077,7 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
 	if (!index)
 		return -EINVAL;
 
-	process_lock();
 	fd = socket(AF_INET, SOCK_STREAM, 0);
-	process_unlock();
 	if (fd < 0)
 		return -errno;
 
@@ -1091,9 +1085,7 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
 	ifr.ifr_name[IFNAMSIZ-1] = '\0';
 	ifr.ifr_ifindex = index;
 	err = ioctl(fd, SIOCBRADDIF, &ifr);
-	process_lock();
 	close(fd);
-	process_unlock();
 	if (err)
 		err = -errno;
 
@@ -1131,15 +1123,11 @@ char *lxc_mkifname(char *template)
 	getifaddrs(&ifaddr);
 
 	/* Initialize the random number generator */
-	process_lock();
 	urandom = fopen ("/dev/urandom", "r");
-	process_unlock();
 	if (urandom != NULL) {
 		if (fread (&seed, sizeof(seed), 1, urandom) <= 0)
 			seed = time(0);
-		process_lock();
 		fclose(urandom);
-		process_unlock();
 	}
 	else
 		seed = time(0);
@@ -1189,26 +1177,20 @@ int setup_private_host_hw_addr(char *veth1)
 	int err;
 	int sockfd;
 
-	process_lock();
 	sockfd = socket(AF_INET, SOCK_DGRAM, 0);
-	process_unlock();
 	if (sockfd < 0)
 		return -errno;
 
 	snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
 	err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
 	if (err < 0) {
-		process_lock();
 		close(sockfd);
-		process_unlock();
 		return -errno;
 	}
 
 	ifr.ifr_hwaddr.sa_data[0] = 0xfe;
 	err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
-	process_lock();
 	close(sockfd);
-	process_unlock();
 	if (err < 0)
 		return -errno;
 
diff --git a/src/lxc/nl.c b/src/lxc/nl.c
index 6153161..7c0f1e5 100644
--- a/src/lxc/nl.c
+++ b/src/lxc/nl.c
@@ -31,7 +31,6 @@
 #include <linux/rtnetlink.h>
 
 #include "nl.h"
-#include "lxclock.h"
 
 #define NLMSG_TAIL(nmsg) \
         ((struct rtattr *) (((void *) (nmsg)) + NLMSG_ALIGN((nmsg)->nlmsg_len)))
@@ -223,9 +222,7 @@ extern int netlink_open(struct nl_handler *handler, int protocol)
 
         memset(handler, 0, sizeof(*handler));
 
-	process_lock();
         handler->fd = socket(AF_NETLINK, SOCK_RAW, protocol);
-	process_unlock();
         if (handler->fd < 0)
                 return -errno;
 
@@ -263,9 +260,7 @@ extern int netlink_open(struct nl_handler *handler, int protocol)
 
 extern int netlink_close(struct nl_handler *handler)
 {
-	process_lock();
 	close(handler->fd);
-	process_unlock();
 	handler->fd = -1;
 	return 0;
 }
diff --git a/src/lxc/parse.c b/src/lxc/parse.c
index dcf5cf0..c2cd621 100644
--- a/src/lxc/parse.c
+++ b/src/lxc/parse.c
@@ -31,7 +31,6 @@
 #include "parse.h"
 #include "config.h"
 #include "utils.h"
-#include "lxclock.h"
 #include <lxc/log.h>
 
 /* Workaround for the broken signature of alphasort() in bionic.
@@ -91,9 +90,7 @@ int lxc_file_for_each_line(const char *file, lxc_file_cb callback, void *data)
 	char *line = NULL;
 	size_t len = 0;
 
-	process_lock();
 	f = fopen(file, "r");
-	process_unlock();
 	if (!f) {
 		SYSERROR("failed to open %s", file);
 		return -1;
@@ -112,9 +109,7 @@ int lxc_file_for_each_line(const char *file, lxc_file_cb callback, void *data)
 
 	if (line)
 		free(line);
-	process_lock();
 	fclose(f);
-	process_unlock();
 	return err;
 }
 
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 9246f2d..1abd697 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -29,7 +29,6 @@
 #include <seccomp.h>
 #include "config.h"
 #include "lxcseccomp.h"
-#include "lxclock.h"
 
 #include "log.h"
 
@@ -115,17 +114,13 @@ int lxc_read_seccomp_config(struct lxc_conf *conf)
 		return -1;
 	}
 
-	process_lock();
 	f = fopen(conf->seccomp, "r");
-	process_unlock();
 	if (!f) {
 		SYSERROR("failed to open seccomp policy file %s\n", conf->seccomp);
 		return -1;
 	}
 	ret = parse_config(f, conf);
-	process_lock();
 	fclose(f);
-	process_unlock();
 	return ret;
 }
 
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 251bd26..7395aea 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -70,7 +70,6 @@
 #include "namespace.h"
 #include "lxcseccomp.h"
 #include "caps.h"
-#include "lxclock.h"
 #include "lsm/lsm.h"
 
 lxc_log_define(lxc_start, lxc);
@@ -87,14 +86,12 @@ const struct ns_info ns_info[LXC_NS_MAX] = {
 static void close_ns(int ns_fd[LXC_NS_MAX]) {
 	int i;
 
-	process_lock();
 	for (i = 0; i < LXC_NS_MAX; i++) {
 		if (ns_fd[i] > -1) {
 			close(ns_fd[i]);
 			ns_fd[i] = -1;
 		}
 	}
-	process_unlock();
 }
 
 static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags) {
@@ -113,9 +110,7 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags) {
 		if ((clone_flags & ns_info[i].clone_flag) == 0)
 			continue;
 		snprintf(path, MAXPATHLEN, "/proc/self/ns/%s", ns_info[i].proc_name);
-		process_lock();
 		ns_fd[i] = open(path, O_RDONLY | O_CLOEXEC);
-		process_unlock();
 		if (ns_fd[i] < 0)
 			goto error;
 	}
@@ -159,9 +154,7 @@ int lxc_check_inherited(struct lxc_conf *conf, int fd_to_ignore)
 	DIR *dir;
 
 restart:
-	process_lock();
 	dir = opendir("/proc/self/fd");
-	process_unlock();
 	if (!dir) {
 		WARN("failed to open directory: %m");
 		return -1;
@@ -188,19 +181,15 @@ restart:
 			continue;
 
 		if (conf->close_all_fds) {
-			process_lock();
 			close(fd);
 			closedir(dir);
-			process_unlock();
 			INFO("closed inherited fd %d", fd);
 			goto restart;
 		}
 		WARN("inherited fd %d", fd);
 	}
 
-	process_lock();
 	closedir(dir); /* cannot fail */
-	process_unlock();
 	return 0;
 }
 
@@ -337,9 +326,7 @@ int lxc_poll(const char *name, struct lxc_handler *handler)
 out_mainloop_open:
 	lxc_mainloop_close(&descr);
 out_sigfd:
-	process_lock();
 	close(sigfd);
-	process_unlock();
 	return -1;
 }
 
@@ -440,9 +427,7 @@ out_delete_tty:
 out_aborting:
 	lxc_set_state(name, handler, ABORTING);
 out_close_maincmd_fd:
-	process_lock();
 	close(conf->maincmd_fd);
-	process_unlock();
 	conf->maincmd_fd = -1;
 out_free_name:
 	free(handler->name);
@@ -469,9 +454,7 @@ static void lxc_fini(const char *name, struct lxc_handler *handler)
 
 	lxc_console_delete(&handler->conf->console);
 	lxc_delete_tty(&handler->conf->tty_info);
-	process_lock();
 	close(handler->conf->maincmd_fd);
-	process_unlock();
 	handler->conf->maincmd_fd = -1;
 	free(handler->name);
 	if (handler->cgroup) {
@@ -519,18 +502,14 @@ static int must_drop_cap_sys_boot(struct lxc_conf *conf)
         int status;
         pid_t pid;
 
-	process_lock();
 	f = fopen("/proc/sys/kernel/ctrl-alt-del", "r");
-	process_unlock();
 	if (!f) {
 		DEBUG("failed to open /proc/sys/kernel/ctrl-alt-del");
 		return 1;
 	}
 
 	ret = fscanf(f, "%d", &v);
-	process_lock();
 	fclose(f);
-	process_unlock();
 	if (ret != 1) {
 		DEBUG("Failed to read /proc/sys/kernel/ctrl-alt-del");
 		return 1;
@@ -587,9 +566,7 @@ static int do_start(void *data)
 
 	/* don't leak the pinfd to the container */
 	if (handler->pinfd >= 0) {
-		process_lock();
 		close(handler->pinfd);
-		process_unlock();
 	}
 
 	/* Tell the parent task it can begin to configure the
@@ -666,9 +643,7 @@ static int do_start(void *data)
 		goto out_warn_father;
 	}
 
-	process_lock();
 	close(handler->sigfd);
-	process_unlock();
 
 	/* after this call, we are in error because this
 	 * ops should not return as it execs */
@@ -913,9 +888,7 @@ out_abort:
 	lxc_abort(name, handler);
 	lxc_sync_fini(handler);
 	if (handler->pinfd >= 0) {
-		process_lock();
 		close(handler->pinfd);
-		process_unlock();
 		handler->pinfd = -1;
 	}
 
@@ -987,9 +960,7 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 	lxc_rename_phys_nics_on_shutdown(handler->conf);
 
 	if (handler->pinfd >= 0) {
-		process_lock();
 		close(handler->pinfd);
-		process_unlock();
 		handler->pinfd = -1;
 	}
 
diff --git a/src/lxc/state.c b/src/lxc/state.c
index 92be560..398833a 100644
--- a/src/lxc/state.c
+++ b/src/lxc/state.c
@@ -39,7 +39,6 @@
 #include <lxc/monitor.h>
 #include "commands.h"
 #include "config.h"
-#include "lxclock.h"
 
 lxc_log_define(lxc_state, lxc);
 
@@ -84,18 +83,14 @@ static lxc_state_t freezer_state(const char *name, const char *lxcpath)
 	if (ret < 0 || ret >= MAXPATHLEN)
 		goto out;
 
-	process_lock();
 	file = fopen(freezer, "r");
-	process_unlock();
 	if (!file) {
 		ret = -1;
 		goto out;
 	}
 
 	ret = fscanf(file, "%s", status);
-	process_lock();
 	fclose(file);
-	process_unlock();
 
 	if (ret == EOF) {
 		SYSERROR("failed to read %s", freezer);
diff --git a/src/lxc/sync.c b/src/lxc/sync.c
index a3b4a1a..52e02ae 100644
--- a/src/lxc/sync.c
+++ b/src/lxc/sync.c
@@ -29,7 +29,6 @@
 
 #include "log.h"
 #include "start.h"
-#include "lxclock.h"
 
 lxc_log_define(lxc_sync, lxc);
 
@@ -102,9 +101,7 @@ int lxc_sync_init(struct lxc_handler *handler)
 {
 	int ret;
 
-	process_lock();
 	ret = socketpair(AF_LOCAL, SOCK_STREAM, 0, handler->sv);
-	process_unlock();
 	if (ret) {
 		SYSERROR("failed to create synchronization socketpair");
 		return -1;
@@ -119,9 +116,7 @@ int lxc_sync_init(struct lxc_handler *handler)
 void lxc_sync_fini_child(struct lxc_handler *handler)
 {
 	if (handler->sv[0] != -1) {
-		process_lock();
 		close(handler->sv[0]);
-		process_unlock();
 		handler->sv[0] = -1;
 	}
 }
@@ -129,9 +124,7 @@ void lxc_sync_fini_child(struct lxc_handler *handler)
 void lxc_sync_fini_parent(struct lxc_handler *handler)
 {
 	if (handler->sv[1] != -1) {
-		process_lock();
 		close(handler->sv[1]);
-		process_unlock();
 		handler->sv[1] = -1;
 	}
 }
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index dc30a77..9f618e7 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -61,9 +61,7 @@ static int _recursive_rmdir_onedev(char *dirname, dev_t pdev)
 	int ret, failed=0;
 	char pathname[MAXPATHLEN];
 
-	process_lock();
 	dir = opendir(dirname);
-	process_unlock();
 	if (!dir) {
 		ERROR("%s: failed to open %s", __func__, dirname);
 		return -1;
@@ -110,9 +108,7 @@ static int _recursive_rmdir_onedev(char *dirname, dev_t pdev)
 		failed=1;
 	}
 
-	process_lock();
 	ret = closedir(dir);
-	process_unlock();
 	if (ret) {
 		ERROR("%s: failed to close directory %s", __func__, dirname);
 		failed=1;
@@ -303,10 +299,8 @@ const char *lxc_global_config_value(const char *option_name)
 	}
 	static_unlock();
 
-	process_lock();
 	fin = fopen_cloexec(user_config_path, "r");
 	free(user_config_path);
-	process_unlock();
 	if (fin) {
 		while (fgets(buf, 1024, fin)) {
 			if (buf[0] == '#')
@@ -362,10 +356,8 @@ const char *lxc_global_config_value(const char *option_name)
 	static_unlock();
 
 out:
-	process_lock();
 	if (fin)
 		fclose(fin);
-	process_unlock();
 
 	static_lock();
 	value = values[i];
@@ -482,15 +474,6 @@ ssize_t lxc_read_nointr_expect(int fd, void* buf, size_t count, const void* expe
 	return ret;
 }
 
-static inline int lock_fclose(FILE *f)
-{
-	int ret;
-	process_lock();
-	ret = fclose(f);
-	process_unlock();
-	return ret;
-}
-
 #if HAVE_LIBGNUTLS
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
@@ -510,40 +493,38 @@ int sha1sum_file(char *fnam, unsigned char *digest)
 
 	if (!fnam)
 		return -1;
-	process_lock();
 	f = fopen_cloexec(fnam, "r");
-	process_unlock();
 	if (!f) {
 		SYSERROR("Error opening template");
 		return -1;
 	}
 	if (fseek(f, 0, SEEK_END) < 0) {
 		SYSERROR("Error seeking to end of template");
-		lock_fclose(f);
+		fclose(f);
 		return -1;
 	}
 	if ((flen = ftell(f)) < 0) {
 		SYSERROR("Error telling size of template");
-		lock_fclose(f);
+		fclose(f);
 		return -1;
 	}
 	if (fseek(f, 0, SEEK_SET) < 0) {
 		SYSERROR("Error seeking to start of template");
-		lock_fclose(f);
+		fclose(f);
 		return -1;
 	}
 	if ((buf = malloc(flen+1)) == NULL) {
 		SYSERROR("Out of memory");
-		lock_fclose(f);
+		fclose(f);
 		return -1;
 	}
 	if (fread(buf, 1, flen, f) != flen) {
 		SYSERROR("Failure reading template");
 		free(buf);
-		lock_fclose(f);
+		fclose(f);
 		return -1;
 	}
-	if (lock_fclose(f) < 0) {
+	if (fclose(f) < 0) {
 		SYSERROR("Failre closing template");
 		free(buf);
 		return -1;
@@ -600,10 +581,6 @@ const char** lxc_va_arg_list_to_argv_const(va_list ap, size_t skip)
 	return (const char**)lxc_va_arg_list_to_argv(ap, skip, 0);
 }
 
-/*
- * fopen_cloexec: must be called with process_lock() held
- * if it is needed.
- */
 FILE *fopen_cloexec(const char *path, const char *mode)
 {
 	int open_mode = 0;
@@ -648,7 +625,6 @@ FILE *fopen_cloexec(const char *path, const char *mode)
 	return ret;
 }
 
-/* must be called with process_lock() held */
 extern struct lxc_popen_FILE *lxc_popen(const char *command)
 {
 	struct lxc_popen_FILE *fp = NULL;
@@ -746,7 +722,6 @@ error:
 	return NULL;
 }
 
-/* must be called with process_lock() held */
 extern int lxc_pclose(struct lxc_popen_FILE *fp)
 {
 	FILE *f = NULL;
@@ -1086,9 +1061,7 @@ int lxc_write_to_file(const char *filename, const void* buf, size_t count, bool
 	int fd, saved_errno;
 	ssize_t ret;
 
-	process_lock();
 	fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
-	process_unlock();
 	if (fd < 0)
 		return -1;
 	ret = lxc_write_nointr(fd, buf, count);
@@ -1101,16 +1074,12 @@ int lxc_write_to_file(const char *filename, const void* buf, size_t count, bool
 		if (ret != 1)
 			goto out_error;
 	}
-	process_lock();
 	close(fd);
-	process_unlock();
 	return 0;
 
 out_error:
 	saved_errno = errno;
-	process_lock();
 	close(fd);
-	process_unlock();
 	errno = saved_errno;
 	return -1;
 }
@@ -1120,9 +1089,7 @@ int lxc_read_from_file(const char *filename, void* buf, size_t count)
 	int fd = -1, saved_errno;
 	ssize_t ret;
 
-	process_lock();
 	fd = open(filename, O_RDONLY | O_CLOEXEC);
-	process_unlock();
 	if (fd < 0)
 		return -1;
 
@@ -1142,9 +1109,7 @@ int lxc_read_from_file(const char *filename, void* buf, size_t count)
 		ERROR("read %s: %s", filename, strerror(errno));
 
 	saved_errno = errno;
-	process_lock();
 	close(fd);
-	process_unlock();
 	errno = saved_errno;
 	return ret;
 }
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index 945f1de..2992f90 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -172,7 +172,6 @@ struct lxc_popen_FILE {
  * via sigprocmask(2) (unblocks all signals) after fork(2) but prior to calling exec(3).
  * In short, popen(command, "re") does pipe() + fork()                 + exec()
  * while lxc_popen(command)       does pipe() + fork() + sigprocmask() + exec().
- * Must be called with process_lock() held.
  * Returns pointer to struct lxc_popen_FILE, that should be freed with lxc_pclose().
  * On error returns NULL.
  */
@@ -182,7 +181,6 @@ extern struct lxc_popen_FILE *lxc_popen(const char *command);
  * returned by lxc_popen().
  * Waits for associated process to terminate, returns its exit status and
  * frees resources, pointed to by struct lxc_popen_FILE *.
- * Must be called with process_lock() held.
  */
 extern int lxc_pclose(struct lxc_popen_FILE *fp);
 
-- 
1.8.4.5



More information about the lxc-devel mailing list