[lxc-devel] [PATCH 1/2] Remove process_lock() except where actually needed
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Dec 24 15:05:14 UTC 2013
Quoting Andrey Mazo (mazo at telum.ru):
> Functions like open(), close(), socket(), socketpair(), pipe() and mkdir()
> are generally thin wrappers around kernel-provided system calls.
> It's the kernel not libc, who ensures race-free handling of file
> descriptors.
> Thus locking around these functions is unnecessary even on somewhat buggy libcs.
>
> fopen(), fclose() and other stdio functions may maintain internal lists
> of open file handles and thus can be prone to race-conditions.
> Hopefully, most libcs utilize proper locking or other ways to ensure
> thread-safety of these functions.
> Bionic used to have non-thread-safe stdio [2] but that must be fixed
> since android 4.3 [3, 4].
>
> S.Çağlar Onur showed [1] that openpty() (because of nsswitch) is not thread-safe though.
> So we workaround it by protecting openpty() calls with process_lock()/process_unlock().
>
> Because of the need to guard openpty() with process_lock()/process_unlock(),
> process_unlock() is still used after fork().
And so while I don't like doing so, it sounds like it would be worth
wrapping all calls to fork() within the API with a version that
frees the process (and static, while it exists) lock(s). Because
unlike lxc_fopen(), this would be needed for all libcs and in
perpetuity. (Ideally we'd be able to do it through linker magic
without having to write a wrapper; else we must have a make rule
that kindly warns developers to use lxc_fork() unless a file is
tagged as single-threaded).
That's just a thought for a future patch, not a request for this patch!
> This commit reverts most of 025ed0f3911836b71f498d8368725c77a7e1932a.
>
> [1] https://github.com/lxc/lxc/pull/106#issuecomment-31077269
> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=687367
> [3] https://android.googlesource.com/platform/bionic/+/f582340a6a48588aa50da17e1620e8f91b146941
> [4] https://android.googlesource.com/platform/bionic/+/6b3f49a5374305ce9690c3c5ca2aadc90f54c521
>
> Signed-off-by: Andrey Mazo <mazo at telum.ru>
Thanks very much, Andrey.
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/af_unix.c | 17 ---------
> src/lxc/attach.c | 32 ----------------
> src/lxc/bdev.c | 58 +---------------------------
> src/lxc/caps.c | 5 ---
> src/lxc/cgroup.c | 35 -----------------
> src/lxc/commands.c | 11 ------
> src/lxc/conf.c | 70 ----------------------------------
> src/lxc/console.c | 18 ---------
> src/lxc/freezer.c | 5 ---
> src/lxc/log.c | 7 ----
> src/lxc/lsm/apparmor.c | 11 ------
> src/lxc/lxccontainer.c | 101 -------------------------------------------------
> src/lxc/lxclock.c | 9 -----
> src/lxc/lxcutmp.c | 11 ------
> src/lxc/mainloop.c | 11 +-----
> src/lxc/monitor.c | 19 +---------
> src/lxc/network.c | 20 +---------
> src/lxc/nl.c | 5 ---
> src/lxc/parse.c | 5 ---
> src/lxc/seccomp.c | 5 ---
> src/lxc/start.c | 29 --------------
> src/lxc/state.c | 5 ---
> src/lxc/sync.c | 7 ----
> src/lxc/utils.c | 47 +++--------------------
> src/lxc/utils.h | 2 -
> 25 files changed, 10 insertions(+), 535 deletions(-)
>
> diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
> index 6f0183d..830b941 100644
> --- a/src/lxc/af_unix.c
> +++ b/src/lxc/af_unix.c
> @@ -31,7 +31,6 @@
> #include <sys/un.h>
>
> #include "log.h"
> -#include "lxclock.h"
>
> lxc_log_define(lxc_af_unix, lxc);
>
> @@ -44,9 +43,7 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
> if (flags & O_TRUNC)
> unlink(path);
>
> - process_lock();
> fd = socket(PF_UNIX, type, 0);
> - process_unlock();
> if (fd < 0)
> return -1;
>
> @@ -60,9 +57,7 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
>
> len = strlen(&path[1]) + 1;
> if (len >= sizeof(addr.sun_path) - 1) {
> - process_lock();
> close(fd);
> - process_unlock();
> errno = ENAMETOOLONG;
> return -1;
> }
> @@ -71,18 +66,14 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
>
> if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) {
> int tmp = errno;
> - process_lock();
> close(fd);
> - process_unlock();
> errno = tmp;
> return -1;
> }
>
> if (type == SOCK_STREAM && listen(fd, 100)) {
> int tmp = errno;
> - process_lock();
> close(fd);
> - process_unlock();
> errno = tmp;
> return -1;
> }
> @@ -99,9 +90,7 @@ int lxc_abstract_unix_close(int fd)
> addr.sun_path[0])
> unlink(addr.sun_path);
>
> - process_lock();
> close(fd);
> - process_unlock();
>
> return 0;
> }
> @@ -112,9 +101,7 @@ int lxc_abstract_unix_connect(const char *path)
> size_t len;
> struct sockaddr_un addr;
>
> - process_lock();
> fd = socket(PF_UNIX, SOCK_STREAM, 0);
> - process_unlock();
> if (fd < 0)
> return -1;
>
> @@ -124,9 +111,7 @@ int lxc_abstract_unix_connect(const char *path)
>
> len = strlen(&path[1]) + 1;
> if (len >= sizeof(addr.sun_path) - 1) {
> - process_lock();
> close(fd);
> - process_unlock();
> errno = ENAMETOOLONG;
> return -1;
> }
> @@ -138,9 +123,7 @@ int lxc_abstract_unix_connect(const char *path)
> /* special case to connect to older containers */
> if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
> return fd;
> - process_lock();
> close(fd);
> - process_unlock();
> errno = tmp;
> return -1;
> }
> diff --git a/src/lxc/attach.c b/src/lxc/attach.c
> index aea0c33..6749617 100644
> --- a/src/lxc/attach.c
> +++ b/src/lxc/attach.c
> @@ -79,9 +79,7 @@ struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
> /* read capabilities */
> snprintf(proc_fn, MAXPATHLEN, "/proc/%d/status", pid);
>
> - process_lock();
> proc_file = fopen(proc_fn, "r");
> - process_unlock();
> if (!proc_file) {
> SYSERROR("Could not open %s", proc_fn);
> goto out_error;
> @@ -98,9 +96,7 @@ struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
>
> if (line)
> free(line);
> - process_lock();
> fclose(proc_file);
> - process_unlock();
>
> if (!found) {
> SYSERROR("Could not read capability bounding set from %s", proc_fn);
> @@ -111,18 +107,14 @@ struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
> /* read personality */
> snprintf(proc_fn, MAXPATHLEN, "/proc/%d/personality", pid);
>
> - process_lock();
> proc_file = fopen(proc_fn, "r");
> - process_unlock();
> if (!proc_file) {
> SYSERROR("Could not open %s", proc_fn);
> goto out_error;
> }
>
> ret = fscanf(proc_file, "%lx", &info->personality);
> - process_lock();
> fclose(proc_file);
> - process_unlock();
>
> if (ret == EOF || ret == 0) {
> SYSERROR("Could not read personality from %s", proc_fn);
> @@ -178,19 +170,15 @@ int lxc_attach_to_ns(pid_t pid, int which)
> }
>
> snprintf(path, MAXPATHLEN, "/proc/%d/ns/%s", pid, ns[i]);
> - process_lock();
> fd[i] = open(path, O_RDONLY | O_CLOEXEC);
> - process_unlock();
> if (fd[i] < 0) {
> saved_errno = errno;
>
> /* close all already opened file descriptors before
> * we return an error, so we don't leak them
> */
> - process_lock();
> for (j = 0; j < i; j++)
> close(fd[j]);
> - process_unlock();
>
> errno = saved_errno;
> SYSERROR("failed to open '%s'", path);
> @@ -210,9 +198,7 @@ int lxc_attach_to_ns(pid_t pid, int which)
> return -1;
> }
>
> - process_lock();
> close(fd[i]);
> - process_unlock();
> }
>
> return 0;
> @@ -400,18 +386,14 @@ char *lxc_attach_getpwshell(uid_t uid)
> * getent program, and we need to capture its
> * output, so we use a pipe for that purpose
> */
> - process_lock();
> ret = pipe(pipes);
> - process_unlock();
> if (ret < 0)
> return NULL;
>
> pid = fork();
> if (pid < 0) {
> - process_lock();
> close(pipes[0]);
> close(pipes[1]);
> - process_unlock();
> return NULL;
> }
>
> @@ -423,13 +405,9 @@ char *lxc_attach_getpwshell(uid_t uid)
> int found = 0;
> int status;
>
> - process_lock();
> close(pipes[1]);
> - process_unlock();
>
> - process_lock();
> pipe_f = fdopen(pipes[0], "r");
> - process_unlock();
> while (getline(&line, &line_bufsz, pipe_f) != -1) {
> char *token;
> char *saveptr = NULL;
> @@ -486,9 +464,7 @@ char *lxc_attach_getpwshell(uid_t uid)
> }
>
> free(line);
> - process_lock();
> fclose(pipe_f);
> - process_unlock();
> again:
> if (waitpid(pid, &status, 0) < 0) {
> if (errno == EINTR)
> @@ -683,9 +659,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
> * close socket close socket
> * run program
> */
> - process_lock();
> ret = socketpair(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, ipc_sockets);
> - process_unlock();
> if (ret < 0) {
> SYSERROR("could not set up required IPC mechanism for attaching");
> free(cwd);
> @@ -721,9 +695,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
> /* inital thread, we close the socket that is for the
> * subprocesses
> */
> - process_lock();
> close(ipc_sockets[1]);
> - process_unlock();
> free(cwd);
>
> /* get pid from intermediate process */
> @@ -795,9 +767,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
>
> /* now shut down communication with child, we're done */
> shutdown(ipc_sockets[0], SHUT_RDWR);
> - process_lock();
> close(ipc_sockets[0]);
> - process_unlock();
> lxc_proc_put_context_info(init_ctx);
>
> /* we're done, the child process should now execute whatever
> @@ -813,9 +783,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
> * otherwise the pid we're waiting for may never exit
> */
> shutdown(ipc_sockets[0], SHUT_RDWR);
> - process_lock();
> close(ipc_sockets[0]);
> - process_unlock();
> if (to_cleanup_pid)
> (void) wait_for_pid(to_cleanup_pid);
> lxc_proc_put_context_info(init_ctx);
> diff --git a/src/lxc/bdev.c b/src/lxc/bdev.c
> index f7a6031..b737eff 100644
> --- a/src/lxc/bdev.c
> +++ b/src/lxc/bdev.c
> @@ -96,15 +96,11 @@ static int blk_getsize(struct bdev *bdev, unsigned long *size)
> if (strcmp(bdev->type, "loop") == 0)
> path = bdev->src + 5;
>
> - process_lock();
> fd = open(path, O_RDONLY);
> - process_unlock();
> if (fd < 0)
> return -1;
> ret = ioctl(fd, BLKGETSIZE64, size);
> - process_lock();
> close(fd);
> - process_unlock();
> return ret;
> }
>
> @@ -260,23 +256,17 @@ static int detect_fs(struct bdev *bdev, char *type, int len)
> if (strcmp(bdev->type, "loop") == 0)
> srcdev = bdev->src + 5;
>
> - process_lock();
> ret = pipe(p);
> - process_unlock();
> if (ret < 0)
> return -1;
> if ((pid = fork()) < 0)
> return -1;
> if (pid > 0) {
> int status;
> - process_lock();
> close(p[1]);
> - process_unlock();
> memset(type, 0, len);
> ret = read(p[0], type, len-1);
> - process_lock();
> close(p[0]);
> - process_unlock();
> if (ret < 0) {
> SYSERROR("error reading from pipe");
> wait(&status);
> @@ -504,9 +494,7 @@ static int zfs_list_entry(const char *path, char *output, size_t inlen)
> struct lxc_popen_FILE *f;
> int found=0;
>
> - process_lock();
> f = lxc_popen("zfs list 2> /dev/null");
> - process_unlock();
> if (f == NULL) {
> SYSERROR("popen failed");
> return 0;
> @@ -517,9 +505,7 @@ static int zfs_list_entry(const char *path, char *output, size_t inlen)
> break;
> }
> }
> - process_lock();
> (void) lxc_pclose(f);
> - process_unlock();
>
> return found;
> }
> @@ -778,15 +764,11 @@ static int lvm_detect(const char *path)
> ERROR("lvm uuid pathname too long");
> return 0;
> }
> - process_lock();
> fout = fopen(devp, "r");
> - process_unlock();
> if (!fout)
> return 0;
> ret = fread(buf, 1, 4, fout);
> - process_lock();
> fclose(fout);
> - process_unlock();
> if (ret != 4 || strncmp(buf, "LVM-", 4) != 0)
> return 0;
> return 1;
> @@ -825,9 +807,7 @@ static int lvm_compare_lv_attr(const char *path, int pos, const char expected) {
> if (ret < 0 || ret >= len)
> return -1;
>
> - process_lock();
> f = lxc_popen(cmd);
> - process_unlock();
>
> if (f == NULL) {
> SYSERROR("popen failed");
> @@ -836,9 +816,7 @@ static int lvm_compare_lv_attr(const char *path, int pos, const char expected) {
>
> ret = fgets(output, 12, f->f) == NULL;
>
> - process_lock();
> status = lxc_pclose(f);
> - process_unlock();
>
> if (ret || WEXITSTATUS(status))
> // Assume either vg or lvs do not exist, default
> @@ -1182,17 +1160,13 @@ static bool is_btrfs_fs(const char *path)
> struct btrfs_ioctl_space_args sargs;
>
> // make sure this is a btrfs filesystem
> - process_lock();
> fd = open(path, O_RDONLY);
> - process_unlock();
> if (fd < 0)
> return false;
> sargs.space_slots = 0;
> sargs.total_spaces = 0;
> ret = ioctl(fd, BTRFS_IOC_SPACE_INFO, &sargs);
> - process_lock();
> close(fd);
> - process_unlock();
> if (ret < 0)
> return false;
>
> @@ -1290,9 +1264,7 @@ static int btrfs_subvolume_create(const char *path)
> }
> *p = '\0';
>
> - process_lock();
> fd = open(newfull, O_RDONLY);
> - process_unlock();
> if (fd < 0) {
> ERROR("Error opening %s", newfull);
> free(newfull);
> @@ -1306,9 +1278,7 @@ static int btrfs_subvolume_create(const char *path)
> INFO("btrfs: snapshot create ioctl returned %d", ret);
>
> free(newfull);
> - process_lock();
> close(fd);
> - process_unlock();
> return ret;
> }
>
> @@ -1330,14 +1300,12 @@ static int btrfs_snapshot(const char *orig, const char *new)
> }
> newname = basename(newfull);
> newdir = dirname(newfull);
> - process_lock();
> fd = open(orig, O_RDONLY);
> - fddst = open(newdir, O_RDONLY);
> - process_unlock();
> if (fd < 0) {
> SYSERROR("Error opening original rootfs %s", orig);
> goto out;
> }
> + fddst = open(newdir, O_RDONLY);
> if (fddst < 0) {
> SYSERROR("Error opening new container dir %s", newdir);
> goto out;
> @@ -1351,12 +1319,10 @@ static int btrfs_snapshot(const char *orig, const char *new)
> INFO("btrfs: snapshot create ioctl returned %d", ret);
>
> out:
> - process_lock();
> if (fddst != -1)
> close(fddst);
> if (fd != -1)
> close(fd);
> - process_unlock();
> if (newfull)
> free(newfull);
> return ret;
> @@ -1427,9 +1393,7 @@ static int btrfs_destroy(struct bdev *orig)
> }
> *p = '\0';
>
> - process_lock();
> fd = open(newfull, O_RDONLY);
> - process_unlock();
> if (fd < 0) {
> ERROR("Error opening %s", newfull);
> free(newfull);
> @@ -1443,9 +1407,7 @@ static int btrfs_destroy(struct bdev *orig)
> INFO("btrfs: snapshot create ioctl returned %d", ret);
>
> free(newfull);
> - process_lock();
> close(fd);
> - process_unlock();
> return ret;
> }
>
> @@ -1485,9 +1447,7 @@ static int find_free_loopdev(int *retfd, char *namep)
> DIR *dir;
> int fd = -1;
>
> - process_lock();
> dir = opendir("/dev");
> - process_unlock();
> if (!dir) {
> SYSERROR("Error opening /dev");
> return -1;
> @@ -1498,15 +1458,11 @@ static int find_free_loopdev(int *retfd, char *namep)
> break;
> if (strncmp(direntp->d_name, "loop", 4) != 0)
> continue;
> - process_lock();
> fd = openat(dirfd(dir), direntp->d_name, O_RDWR);
> - process_unlock();
> if (fd < 0)
> continue;
> if (ioctl(fd, LOOP_GET_STATUS64, &lo) == 0 || errno != ENXIO) {
> - process_lock();
> close(fd);
> - process_unlock();
> fd = -1;
> continue;
> }
> @@ -1514,9 +1470,7 @@ static int find_free_loopdev(int *retfd, char *namep)
> snprintf(namep, 100, "/dev/%s", direntp->d_name);
> break;
> }
> - process_lock();
> closedir(dir);
> - process_unlock();
> if (fd == -1) {
> ERROR("No loop device found");
> return -1;
> @@ -1539,9 +1493,7 @@ static int loop_mount(struct bdev *bdev)
> if (find_free_loopdev(&lfd, loname) < 0)
> return -22;
>
> - process_lock();
> ffd = open(bdev->src + 5, O_RDWR);
> - process_unlock();
> if (ffd < 0) {
> SYSERROR("Error opening backing file %s\n", bdev->src);
> goto out;
> @@ -1565,14 +1517,12 @@ static int loop_mount(struct bdev *bdev)
> bdev->lofd = lfd;
>
> out:
> - process_lock();
> if (ffd > -1)
> close(ffd);
> if (ret < 0) {
> close(lfd);
> bdev->lofd = -1;
> }
> - process_unlock();
> return ret;
> }
>
> @@ -1586,9 +1536,7 @@ static int loop_umount(struct bdev *bdev)
> return -22;
> ret = umount(bdev->dest);
> if (bdev->lofd >= 0) {
> - process_lock();
> close(bdev->lofd);
> - process_unlock();
> bdev->lofd = -1;
> }
> return ret;
> @@ -1598,9 +1546,7 @@ static int do_loop_create(const char *path, unsigned long size, const char *fsty
> {
> int fd, ret;
> // create the new loopback file.
> - process_lock();
> fd = creat(path, S_IRUSR|S_IWUSR);
> - process_unlock();
> if (fd < 0)
> return -1;
> if (lseek(fd, size, SEEK_SET) < 0) {
> @@ -1613,9 +1559,7 @@ static int do_loop_create(const char *path, unsigned long size, const char *fsty
> close(fd);
> return -1;
> }
> - process_lock();
> ret = close(fd);
> - process_unlock();
> if (ret < 0) {
> SYSERROR("Error closing new loop file");
> return -1;
> diff --git a/src/lxc/caps.c b/src/lxc/caps.c
> index 9afd6ac..e2093c2 100644
> --- a/src/lxc/caps.c
> +++ b/src/lxc/caps.c
> @@ -31,7 +31,6 @@
>
> #include "config.h"
> #include "log.h"
> -#include "lxclock.h"
>
> lxc_log_define(lxc_caps, lxc);
>
> @@ -192,9 +191,7 @@ static int _real_caps_last_cap(void)
>
> /* try to get the maximum capability over the kernel
> * interface introduced in v3.2 */
> - process_lock();
> fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY);
> - process_unlock();
> if (fd >= 0) {
> char buf[32];
> char *ptr;
> @@ -208,9 +205,7 @@ static int _real_caps_last_cap(void)
> result = -1;
> }
>
> - process_lock();
> close(fd);
> - process_unlock();
> }
>
> /* try to get it manually by trying to get the status of
> diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
> index f2a686a..ce6b739 100644
> --- a/src/lxc/cgroup.c
> +++ b/src/lxc/cgroup.c
> @@ -45,7 +45,6 @@
> #include "conf.h"
> #include "utils.h"
> #include "bdev.h"
> -#include "lxclock.h"
>
> #include <lxc/log.h>
> #include <lxc/cgroup.h>
> @@ -118,9 +117,7 @@ static bool find_cgroup_subsystems(char ***kernel_subsystems)
> size_t kernel_subsystems_capacity = 0;
> int r;
>
> - process_lock();
> proc_cgroups = fopen_cloexec("/proc/cgroups", "r");
> - process_unlock();
> if (!proc_cgroups)
> return false;
>
> @@ -160,9 +157,7 @@ static bool find_cgroup_subsystems(char ***kernel_subsystems)
> bret = true;
>
> out:
> - process_lock();
> fclose(proc_cgroups);
> - process_unlock();
> free(line);
> return bret;
> }
> @@ -182,13 +177,11 @@ static bool find_cgroup_hierarchies(struct cgroup_meta_data *meta_data,
> bool bret = false;
> size_t hierarchy_capacity = 0;
>
> - process_lock();
> proc_self_cgroup = fopen_cloexec("/proc/self/cgroup", "r");
> /* if for some reason (because of setns() and pid namespace for example),
> * /proc/self is not valid, we try /proc/1/cgroup... */
> if (!proc_self_cgroup)
> proc_self_cgroup = fopen_cloexec("/proc/1/cgroup", "r");
> - process_unlock();
> if (!proc_self_cgroup)
> return false;
>
> @@ -267,9 +260,7 @@ static bool find_cgroup_hierarchies(struct cgroup_meta_data *meta_data,
> bret = true;
>
> out:
> - process_lock();
> fclose(proc_self_cgroup);
> - process_unlock();
> free(line);
> return bret;
> }
> @@ -287,13 +278,11 @@ static bool find_hierarchy_mountpts( struct cgroup_meta_data *meta_data, char **
> size_t token_capacity = 0;
> int r;
>
> - process_lock();
> proc_self_mountinfo = fopen_cloexec("/proc/self/mountinfo", "r");
> /* if for some reason (because of setns() and pid namespace for example),
> * /proc/self is not valid, we try /proc/1/cgroup... */
> if (!proc_self_mountinfo)
> proc_self_mountinfo = fopen_cloexec("/proc/1/mountinfo", "r");
> - process_unlock();
> if (!proc_self_mountinfo)
> return false;
>
> @@ -398,9 +387,7 @@ static bool find_hierarchy_mountpts( struct cgroup_meta_data *meta_data, char **
> bret = true;
>
> out:
> - process_lock();
> fclose(proc_self_mountinfo);
> - process_unlock();
> free(tokens);
> free(line);
> return bret;
> @@ -1473,9 +1460,7 @@ struct cgroup_process_info *lxc_cgroup_process_info_getx(const char *proc_pid_cg
> struct cgroup_process_info **cptr = &result;
> struct cgroup_process_info *entry = NULL;
>
> - process_lock();
> proc_pid_cgroup = fopen_cloexec(proc_pid_cgroup_str, "r");
> - process_unlock();
> if (!proc_pid_cgroup)
> return NULL;
>
> @@ -1545,18 +1530,14 @@ struct cgroup_process_info *lxc_cgroup_process_info_getx(const char *proc_pid_cg
> entry = NULL;
> }
>
> - process_lock();
> fclose(proc_pid_cgroup);
> - process_unlock();
> free(line);
> return result;
>
> out_error:
> saved_errno = errno;
> - process_lock();
> if (proc_pid_cgroup)
> fclose(proc_pid_cgroup);
> - process_unlock();
> lxc_cgroup_process_info_free(result);
> lxc_cgroup_process_info_free(entry);
> free(line);
> @@ -1817,9 +1798,7 @@ bool cgroup_devices_has_allow_or_deny(struct lxc_handler *h, char *v, bool for_a
> return false;
> }
>
> - process_lock();
> devices_list = fopen_cloexec(path, "r");
> - process_unlock();
> if (!devices_list) {
> free(path);
> return false;
> @@ -1839,9 +1818,7 @@ bool cgroup_devices_has_allow_or_deny(struct lxc_handler *h, char *v, bool for_a
> }
>
> out:
> - process_lock();
> fclose(devices_list);
> - process_unlock();
> free(line);
> free(path);
> return ret;
> @@ -1863,9 +1840,7 @@ int cgroup_recursive_task_count(const char *cgroup_path)
> if (!dent_buf)
> return -1;
>
> - process_lock();
> d = opendir(cgroup_path);
> - process_unlock();
> if (!d) {
> free(dent_buf);
> return 0;
> @@ -1884,17 +1859,13 @@ int cgroup_recursive_task_count(const char *cgroup_path)
> continue;
> sub_path = lxc_string_join("/", parts, false);
> if (!sub_path) {
> - process_lock();
> closedir(d);
> - process_unlock();
> free(dent_buf);
> return -1;
> }
> r = stat(sub_path, &st);
> if (r < 0) {
> - process_lock();
> closedir(d);
> - process_unlock();
> free(dent_buf);
> free(sub_path);
> return -1;
> @@ -1910,9 +1881,7 @@ int cgroup_recursive_task_count(const char *cgroup_path)
> }
> free(sub_path);
> }
> - process_lock();
> closedir(d);
> - process_unlock();
> free(dent_buf);
>
> return n;
> @@ -1925,9 +1894,7 @@ int count_lines(const char *fn)
> size_t sz = 0;
> int n = 0;
>
> - process_lock();
> f = fopen_cloexec(fn, "r");
> - process_unlock();
> if (!f)
> return -1;
>
> @@ -1935,9 +1902,7 @@ int count_lines(const char *fn)
> n++;
> }
> free(line);
> - process_lock();
> fclose(f);
> - process_unlock();
> return n;
> }
>
> diff --git a/src/lxc/commands.c b/src/lxc/commands.c
> index de0b3e3..19a416f 100644
> --- a/src/lxc/commands.c
> +++ b/src/lxc/commands.c
> @@ -46,7 +46,6 @@
> #include "mainloop.h"
> #include "af_unix.h"
> #include "config.h"
> -#include "lxclock.h"
>
> /*
> * This file provides the different functions for clients to
> @@ -749,9 +748,7 @@ static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
> {
> lxc_console_free(handler->conf, fd);
> lxc_mainloop_del_handler(descr, fd);
> - process_lock();
> close(fd);
> - process_unlock();
> }
>
> static int lxc_cmd_handler(int fd, uint32_t events, void *data,
> @@ -824,9 +821,7 @@ static int lxc_cmd_accept(int fd, uint32_t events, void *data,
> {
> int opt = 1, ret = -1, connection;
>
> - process_lock();
> connection = accept(fd, NULL, 0);
> - process_unlock();
> if (connection < 0) {
> SYSERROR("failed to accept connection");
> return -1;
> @@ -853,9 +848,7 @@ out:
> return ret;
>
> out_close:
> - process_lock();
> close(connection);
> - process_unlock();
> goto out;
> }
>
> @@ -884,9 +877,7 @@ int lxc_cmd_init(const char *name, struct lxc_handler *handler,
>
> if (fcntl(fd, F_SETFD, FD_CLOEXEC)) {
> SYSERROR("failed to set sigfd to close-on-exec");
> - process_lock();
> close(fd);
> - process_unlock();
> return -1;
> }
>
> @@ -903,9 +894,7 @@ int lxc_cmd_mainloop_add(const char *name,
> ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
> if (ret) {
> ERROR("failed to add handler for command socket");
> - process_lock();
> close(fd);
> - process_unlock();
> }
>
> return ret;
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 0e5b6f6..68f9716 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -284,9 +284,7 @@ static int run_buffer(char *buffer)
> char *output;
> int ret;
>
> - process_lock();
> f = lxc_popen(buffer);
> - process_unlock();
> if (!f) {
> SYSERROR("popen failed");
> return -1;
> @@ -295,9 +293,7 @@ static int run_buffer(char *buffer)
> output = malloc(LXC_LOG_BUFFER_SIZE);
> if (!output) {
> ERROR("failed to allocate memory for script output");
> - process_lock();
> lxc_pclose(f);
> - process_unlock();
> return -1;
> }
>
> @@ -306,9 +302,7 @@ static int run_buffer(char *buffer)
>
> free(output);
>
> - process_lock();
> ret = lxc_pclose(f);
> - process_unlock();
> if (ret == -1) {
> SYSERROR("Script exited on error");
> return -1;
> @@ -513,9 +507,7 @@ static int setup_lodev(const char *rootfs, int fd, struct loop_info64 *loinfo)
> int rfd;
> int ret = -1;
>
> - process_lock();
> rfd = open(rootfs, O_RDWR);
> - process_unlock();
> if (rfd < 0) {
> SYSERROR("failed to open '%s'", rootfs);
> return -1;
> @@ -537,9 +529,7 @@ static int setup_lodev(const char *rootfs, int fd, struct loop_info64 *loinfo)
>
> ret = 0;
> out:
> - process_lock();
> close(rfd);
> - process_unlock();
>
> return ret;
> }
> @@ -552,9 +542,7 @@ static int mount_rootfs_file(const char *rootfs, const char *target)
> DIR *dir;
> char path[MAXPATHLEN];
>
> - process_lock();
> dir = opendir("/dev");
> - process_unlock();
> if (!dir) {
> SYSERROR("failed to open '/dev'");
> return -1;
> @@ -578,25 +566,19 @@ static int mount_rootfs_file(const char *rootfs, const char *target)
> if (rc < 0 || rc >= MAXPATHLEN)
> continue;
>
> - process_lock();
> fd = open(path, O_RDWR);
> - process_unlock();
> if (fd < 0)
> continue;
>
> if (ioctl(fd, LOOP_GET_STATUS64, &loinfo) == 0) {
> - process_lock();
> close(fd);
> - process_unlock();
> continue;
> }
>
> if (errno != ENXIO) {
> WARN("unexpected error for ioctl on '%s': %m",
> direntp->d_name);
> - process_lock();
> close(fd);
> - process_unlock();
> continue;
> }
>
> @@ -605,17 +587,13 @@ static int mount_rootfs_file(const char *rootfs, const char *target)
> ret = setup_lodev(rootfs, fd, &loinfo);
> if (!ret)
> ret = mount_unknow_fs(path, target, 0);
> - process_lock();
> close(fd);
> - process_unlock();
>
> break;
> }
>
> - process_lock();
> if (closedir(dir))
> WARN("failed to close directory");
> - process_unlock();
>
> return ret;
> }
> @@ -661,9 +639,7 @@ int pin_rootfs(const char *rootfs)
> if (ret >= MAXPATHLEN)
> return -1;
>
> - process_lock();
> fd = open(absrootfspin, O_CREAT | O_RDWR, S_IWUSR|S_IRUSR);
> - process_unlock();
> if (fd < 0)
> return fd;
> (void)unlink(absrootfspin);
> @@ -840,17 +816,13 @@ static int setup_tty(const struct lxc_rootfs *rootfs,
> ERROR("pathname too long for ttys");
> return -1;
> }
> - process_lock();
> ret = creat(lxcpath, 0660);
> - process_unlock();
> if (ret==-1 && errno != EEXIST) {
> SYSERROR("error creating %s\n", lxcpath);
> return -1;
> }
> - process_lock();
> if (ret >= 0)
> close(ret);
> - process_unlock();
> ret = unlink(path);
> if (ret && errno != ENOENT) {
> SYSERROR("error unlinking %s\n", path);
> @@ -876,16 +848,12 @@ static int setup_tty(const struct lxc_rootfs *rootfs,
> } else {
> /* If we populated /dev, then we need to create /dev/ttyN */
> if (access(path, F_OK)) {
> - process_lock();
> ret = creat(path, 0660);
> - process_unlock();
> if (ret==-1) {
> SYSERROR("error creating %s\n", path);
> /* this isn't fatal, continue */
> } else {
> - process_lock();
> close(ret);
> - process_unlock();
> }
> }
> if (mount(pty_info->name, path, "none", MS_BIND, 0)) {
> @@ -1157,9 +1125,7 @@ int mount_check_fs( const char *dir, char *fstype )
> return 0;
> }
>
> - process_lock();
> f = fopen("/proc/self/mounts", "r");
> - process_unlock();
> if (!f)
> return 0;
> while ((p = fgets(buf, LINELEN, f))) {
> @@ -1193,9 +1159,7 @@ int mount_check_fs( const char *dir, char *fstype )
> }
> }
>
> - process_lock();
> fclose(f);
> - process_unlock();
>
> DEBUG("mount_check_fs returning %d last %s\n", found_fs, fstype);
>
> @@ -1455,9 +1419,7 @@ int detect_shared_rootfs(void)
> int i;
> char *p2;
>
> - process_lock();
> f = fopen("/proc/self/mountinfo", "r");
> - process_unlock();
> if (!f)
> return 0;
> while ((p = fgets(buf, LINELEN, f))) {
> @@ -1473,16 +1435,12 @@ int detect_shared_rootfs(void)
> // this is '/'. is it shared?
> p = index(p2+1, ' ');
> if (p && strstr(p, "shared:")) {
> - process_lock();
> fclose(f);
> - process_unlock();
> return 1;
> }
> }
> }
> - process_lock();
> fclose(f);
> - process_unlock();
> return 0;
> }
>
> @@ -1738,17 +1696,13 @@ static int setup_ttydir_console(const struct lxc_rootfs *rootfs,
> return -1;
> }
>
> - process_lock();
> ret = creat(lxcpath, 0660);
> - process_unlock();
> if (ret==-1 && errno != EEXIST) {
> SYSERROR("error %d creating %s\n", errno, lxcpath);
> return -1;
> }
> - process_lock();
> if (ret >= 0)
> close(ret);
> - process_unlock();
>
> if (console->master < 0) {
> INFO("no console");
> @@ -2132,9 +2086,7 @@ static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
> if (!fstab)
> return 0;
>
> - process_lock();
> file = setmntent(fstab, "r");
> - process_unlock();
> if (!file) {
> SYSERROR("failed to use '%s'", fstab);
> return -1;
> @@ -2142,9 +2094,7 @@ static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
>
> ret = mount_file_entries(rootfs, file, lxc_name);
>
> - process_lock();
> endmntent(file);
> - process_unlock();
> return ret;
> }
>
> @@ -2156,9 +2106,7 @@ static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list
> char *mount_entry;
> int ret;
>
> - process_lock();
> file = tmpfile();
> - process_unlock();
> if (!file) {
> ERROR("tmpfile error: %m");
> return -1;
> @@ -2173,9 +2121,7 @@ static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list
>
> ret = mount_file_entries(rootfs, file, lxc_name);
>
> - process_lock();
> fclose(file);
> - process_unlock();
> return ret;
> }
>
> @@ -2321,18 +2267,14 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
> ifr.ifr_name[IFNAMSIZ-1] = '\0';
> memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr));
>
> - process_lock();
> fd = socket(AF_INET, SOCK_DGRAM, 0);
> - process_unlock();
> if (fd < 0) {
> ERROR("socket failure : %s", strerror(errno));
> return -1;
> }
>
> ret = ioctl(fd, SIOCSIFHWADDR, &ifr);
> - process_lock();
> close(fd);
> - process_unlock();
> if (ret)
> ERROR("ioctl failure : %s", strerror(errno));
>
> @@ -3112,9 +3054,7 @@ static int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
> fprintf(stderr, "%s: path name too long", __func__);
> return -E2BIG;
> }
> - process_lock();
> f = fopen(path, "w");
> - process_unlock();
> if (!f) {
> perror("open");
> return -EINVAL;
> @@ -3122,9 +3062,7 @@ static int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
> ret = fwrite(buf, buf_size, 1, f);
> if (ret < 0)
> SYSERROR("writing id mapping");
> - process_lock();
> closeret = fclose(f);
> - process_unlock();
> if (closeret)
> SYSERROR("writing id mapping");
> return ret < 0 ? ret : closeret;
> @@ -3344,10 +3282,8 @@ void lxc_delete_tty(struct lxc_tty_info *tty_info)
> for (i = 0; i < tty_info->nbtty; i++) {
> struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
>
> - process_lock();
> close(pty_info->master);
> close(pty_info->slave);
> - process_unlock();
> }
>
> free(tty_info->pty_info);
> @@ -4084,9 +4020,7 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
> int p[2];
> struct lxc_list *idmap;
>
> - process_lock();
> ret = pipe(p);
> - process_unlock();
> if (ret < 0) {
> SYSERROR("opening pipe");
> return -1;
> @@ -4098,9 +4032,7 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
> pid = lxc_clone(run_userns_fn, &d, CLONE_NEWUSER);
> if (pid < 0)
> goto err;
> - process_lock();
> close(p[0]);
> - process_unlock();
> p[0] = -1;
>
> if ((idmap = idmap_add_id(conf, geteuid())) == NULL) {
> @@ -4127,10 +4059,8 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
> goto err;
> }
> err:
> - process_lock();
> if (p[0] != -1)
> close(p[0]);
> close(p[1]);
> - process_unlock();
> return -1;
> }
> diff --git a/src/lxc/console.c b/src/lxc/console.c
> index 5d91f24..86e5e05 100644
> --- a/src/lxc/console.c
> +++ b/src/lxc/console.c
> @@ -202,9 +202,7 @@ out:
> static void lxc_console_sigwinch_fini(struct lxc_tty_state *ts)
> {
> if (ts->sigfd >= 0) {
> - process_lock();
> close(ts->sigfd);
> - process_unlock();
> }
> lxc_list_del(&ts->node);
> sigprocmask(SIG_SETMASK, &ts->oldmask, NULL);
> @@ -227,9 +225,7 @@ static int lxc_console_cb_con(int fd, uint32_t events, void *data,
> if (!r) {
> INFO("console client on fd %d has exited", fd);
> lxc_mainloop_del_handler(descr, fd);
> - process_lock();
> close(fd);
> - process_unlock();
> return 0;
> }
>
> @@ -345,10 +341,8 @@ static void lxc_console_peer_proxy_free(struct lxc_console *console)
> lxc_console_sigwinch_fini(console->tty_state);
> console->tty_state = NULL;
> }
> - process_lock();
> close(console->peerpty.master);
> close(console->peerpty.slave);
> - process_unlock();
> console->peerpty.master = -1;
> console->peerpty.slave = -1;
> console->peerpty.busy = -1;
> @@ -492,23 +486,19 @@ static void lxc_console_peer_default(struct lxc_console *console)
> */
> if (!path && !access("/dev/tty", F_OK)) {
> int fd;
> - process_lock();
> fd = open("/dev/tty", O_RDWR);
> if (fd >= 0) {
> close(fd);
> path = "/dev/tty";
> }
> - process_unlock();
> }
>
> if (!path)
> goto out;
>
> DEBUG("opening %s for console peer", path);
> - process_lock();
> console->peer = lxc_unpriv(open(path, O_CLOEXEC | O_RDWR | O_CREAT |
> O_APPEND, 0600));
> - process_unlock();
> if (console->peer < 0)
> goto out;
>
> @@ -539,9 +529,7 @@ err2:
> free(console->tios);
> console->tios = NULL;
> err1:
> - process_lock();
> close(console->peer);
> - process_unlock();
> console->peer = -1;
> out:
> DEBUG("no console peer");
> @@ -555,13 +543,11 @@ void lxc_console_delete(struct lxc_console *console)
> free(console->tios);
> console->tios = NULL;
>
> - process_lock();
> close(console->peer);
> close(console->master);
> close(console->slave);
> if (console->log_fd >= 0)
> close(console->log_fd);
> - process_unlock();
>
> console->peer = -1;
> console->master = -1;
> @@ -607,11 +593,9 @@ int lxc_console_create(struct lxc_conf *conf)
> lxc_console_peer_default(console);
>
> if (console->log_path) {
> - process_lock();
> console->log_fd = lxc_unpriv(open(console->log_path,
> O_CLOEXEC | O_RDWR |
> O_CREAT | O_APPEND, 0600));
> - process_unlock();
> if (console->log_fd < 0) {
> SYSERROR("failed to open '%s'", console->log_path);
> goto err;
> @@ -774,10 +758,8 @@ err4:
> err3:
> lxc_console_sigwinch_fini(ts);
> err2:
> - process_lock();
> close(masterfd);
> close(ttyfd);
> - process_unlock();
> err1:
> tcsetattr(stdinfd, TCSAFLUSH, &oldtios);
>
> diff --git a/src/lxc/freezer.c b/src/lxc/freezer.c
> index 41dc61e..be97d75 100644
> --- a/src/lxc/freezer.c
> +++ b/src/lxc/freezer.c
> @@ -34,7 +34,6 @@
> #include "error.h"
> #include "state.h"
> #include "monitor.h"
> -#include "lxclock.h"
>
> #include <lxc/log.h>
> #include <lxc/cgroup.h>
> @@ -53,9 +52,7 @@ static int do_unfreeze(const char *nsgroup, int freeze, const char *name, const
> return -1;
> }
>
> - process_lock();
> fd = open(freezer, O_RDWR);
> - process_unlock();
> if (fd < 0) {
> SYSERROR("failed to open freezer at '%s'", nsgroup);
> return -1;
> @@ -117,9 +114,7 @@ static int do_unfreeze(const char *nsgroup, int freeze, const char *name, const
> }
>
> out:
> - process_lock();
> close(fd);
> - process_unlock();
> return ret;
> }
>
> diff --git a/src/lxc/log.c b/src/lxc/log.c
> index d6ce361..86f7cd4 100644
> --- a/src/lxc/log.c
> +++ b/src/lxc/log.c
> @@ -36,7 +36,6 @@
> #include "log.h"
> #include "caps.h"
> #include "utils.h"
> -#include "lxclock.h"
>
> #define LXC_LOG_PREFIX_SIZE 32
> #define LXC_LOG_BUFFER_SIZE 512
> @@ -162,10 +161,8 @@ static int log_open(const char *name)
> int fd;
> int newfd;
>
> - process_lock();
> fd = lxc_unpriv(open(name, O_CREAT | O_WRONLY |
> O_APPEND | O_CLOEXEC, 0666));
> - process_unlock();
> if (fd == -1) {
> ERROR("failed to open log file \"%s\" : %s", name,
> strerror(errno));
> @@ -179,9 +176,7 @@ static int log_open(const char *name)
> if (newfd == -1)
> ERROR("failed to dup log fd %d : %s", fd, strerror(errno));
>
> - process_lock();
> close(fd);
> - process_unlock();
> return newfd;
> }
>
> @@ -248,9 +243,7 @@ static int __lxc_log_set_file(const char *fname, int create_dirs)
> {
> if (lxc_log_fd != -1) {
> // we are overriding the default.
> - process_lock();
> close(lxc_log_fd);
> - process_unlock();
> free(log_fname);
> }
>
> diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
> index f7f2ff9..fdae5e6 100644
> --- a/src/lxc/lsm/apparmor.c
> +++ b/src/lxc/lsm/apparmor.c
> @@ -27,7 +27,6 @@
> #include <sys/mount.h>
> #include <sys/apparmor.h>
> #include "log.h"
> -#include "lxclock.h"
> #include "lsm/lsm.h"
>
> lxc_log_define(lxc_apparmor, lxc);
> @@ -50,15 +49,11 @@ static int apparmor_enabled(void)
> ret = stat(AA_MOUNT_RESTR, &statbuf);
> if (ret != 0)
> return 0;
> - process_lock();
> fin = fopen(AA_ENABLED_FILE, "r");
> - process_unlock();
> if (!fin)
> return 0;
> ret = fscanf(fin, "%c", &e);
> - process_lock();
> fclose(fin);
> - process_unlock();
> if (ret == 1 && e == 'Y')
> return 1;
> return 0;
> @@ -78,9 +73,7 @@ static char *apparmor_process_label_get(pid_t pid)
> return NULL;
> }
> again:
> - process_lock();
> f = fopen(path, "r");
> - process_unlock();
> if (!f) {
> SYSERROR("opening %s\n", path);
> if (buf)
> @@ -92,17 +85,13 @@ again:
> if (!newbuf) {
> free(buf);
> ERROR("out of memory");
> - process_lock();
> fclose(f);
> - process_unlock();
> return NULL;
> }
> buf = newbuf;
> memset(buf, 0, sz);
> ret = fread(buf, 1, sz - 1, f);
> - process_lock();
> fclose(f);
> - process_unlock();
> if (ret < 0) {
> ERROR("reading %s\n", path);
> free(buf);
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 203f4a8..e1d004f 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -112,9 +112,7 @@ int ongoing_create(struct lxc_container *c)
>
> if (!file_exists(path))
> return 0;
> - process_lock();
> fd = open(path, O_RDWR);
> - process_unlock();
> if (fd < 0) {
> // give benefit of the doubt
> SYSERROR("Error opening partial file");
> @@ -127,15 +125,11 @@ int ongoing_create(struct lxc_container *c)
> lk.l_pid = -1;
> if (fcntl(fd, F_GETLK, &lk) == 0 && lk.l_pid != -1) {
> // create is still ongoing
> - process_lock();
> close(fd);
> - process_unlock();
> return 1;
> }
> // create completed but partial is still there.
> - process_lock();
> close(fd);
> - process_unlock();
> return 2;
> }
>
> @@ -152,10 +146,8 @@ int create_partial(struct lxc_container *c)
> ERROR("Error writing partial pathname");
> return -1;
> }
> - process_lock();
> if ((fd=open(path, O_RDWR | O_CREAT | O_EXCL, 0755)) < 0) {
> SYSERROR("Erorr creating partial file");
> - process_unlock();
> return -1;
> }
> lk.l_type = F_WRLCK;
> @@ -165,10 +157,8 @@ int create_partial(struct lxc_container *c)
> if (fcntl(fd, F_SETLKW, &lk) < 0) {
> SYSERROR("Error locking partial file %s", path);
> close(fd);
> - process_unlock();
> return -1;
> }
> - process_unlock();
>
> return fd;
> }
> @@ -180,9 +170,7 @@ void remove_partial(struct lxc_container *c, int fd)
> char *path = alloca(len);
> int ret;
>
> - process_lock();
> close(fd);
> - process_unlock();
> ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name);
> if (ret < 0 || ret >= len) {
> ERROR("Error writing partial pathname");
> @@ -518,9 +506,7 @@ static bool am_single_threaded(void)
> DIR *dir;
> int count=0;
>
> - process_lock();
> dir = opendir("/proc/self/task");
> - process_unlock();
> if (!dir) {
> INFO("failed to open /proc/self/task");
> return false;
> @@ -538,9 +524,7 @@ static bool am_single_threaded(void)
> if (++count > 1)
> break;
> }
> - process_lock();
> closedir(dir);
> - process_unlock();
> return count == 1;
> }
>
> @@ -1063,9 +1047,7 @@ bool prepend_lxc_header(char *path, const char *t, char *const argv[])
> char *tpath;
> #endif
>
> - process_lock();
> f = fopen(path, "r");
> - process_unlock();
> if (f == NULL)
> return false;
>
> @@ -1081,9 +1063,7 @@ bool prepend_lxc_header(char *path, const char *t, char *const argv[])
> goto out_free_contents;
>
> contents[flen] = '\0';
> - process_lock();
> ret = fclose(f);
> - process_unlock();
> f = NULL;
> if (ret < 0)
> goto out_free_contents;
> @@ -1104,9 +1084,7 @@ bool prepend_lxc_header(char *path, const char *t, char *const argv[])
> free(tpath);
> #endif
>
> - process_lock();
> f = fopen(path, "w");
> - process_unlock();
> if (f == NULL) {
> SYSERROR("reopening config for writing");
> free(contents);
> @@ -1131,9 +1109,7 @@ bool prepend_lxc_header(char *path, const char *t, char *const argv[])
> if (fwrite(contents, 1, flen, f) != flen) {
> SYSERROR("Writing original contents");
> free(contents);
> - process_lock();
> fclose(f);
> - process_unlock();
> return false;
> }
> ret = 0;
> @@ -1142,9 +1118,7 @@ out_free_contents:
> out_error:
> if (f) {
> int newret;
> - process_lock();
> newret = fclose(f);
> - process_unlock();
> if (ret == 0)
> ret = newret;
> }
> @@ -1400,12 +1374,10 @@ static inline void exit_from_ns(struct lxc_container *c, int *old_netns, int *ne
> /* Switch back to original netns */
> if (*old_netns >= 0 && setns(*old_netns, CLONE_NEWNET))
> SYSERROR("failed to setns");
> - process_lock();
> if (*new_netns >= 0)
> close(*new_netns);
> if (*old_netns >= 0)
> close(*old_netns);
> - process_unlock();
> }
>
> static inline bool enter_to_ns(struct lxc_container *c, int *old_netns, int *new_netns) {
> @@ -1416,9 +1388,7 @@ static inline bool enter_to_ns(struct lxc_container *c, int *old_netns, int *new
> goto out;
>
> /* Save reference to old netns */
> - process_lock();
> *old_netns = open("/proc/self/ns/net", O_RDONLY);
> - process_unlock();
> if (*old_netns < 0) {
> SYSERROR("failed to open /proc/self/ns/net");
> goto out;
> @@ -1429,9 +1399,7 @@ static inline bool enter_to_ns(struct lxc_container *c, int *old_netns, int *new
> if (ret < 0 || ret >= MAXPATHLEN)
> goto out;
>
> - process_lock();
> *new_netns = open(new_netns_path, O_RDONLY);
> - process_unlock();
> if (*new_netns < 0) {
> SYSERROR("failed to open %s", new_netns_path);
> goto out;
> @@ -1712,15 +1680,11 @@ static bool lxcapi_save_config(struct lxc_container *c, const char *alt_file)
> if (lret)
> return false;
>
> - process_lock();
> fout = fopen(alt_file, "w");
> - process_unlock();
> if (!fout)
> goto out;
> write_config(fout, c->lxc_conf);
> - process_lock();
> fclose(fout);
> - process_unlock();
> ret = true;
>
> out:
> @@ -1744,35 +1708,25 @@ static bool mod_rdep(struct lxc_container *c, bool inc)
> c->name);
> if (ret < 0 || ret > MAXPATHLEN)
> goto out;
> - process_lock();
> f = fopen(path, "r");
> - process_unlock();
> if (f) {
> ret = fscanf(f, "%d", &v);
> - process_lock();
> fclose(f);
> - process_unlock();
> if (ret != 1) {
> ERROR("Corrupted file %s", path);
> goto out;
> }
> }
> v += inc ? 1 : -1;
> - process_lock();
> f = fopen(path, "w");
> - process_unlock();
> if (!f)
> goto out;
> if (fprintf(f, "%d\n", v) < 0) {
> ERROR("Error writing new snapshots value");
> - process_lock();
> fclose(f);
> - process_unlock();
> goto out;
> }
> - process_lock();
> ret = fclose(f);
> - process_unlock();
> if (ret != 0) {
> SYSERROR("Error writing to or closing snapshots file");
> goto out;
> @@ -1808,9 +1762,7 @@ static void mod_all_rdeps(struct lxc_container *c, bool inc)
> ERROR("Path name too long");
> return;
> }
> - process_lock();
> f = fopen(path, "r");
> - process_unlock();
> if (f == NULL)
> return;
> while (getline(&lxcpath, &pathlen, f) != -1) {
> @@ -1833,9 +1785,7 @@ static void mod_all_rdeps(struct lxc_container *c, bool inc)
> out:
> if (lxcpath) free(lxcpath);
> if (lxcname) free(lxcname);
> - process_lock();
> fclose(f);
> - process_unlock();
> }
>
> static bool has_snapshots(struct lxc_container *c)
> @@ -1849,15 +1799,11 @@ static bool has_snapshots(struct lxc_container *c)
> c->name);
> if (ret < 0 || ret > MAXPATHLEN)
> goto out;
> - process_lock();
> f = fopen(path, "r");
> - process_unlock();
> if (!f)
> goto out;
> ret = fscanf(f, "%d", &v);
> - process_lock();
> fclose(f);
> - process_unlock();
> if (ret != 1)
> goto out;
> bret = v != 0;
> @@ -2128,21 +2074,15 @@ static int copy_file(const char *old, const char *new)
> return -1;
> }
>
> - process_lock();
> in = open(old, O_RDONLY);
> - process_unlock();
> if (in < 0) {
> SYSERROR("Error opening original file %s", old);
> return -1;
> }
> - process_lock();
> out = open(new, O_CREAT | O_EXCL | O_WRONLY, 0644);
> - process_unlock();
> if (out < 0) {
> SYSERROR("Error opening new file %s", new);
> - process_lock();
> close(in);
> - process_unlock();
> return -1;
> }
>
> @@ -2160,10 +2100,8 @@ static int copy_file(const char *old, const char *new)
> goto err;
> }
> }
> - process_lock();
> close(in);
> close(out);
> - process_unlock();
>
> // we set mode, but not owner/group
> ret = chmod(new, sbuf.st_mode);
> @@ -2175,10 +2113,8 @@ static int copy_file(const char *old, const char *new)
> return 0;
>
> err:
> - process_lock();
> close(in);
> close(out);
> - process_unlock();
> return -1;
> }
>
> @@ -2229,17 +2165,13 @@ static int copyhooks(struct lxc_container *oldc, struct lxc_container *c)
> static void new_hwaddr(char *hwaddr)
> {
> FILE *f;
> - process_lock();
> f = fopen("/dev/urandom", "r");
> - process_unlock();
> if (f) {
> unsigned int seed;
> int ret = fread(&seed, sizeof(seed), 1, f);
> if (ret != 1)
> seed = time(NULL);
> - process_lock();
> fclose(f);
> - process_unlock();
> srand(seed);
> } else
> srand(time(NULL));
> @@ -2329,19 +2261,15 @@ static bool add_rdepends(struct lxc_container *c, struct lxc_container *c0)
> c->name);
> if (ret < 0 || ret >= MAXPATHLEN)
> return false;
> - process_lock();
> f = fopen(path, "a");
> - process_unlock();
> if (!f)
> return false;
> bret = true;
> // if anything goes wrong, just return an error
> if (fprintf(f, "%s\n%s\n", c0->config_path, c0->name) < 0)
> bret = false;
> - process_lock();
> if (fclose(f) != 0)
> bret = false;
> - process_unlock();
> return bret;
> }
>
> @@ -2526,17 +2454,13 @@ struct lxc_container *lxcapi_clone(struct lxc_container *c, const char *newname,
> }
>
> // copy the configuration, tweak it as needed,
> - process_lock();
> fout = fopen(newpath, "w");
> - process_unlock();
> if (!fout) {
> SYSERROR("open %s", newpath);
> goto out;
> }
> write_config(fout, c->lxc_conf);
> - process_lock();
> fclose(fout);
> - process_unlock();
>
> sprintf(newpath, "%s/%s/rootfs", l, n);
> if (mkdir(newpath, 0755) < 0) {
> @@ -2720,9 +2644,7 @@ static int lxcapi_snapshot(struct lxc_container *c, const char *commentfile)
>
> char *dfnam = alloca(strlen(snappath) + strlen(newname) + 5);
> sprintf(dfnam, "%s/%s/ts", snappath, newname);
> - process_lock();
> f = fopen(dfnam, "w");
> - process_unlock();
> if (!f) {
> ERROR("Failed to open %s\n", dfnam);
> return -1;
> @@ -2732,9 +2654,7 @@ static int lxcapi_snapshot(struct lxc_container *c, const char *commentfile)
> fclose(f);
> return -1;
> }
> - process_lock();
> ret = fclose(f);
> - process_unlock();
> if (ret != 0) {
> SYSERROR("Writing timestamp");
> return -1;
> @@ -2788,9 +2708,7 @@ static char *get_timestamp(char* snappath, char *name)
> ret = snprintf(path, MAXPATHLEN, "%s/%s/ts", snappath, name);
> if (ret < 0 || ret >= MAXPATHLEN)
> return NULL;
> - process_lock();
> fin = fopen(path, "r");
> - process_unlock();
> if (!fin)
> return NULL;
> (void) fseek(fin, 0, SEEK_END);
> @@ -2807,9 +2725,7 @@ static char *get_timestamp(char* snappath, char *name)
> }
> }
> }
> - process_lock();
> fclose(fin);
> - process_unlock();
> return s;
> }
>
> @@ -2829,9 +2745,7 @@ static int lxcapi_snapshot_list(struct lxc_container *c, struct lxc_snapshot **r
> ERROR("path name too long");
> return -1;
> }
> - process_lock();
> dir = opendir(snappath);
> - process_unlock();
> if (!dir) {
> INFO("failed to open %s - assuming no snapshots", snappath);
> return 0;
> @@ -2874,10 +2788,8 @@ static int lxcapi_snapshot_list(struct lxc_container *c, struct lxc_snapshot **r
> count++;
> }
>
> - process_lock();
> if (closedir(dir))
> WARN("failed to close directory");
> - process_unlock();
>
> *ret_snaps = snaps;
> return count;
> @@ -2889,10 +2801,8 @@ out_free:
> lxcsnap_free(&snaps[i]);
> free(snaps);
> }
> - process_lock();
> if (closedir(dir))
> WARN("failed to close directory");
> - process_unlock();
> return -1;
> }
>
> @@ -3242,10 +3152,7 @@ int list_defined_containers(const char *lxcpath, char ***names, struct lxc_conta
> if (!lxcpath)
> lxcpath = default_lxc_path();
>
> - process_lock();
> dir = opendir(lxcpath);
> - process_unlock();
> -
> if (!dir) {
> SYSERROR("opendir on lxcpath");
> return -1;
> @@ -3304,9 +3211,7 @@ int list_defined_containers(const char *lxcpath, char ***names, struct lxc_conta
> nfound++;
> }
>
> - process_lock();
> closedir(dir);
> - process_unlock();
> return nfound;
>
> free_bad:
> @@ -3320,9 +3225,7 @@ free_bad:
> lxc_container_put((*cret)[i]);
> free(*cret);
> }
> - process_lock();
> closedir(dir);
> - process_unlock();
> return -1;
> }
>
> @@ -3345,9 +3248,7 @@ int list_active_containers(const char *lxcpath, char ***nret,
> if (nret)
> *nret = NULL;
>
> - process_lock();
> FILE *f = fopen("/proc/net/unix", "r");
> - process_unlock();
> if (!f)
> return -1;
>
> @@ -3429,9 +3330,7 @@ out:
> if (line)
> free(line);
>
> - process_lock();
> fclose(f);
> - process_unlock();
> return ret;
> }
>
> diff --git a/src/lxc/lxclock.c b/src/lxc/lxclock.c
> index 64823d2..28691b0 100644
> --- a/src/lxc/lxclock.c
> +++ b/src/lxc/lxclock.c
> @@ -119,9 +119,7 @@ static char *lxclock_name(const char *p, const char *n)
> free(dest);
> return NULL;
> }
> - process_lock();
> ret = mkdir_p(dest, 0755);
> - process_unlock();
> if (ret < 0) {
> free(dest);
> return NULL;
> @@ -217,12 +215,10 @@ int lxclock(struct lxc_lock *l, int timeout)
> ret = -2;
> goto out;
> }
> - process_lock();
> if (l->u.f.fd == -1) {
> l->u.f.fd = open(l->u.f.fname, O_RDWR|O_CREAT,
> S_IWUSR | S_IRUSR);
> if (l->u.f.fd == -1) {
> - process_unlock();
> ERROR("Error opening %s", l->u.f.fname);
> goto out;
> }
> @@ -232,7 +228,6 @@ int lxclock(struct lxc_lock *l, int timeout)
> lk.l_start = 0;
> lk.l_len = 0;
> ret = fcntl(l->u.f.fd, F_SETLKW, &lk);
> - process_unlock();
> if (ret == -1)
> saved_errno = errno;
> break;
> @@ -258,7 +253,6 @@ int lxcunlock(struct lxc_lock *l)
> }
> break;
> case LXC_LOCK_FLOCK:
> - process_lock();
> if (l->u.f.fd != -1) {
> lk.l_type = F_UNLCK;
> lk.l_whence = SEEK_SET;
> @@ -271,7 +265,6 @@ int lxcunlock(struct lxc_lock *l)
> l->u.f.fd = -1;
> } else
> ret = -2;
> - process_unlock();
> break;
> }
>
> @@ -299,12 +292,10 @@ void lxc_putlock(struct lxc_lock *l)
> }
> break;
> case LXC_LOCK_FLOCK:
> - process_lock();
> if (l->u.f.fd != -1) {
> close(l->u.f.fd);
> l->u.f.fd = -1;
> }
> - process_unlock();
> if (l->u.f.fname) {
> free(l->u.f.fname);
> l->u.f.fname = NULL;
> diff --git a/src/lxc/lxcutmp.c b/src/lxc/lxcutmp.c
> index d4a180c..6c9e6f2 100644
> --- a/src/lxc/lxcutmp.c
> +++ b/src/lxc/lxcutmp.c
> @@ -62,7 +62,6 @@ static int timerfd_settime (int __ufd, int __flags,
> #include "mainloop.h"
> #include "lxc.h"
> #include "log.h"
> -#include "lxclock.h"
>
> #ifndef __USE_GNU
> #define __USE_GNU
> @@ -344,9 +343,7 @@ run_ok:
>
> memset(utmp_data, 0, sizeof(struct lxc_utmp));
>
> - process_lock();
> fd = inotify_init();
> - process_unlock();
> if (fd < 0) {
> SYSERROR("failed to inotify_init");
> goto out;
> @@ -380,9 +377,7 @@ run_ok:
>
> return 0;
> out_close:
> - process_lock();
> close(fd);
> - process_unlock();
> out:
> free(utmp_data);
> return -1;
> @@ -432,9 +427,7 @@ int lxc_utmp_add_timer(struct lxc_epoll_descr *descr,
> struct itimerspec timeout;
> struct lxc_utmp *utmp_data = (struct lxc_utmp *)data;
>
> - process_lock();
> fd = timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK | TFD_CLOEXEC);
> - process_unlock();
> if (fd < 0) {
> SYSERROR("failed to create timer");
> return -1;
> @@ -458,9 +451,7 @@ int lxc_utmp_add_timer(struct lxc_epoll_descr *descr,
>
> if (lxc_mainloop_add_handler(descr, fd, callback, utmp_data)) {
> SYSERROR("failed to add utmp timer to mainloop");
> - process_lock();
> close(fd);
> - process_unlock();
> return -1;
> }
>
> @@ -481,9 +472,7 @@ int lxc_utmp_del_timer(struct lxc_epoll_descr *descr,
> SYSERROR("failed to del utmp timer from mainloop");
>
> /* shutdown timer_fd */
> - process_lock();
> close(utmp_data->timer_fd);
> - process_unlock();
> utmp_data->timer_fd = -1;
>
> if (result < 0)
> diff --git a/src/lxc/mainloop.c b/src/lxc/mainloop.c
> index ec0c252..85b3ab9 100644
> --- a/src/lxc/mainloop.c
> +++ b/src/lxc/mainloop.c
> @@ -29,7 +29,6 @@
> #include <sys/epoll.h>
>
> #include "mainloop.h"
> -#include "lxclock.h"
>
> struct mainloop_handler {
> lxc_mainloop_callback_t callback;
> @@ -133,16 +132,12 @@ int lxc_mainloop_del_handler(struct lxc_epoll_descr *descr, int fd)
> int lxc_mainloop_open(struct lxc_epoll_descr *descr)
> {
> /* hint value passed to epoll create */
> - process_lock();
> descr->epfd = epoll_create(2);
> - process_unlock();
> if (descr->epfd < 0)
> return -1;
>
> if (fcntl(descr->epfd, F_SETFD, FD_CLOEXEC)) {
> - process_lock();
> close(descr->epfd);
> - process_unlock();
> return -1;
> }
>
> @@ -153,7 +148,6 @@ int lxc_mainloop_open(struct lxc_epoll_descr *descr)
> int lxc_mainloop_close(struct lxc_epoll_descr *descr)
> {
> struct lxc_list *iterator, *next;
> - int ret;
>
> iterator = descr->handlers.next;
> while (iterator != &descr->handlers) {
> @@ -165,9 +159,6 @@ int lxc_mainloop_close(struct lxc_epoll_descr *descr)
> iterator = next;
> }
>
> - process_lock();
> - ret = close(descr->epfd);
> - process_unlock();
> - return ret;
> + return close(descr->epfd);
> }
>
> diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
> index 1eae8e6..7e0a713 100644
> --- a/src/lxc/monitor.c
> +++ b/src/lxc/monitor.c
> @@ -64,9 +64,7 @@ int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path, size_t fifo_path
> ERROR("rundir/lxcpath (%s/%s) too long for monitor fifo", rundir, lxcpath);
> return -1;
> }
> - process_lock();
> ret = mkdir_p(fifo_path, 0755);
> - process_unlock();
> if (ret < 0) {
> ERROR("unable to create monitor fifo dir %s", fifo_path);
> return ret;
> @@ -91,9 +89,7 @@ static void lxc_monitor_fifo_send(struct lxc_msg *msg, const char *lxcpath)
> if (ret < 0)
> return;
>
> - process_lock();
> fd = open(fifo_path, O_WRONLY);
> - process_unlock();
> if (fd < 0) {
> /* it is normal for this open to fail when there is no monitor
> * running, so we don't log it
> @@ -103,16 +99,12 @@ static void lxc_monitor_fifo_send(struct lxc_msg *msg, const char *lxcpath)
>
> ret = write(fd, msg, sizeof(*msg));
> if (ret != sizeof(*msg)) {
> - process_lock();
> close(fd);
> - process_unlock();
> SYSERROR("failed to write monitor fifo %s", fifo_path);
> return;
> }
>
> - process_lock();
> close(fd);
> - process_unlock();
> }
>
> void lxc_monitor_send_state(const char *name, lxc_state_t state, const char *lxcpath)
> @@ -129,12 +121,7 @@ void lxc_monitor_send_state(const char *name, lxc_state_t state, const char *lxc
> /* routines used by monitor subscribers (lxc-monitor) */
> int lxc_monitor_close(int fd)
> {
> - int ret;
> -
> - process_lock();
> - ret = close(fd);
> - process_unlock();
> - return ret;
> + return close(fd);
> }
>
> /* Note we don't use SHA-1 here as we don't want to depend on HAVE_GNUTLS.
> @@ -200,9 +187,7 @@ int lxc_monitor_open(const char *lxcpath)
> if (lxc_monitor_sock_name(lxcpath, &addr) < 0)
> return -1;
>
> - process_lock();
> fd = socket(PF_UNIX, SOCK_STREAM, 0);
> - process_unlock();
> if (fd < 0) {
> ERROR("socket : %s", strerror(errno));
> return -1;
> @@ -229,9 +214,7 @@ int lxc_monitor_open(const char *lxcpath)
> }
> return fd;
> err1:
> - process_lock();
> close(fd);
> - process_unlock();
> return ret;
> }
>
> diff --git a/src/lxc/network.c b/src/lxc/network.c
> index e5dc34d..361bb99 100644
> --- a/src/lxc/network.c
> +++ b/src/lxc/network.c
> @@ -30,6 +30,7 @@
> #include <string.h>
> #include <stdio.h>
> #include <ctype.h>
> +#include <time.h>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <sys/socket.h>
> @@ -48,7 +49,6 @@
> #include "nl.h"
> #include "network.h"
> #include "conf.h"
> -#include "lxclock.h"
>
> #if HAVE_IFADDRS_H
> #include <ifaddrs.h>
> @@ -588,18 +588,14 @@ static int proc_sys_net_write(const char *path, const char *value)
> {
> int fd, err = 0;
>
> - process_lock();
> fd = open(path, O_WRONLY);
> - process_unlock();
> if (fd < 0)
> return -errno;
>
> if (write(fd, value, strlen(value)) < 0)
> err = -errno;
>
> - process_lock();
> close(fd);
> - process_unlock();
> return err;
> }
>
> @@ -1081,9 +1077,7 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
> if (!index)
> return -EINVAL;
>
> - process_lock();
> fd = socket(AF_INET, SOCK_STREAM, 0);
> - process_unlock();
> if (fd < 0)
> return -errno;
>
> @@ -1091,9 +1085,7 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
> ifr.ifr_name[IFNAMSIZ-1] = '\0';
> ifr.ifr_ifindex = index;
> err = ioctl(fd, SIOCBRADDIF, &ifr);
> - process_lock();
> close(fd);
> - process_unlock();
> if (err)
> err = -errno;
>
> @@ -1131,15 +1123,11 @@ char *lxc_mkifname(char *template)
> getifaddrs(&ifaddr);
>
> /* Initialize the random number generator */
> - process_lock();
> urandom = fopen ("/dev/urandom", "r");
> - process_unlock();
> if (urandom != NULL) {
> if (fread (&seed, sizeof(seed), 1, urandom) <= 0)
> seed = time(0);
> - process_lock();
> fclose(urandom);
> - process_unlock();
> }
> else
> seed = time(0);
> @@ -1189,26 +1177,20 @@ int setup_private_host_hw_addr(char *veth1)
> int err;
> int sockfd;
>
> - process_lock();
> sockfd = socket(AF_INET, SOCK_DGRAM, 0);
> - process_unlock();
> if (sockfd < 0)
> return -errno;
>
> snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
> err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
> if (err < 0) {
> - process_lock();
> close(sockfd);
> - process_unlock();
> return -errno;
> }
>
> ifr.ifr_hwaddr.sa_data[0] = 0xfe;
> err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
> - process_lock();
> close(sockfd);
> - process_unlock();
> if (err < 0)
> return -errno;
>
> diff --git a/src/lxc/nl.c b/src/lxc/nl.c
> index 6153161..7c0f1e5 100644
> --- a/src/lxc/nl.c
> +++ b/src/lxc/nl.c
> @@ -31,7 +31,6 @@
> #include <linux/rtnetlink.h>
>
> #include "nl.h"
> -#include "lxclock.h"
>
> #define NLMSG_TAIL(nmsg) \
> ((struct rtattr *) (((void *) (nmsg)) + NLMSG_ALIGN((nmsg)->nlmsg_len)))
> @@ -223,9 +222,7 @@ extern int netlink_open(struct nl_handler *handler, int protocol)
>
> memset(handler, 0, sizeof(*handler));
>
> - process_lock();
> handler->fd = socket(AF_NETLINK, SOCK_RAW, protocol);
> - process_unlock();
> if (handler->fd < 0)
> return -errno;
>
> @@ -263,9 +260,7 @@ extern int netlink_open(struct nl_handler *handler, int protocol)
>
> extern int netlink_close(struct nl_handler *handler)
> {
> - process_lock();
> close(handler->fd);
> - process_unlock();
> handler->fd = -1;
> return 0;
> }
> diff --git a/src/lxc/parse.c b/src/lxc/parse.c
> index dcf5cf0..c2cd621 100644
> --- a/src/lxc/parse.c
> +++ b/src/lxc/parse.c
> @@ -31,7 +31,6 @@
> #include "parse.h"
> #include "config.h"
> #include "utils.h"
> -#include "lxclock.h"
> #include <lxc/log.h>
>
> /* Workaround for the broken signature of alphasort() in bionic.
> @@ -91,9 +90,7 @@ int lxc_file_for_each_line(const char *file, lxc_file_cb callback, void *data)
> char *line = NULL;
> size_t len = 0;
>
> - process_lock();
> f = fopen(file, "r");
> - process_unlock();
> if (!f) {
> SYSERROR("failed to open %s", file);
> return -1;
> @@ -112,9 +109,7 @@ int lxc_file_for_each_line(const char *file, lxc_file_cb callback, void *data)
>
> if (line)
> free(line);
> - process_lock();
> fclose(f);
> - process_unlock();
> return err;
> }
>
> diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
> index 9246f2d..1abd697 100644
> --- a/src/lxc/seccomp.c
> +++ b/src/lxc/seccomp.c
> @@ -29,7 +29,6 @@
> #include <seccomp.h>
> #include "config.h"
> #include "lxcseccomp.h"
> -#include "lxclock.h"
>
> #include "log.h"
>
> @@ -115,17 +114,13 @@ int lxc_read_seccomp_config(struct lxc_conf *conf)
> return -1;
> }
>
> - process_lock();
> f = fopen(conf->seccomp, "r");
> - process_unlock();
> if (!f) {
> SYSERROR("failed to open seccomp policy file %s\n", conf->seccomp);
> return -1;
> }
> ret = parse_config(f, conf);
> - process_lock();
> fclose(f);
> - process_unlock();
> return ret;
> }
>
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 251bd26..7395aea 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -70,7 +70,6 @@
> #include "namespace.h"
> #include "lxcseccomp.h"
> #include "caps.h"
> -#include "lxclock.h"
> #include "lsm/lsm.h"
>
> lxc_log_define(lxc_start, lxc);
> @@ -87,14 +86,12 @@ const struct ns_info ns_info[LXC_NS_MAX] = {
> static void close_ns(int ns_fd[LXC_NS_MAX]) {
> int i;
>
> - process_lock();
> for (i = 0; i < LXC_NS_MAX; i++) {
> if (ns_fd[i] > -1) {
> close(ns_fd[i]);
> ns_fd[i] = -1;
> }
> }
> - process_unlock();
> }
>
> static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags) {
> @@ -113,9 +110,7 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags) {
> if ((clone_flags & ns_info[i].clone_flag) == 0)
> continue;
> snprintf(path, MAXPATHLEN, "/proc/self/ns/%s", ns_info[i].proc_name);
> - process_lock();
> ns_fd[i] = open(path, O_RDONLY | O_CLOEXEC);
> - process_unlock();
> if (ns_fd[i] < 0)
> goto error;
> }
> @@ -159,9 +154,7 @@ int lxc_check_inherited(struct lxc_conf *conf, int fd_to_ignore)
> DIR *dir;
>
> restart:
> - process_lock();
> dir = opendir("/proc/self/fd");
> - process_unlock();
> if (!dir) {
> WARN("failed to open directory: %m");
> return -1;
> @@ -188,19 +181,15 @@ restart:
> continue;
>
> if (conf->close_all_fds) {
> - process_lock();
> close(fd);
> closedir(dir);
> - process_unlock();
> INFO("closed inherited fd %d", fd);
> goto restart;
> }
> WARN("inherited fd %d", fd);
> }
>
> - process_lock();
> closedir(dir); /* cannot fail */
> - process_unlock();
> return 0;
> }
>
> @@ -337,9 +326,7 @@ int lxc_poll(const char *name, struct lxc_handler *handler)
> out_mainloop_open:
> lxc_mainloop_close(&descr);
> out_sigfd:
> - process_lock();
> close(sigfd);
> - process_unlock();
> return -1;
> }
>
> @@ -440,9 +427,7 @@ out_delete_tty:
> out_aborting:
> lxc_set_state(name, handler, ABORTING);
> out_close_maincmd_fd:
> - process_lock();
> close(conf->maincmd_fd);
> - process_unlock();
> conf->maincmd_fd = -1;
> out_free_name:
> free(handler->name);
> @@ -469,9 +454,7 @@ static void lxc_fini(const char *name, struct lxc_handler *handler)
>
> lxc_console_delete(&handler->conf->console);
> lxc_delete_tty(&handler->conf->tty_info);
> - process_lock();
> close(handler->conf->maincmd_fd);
> - process_unlock();
> handler->conf->maincmd_fd = -1;
> free(handler->name);
> if (handler->cgroup) {
> @@ -519,18 +502,14 @@ static int must_drop_cap_sys_boot(struct lxc_conf *conf)
> int status;
> pid_t pid;
>
> - process_lock();
> f = fopen("/proc/sys/kernel/ctrl-alt-del", "r");
> - process_unlock();
> if (!f) {
> DEBUG("failed to open /proc/sys/kernel/ctrl-alt-del");
> return 1;
> }
>
> ret = fscanf(f, "%d", &v);
> - process_lock();
> fclose(f);
> - process_unlock();
> if (ret != 1) {
> DEBUG("Failed to read /proc/sys/kernel/ctrl-alt-del");
> return 1;
> @@ -587,9 +566,7 @@ static int do_start(void *data)
>
> /* don't leak the pinfd to the container */
> if (handler->pinfd >= 0) {
> - process_lock();
> close(handler->pinfd);
> - process_unlock();
> }
>
> /* Tell the parent task it can begin to configure the
> @@ -666,9 +643,7 @@ static int do_start(void *data)
> goto out_warn_father;
> }
>
> - process_lock();
> close(handler->sigfd);
> - process_unlock();
>
> /* after this call, we are in error because this
> * ops should not return as it execs */
> @@ -913,9 +888,7 @@ out_abort:
> lxc_abort(name, handler);
> lxc_sync_fini(handler);
> if (handler->pinfd >= 0) {
> - process_lock();
> close(handler->pinfd);
> - process_unlock();
> handler->pinfd = -1;
> }
>
> @@ -987,9 +960,7 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
> lxc_rename_phys_nics_on_shutdown(handler->conf);
>
> if (handler->pinfd >= 0) {
> - process_lock();
> close(handler->pinfd);
> - process_unlock();
> handler->pinfd = -1;
> }
>
> diff --git a/src/lxc/state.c b/src/lxc/state.c
> index 92be560..398833a 100644
> --- a/src/lxc/state.c
> +++ b/src/lxc/state.c
> @@ -39,7 +39,6 @@
> #include <lxc/monitor.h>
> #include "commands.h"
> #include "config.h"
> -#include "lxclock.h"
>
> lxc_log_define(lxc_state, lxc);
>
> @@ -84,18 +83,14 @@ static lxc_state_t freezer_state(const char *name, const char *lxcpath)
> if (ret < 0 || ret >= MAXPATHLEN)
> goto out;
>
> - process_lock();
> file = fopen(freezer, "r");
> - process_unlock();
> if (!file) {
> ret = -1;
> goto out;
> }
>
> ret = fscanf(file, "%s", status);
> - process_lock();
> fclose(file);
> - process_unlock();
>
> if (ret == EOF) {
> SYSERROR("failed to read %s", freezer);
> diff --git a/src/lxc/sync.c b/src/lxc/sync.c
> index a3b4a1a..52e02ae 100644
> --- a/src/lxc/sync.c
> +++ b/src/lxc/sync.c
> @@ -29,7 +29,6 @@
>
> #include "log.h"
> #include "start.h"
> -#include "lxclock.h"
>
> lxc_log_define(lxc_sync, lxc);
>
> @@ -102,9 +101,7 @@ int lxc_sync_init(struct lxc_handler *handler)
> {
> int ret;
>
> - process_lock();
> ret = socketpair(AF_LOCAL, SOCK_STREAM, 0, handler->sv);
> - process_unlock();
> if (ret) {
> SYSERROR("failed to create synchronization socketpair");
> return -1;
> @@ -119,9 +116,7 @@ int lxc_sync_init(struct lxc_handler *handler)
> void lxc_sync_fini_child(struct lxc_handler *handler)
> {
> if (handler->sv[0] != -1) {
> - process_lock();
> close(handler->sv[0]);
> - process_unlock();
> handler->sv[0] = -1;
> }
> }
> @@ -129,9 +124,7 @@ void lxc_sync_fini_child(struct lxc_handler *handler)
> void lxc_sync_fini_parent(struct lxc_handler *handler)
> {
> if (handler->sv[1] != -1) {
> - process_lock();
> close(handler->sv[1]);
> - process_unlock();
> handler->sv[1] = -1;
> }
> }
> diff --git a/src/lxc/utils.c b/src/lxc/utils.c
> index dc30a77..9f618e7 100644
> --- a/src/lxc/utils.c
> +++ b/src/lxc/utils.c
> @@ -61,9 +61,7 @@ static int _recursive_rmdir_onedev(char *dirname, dev_t pdev)
> int ret, failed=0;
> char pathname[MAXPATHLEN];
>
> - process_lock();
> dir = opendir(dirname);
> - process_unlock();
> if (!dir) {
> ERROR("%s: failed to open %s", __func__, dirname);
> return -1;
> @@ -110,9 +108,7 @@ static int _recursive_rmdir_onedev(char *dirname, dev_t pdev)
> failed=1;
> }
>
> - process_lock();
> ret = closedir(dir);
> - process_unlock();
> if (ret) {
> ERROR("%s: failed to close directory %s", __func__, dirname);
> failed=1;
> @@ -303,10 +299,8 @@ const char *lxc_global_config_value(const char *option_name)
> }
> static_unlock();
>
> - process_lock();
> fin = fopen_cloexec(user_config_path, "r");
> free(user_config_path);
> - process_unlock();
> if (fin) {
> while (fgets(buf, 1024, fin)) {
> if (buf[0] == '#')
> @@ -362,10 +356,8 @@ const char *lxc_global_config_value(const char *option_name)
> static_unlock();
>
> out:
> - process_lock();
> if (fin)
> fclose(fin);
> - process_unlock();
>
> static_lock();
> value = values[i];
> @@ -482,15 +474,6 @@ ssize_t lxc_read_nointr_expect(int fd, void* buf, size_t count, const void* expe
> return ret;
> }
>
> -static inline int lock_fclose(FILE *f)
> -{
> - int ret;
> - process_lock();
> - ret = fclose(f);
> - process_unlock();
> - return ret;
> -}
> -
> #if HAVE_LIBGNUTLS
> #include <gnutls/gnutls.h>
> #include <gnutls/crypto.h>
> @@ -510,40 +493,38 @@ int sha1sum_file(char *fnam, unsigned char *digest)
>
> if (!fnam)
> return -1;
> - process_lock();
> f = fopen_cloexec(fnam, "r");
> - process_unlock();
> if (!f) {
> SYSERROR("Error opening template");
> return -1;
> }
> if (fseek(f, 0, SEEK_END) < 0) {
> SYSERROR("Error seeking to end of template");
> - lock_fclose(f);
> + fclose(f);
> return -1;
> }
> if ((flen = ftell(f)) < 0) {
> SYSERROR("Error telling size of template");
> - lock_fclose(f);
> + fclose(f);
> return -1;
> }
> if (fseek(f, 0, SEEK_SET) < 0) {
> SYSERROR("Error seeking to start of template");
> - lock_fclose(f);
> + fclose(f);
> return -1;
> }
> if ((buf = malloc(flen+1)) == NULL) {
> SYSERROR("Out of memory");
> - lock_fclose(f);
> + fclose(f);
> return -1;
> }
> if (fread(buf, 1, flen, f) != flen) {
> SYSERROR("Failure reading template");
> free(buf);
> - lock_fclose(f);
> + fclose(f);
> return -1;
> }
> - if (lock_fclose(f) < 0) {
> + if (fclose(f) < 0) {
> SYSERROR("Failre closing template");
> free(buf);
> return -1;
> @@ -600,10 +581,6 @@ const char** lxc_va_arg_list_to_argv_const(va_list ap, size_t skip)
> return (const char**)lxc_va_arg_list_to_argv(ap, skip, 0);
> }
>
> -/*
> - * fopen_cloexec: must be called with process_lock() held
> - * if it is needed.
> - */
> FILE *fopen_cloexec(const char *path, const char *mode)
> {
> int open_mode = 0;
> @@ -648,7 +625,6 @@ FILE *fopen_cloexec(const char *path, const char *mode)
> return ret;
> }
>
> -/* must be called with process_lock() held */
> extern struct lxc_popen_FILE *lxc_popen(const char *command)
> {
> struct lxc_popen_FILE *fp = NULL;
> @@ -746,7 +722,6 @@ error:
> return NULL;
> }
>
> -/* must be called with process_lock() held */
> extern int lxc_pclose(struct lxc_popen_FILE *fp)
> {
> FILE *f = NULL;
> @@ -1086,9 +1061,7 @@ int lxc_write_to_file(const char *filename, const void* buf, size_t count, bool
> int fd, saved_errno;
> ssize_t ret;
>
> - process_lock();
> fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
> - process_unlock();
> if (fd < 0)
> return -1;
> ret = lxc_write_nointr(fd, buf, count);
> @@ -1101,16 +1074,12 @@ int lxc_write_to_file(const char *filename, const void* buf, size_t count, bool
> if (ret != 1)
> goto out_error;
> }
> - process_lock();
> close(fd);
> - process_unlock();
> return 0;
>
> out_error:
> saved_errno = errno;
> - process_lock();
> close(fd);
> - process_unlock();
> errno = saved_errno;
> return -1;
> }
> @@ -1120,9 +1089,7 @@ int lxc_read_from_file(const char *filename, void* buf, size_t count)
> int fd = -1, saved_errno;
> ssize_t ret;
>
> - process_lock();
> fd = open(filename, O_RDONLY | O_CLOEXEC);
> - process_unlock();
> if (fd < 0)
> return -1;
>
> @@ -1142,9 +1109,7 @@ int lxc_read_from_file(const char *filename, void* buf, size_t count)
> ERROR("read %s: %s", filename, strerror(errno));
>
> saved_errno = errno;
> - process_lock();
> close(fd);
> - process_unlock();
> errno = saved_errno;
> return ret;
> }
> diff --git a/src/lxc/utils.h b/src/lxc/utils.h
> index 945f1de..2992f90 100644
> --- a/src/lxc/utils.h
> +++ b/src/lxc/utils.h
> @@ -172,7 +172,6 @@ struct lxc_popen_FILE {
> * via sigprocmask(2) (unblocks all signals) after fork(2) but prior to calling exec(3).
> * In short, popen(command, "re") does pipe() + fork() + exec()
> * while lxc_popen(command) does pipe() + fork() + sigprocmask() + exec().
> - * Must be called with process_lock() held.
> * Returns pointer to struct lxc_popen_FILE, that should be freed with lxc_pclose().
> * On error returns NULL.
> */
> @@ -182,7 +181,6 @@ extern struct lxc_popen_FILE *lxc_popen(const char *command);
> * returned by lxc_popen().
> * Waits for associated process to terminate, returns its exit status and
> * frees resources, pointed to by struct lxc_popen_FILE *.
> - * Must be called with process_lock() held.
> */
> extern int lxc_pclose(struct lxc_popen_FILE *fp);
>
> --
> 1.8.4.5
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list