[lxc-devel] [lxc/master] lxc_init: fix cgroup parsing

Thu Dec 14 22:02:53 UTC 2017

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 404 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171214/24a531f2/attachment.bin>
-------------- next part --------------
From 2a934645e12559c5e2c5145aa35f1c8b576bff44 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Dec 2017 22:45:56 +0100
Subject: [PATCH 1/2] tools: add missing break to lxc-execute coverity:
 #1426131

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/tools/lxc_execute.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/lxc/tools/lxc_execute.c b/src/lxc/tools/lxc_execute.c
index c25223682..137e51f6d 100644
--- a/src/lxc/tools/lxc_execute.c
+++ b/src/lxc/tools/lxc_execute.c
@@ -63,10 +63,18 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg)
 	case 'g':
 		if (lxc_safe_uint(arg, &args->gid) < 0)
 			return -1;
-	case OPT_SHARE_NET: args->share_ns[LXC_NS_NET] = arg; break;
-	case OPT_SHARE_IPC: args->share_ns[LXC_NS_IPC] = arg; break;
-	case OPT_SHARE_UTS: args->share_ns[LXC_NS_UTS] = arg; break;
-	case OPT_SHARE_PID: args->share_ns[LXC_NS_PID] = arg; break;
+	case OPT_SHARE_NET:
+		args->share_ns[LXC_NS_NET] = arg;
+		break;
+	case OPT_SHARE_IPC:
+		args->share_ns[LXC_NS_IPC] = arg;
+		break;
+	case OPT_SHARE_UTS:
+		args->share_ns[LXC_NS_UTS] = arg;
+		break;
+	case OPT_SHARE_PID:
+		args->share_ns[LXC_NS_PID] = arg;
+		break;
 	}
 	return 0;
 }

From 39b2e848e6d7ad4fadf8bbb831e91330126ed904 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Dec 2017 23:00:04 +0100
Subject: [PATCH 2/2] lxc_init: fix cgroup parsing

coverity: 1426132
coverity: 1426133

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/lxc_init.c | 83 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 44 insertions(+), 39 deletions(-)

diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c
index dcf9687de..f89b57279 100644
--- a/src/lxc/lxc_init.c
+++ b/src/lxc/lxc_init.c
@@ -98,55 +98,60 @@ static struct arguments my_args = {
 static void prevent_forking(void)
 {
 	FILE *f;
-	char name[MAXPATHLEN], path[MAXPATHLEN];
-	int ret;
+	int fd = -1;
+	size_t len = 0;
+	char *line = NULL;
+	char path[MAXPATHLEN];
 
 	f = fopen("/proc/self/cgroup", "r");
-	if (!f) {
-		SYSERROR("Failed to open \"/proc/self/cgroup\"");
+	if (!f)
 		return;
-	}
 
-	while (!feof(f)) {
-		int fd, i;
+	while (getline(&line, &len, f) != -1) {
+		int ret;
+		char *p, *p2;
 
-		if (1 != fscanf(f, "%*d:%" QUOTEVAL(MAXPATHLEN) "s", name)) {
-			ERROR("Failed to parse \"/proc/self/cgroup\"");
-			goto out;
-		}
-		path[0] = 0;
-
-		for (i = 0; i < sizeof(name); i++) {
-			if (name[i] == ':') {
-				name[i] = 0;
-				strncpy(path, name + i + 1, sizeof(path));
-				break;
-			}
-		}
-
-		if (strcmp(name, "pids"))
+		p = strchr(line, ':');
+		if (!p)
 			continue;
+		p++;
+		p2 = strchr(p, ':');
+		if (!p2)
+			continue;
+		*p2 = '\0';
 
-		ret = snprintf(name, sizeof(name), "/sys/fs/cgroup/pids/%s/pids.max", path);
-		if (ret < 0 || (size_t)ret >= sizeof(path)) {
-			ERROR("Failed to create string");
-			goto out;
-		}
-
-		fd = open(name, O_WRONLY);
-		if (fd < 0) {
-			SYSERROR("Failed to open \"%s\"", name);
-			goto out;
-		}
-
-		if (write(fd, "1", 1) != 1)
-			SYSERROR("Failed to write to \"%s\"", name);
+		/* This is a cgroup v2 entry. Skip it. */
+		if ((p2 - p) == 0)
+			continue;
 
-		close(fd);
-		break;
+		if (strncmp(p, "pids", 5) != 0)
+			continue;
+		p2++;
+
+                ret = snprintf(path, sizeof(path), "/sys/fs/cgroup/pids/%s/pids.max", p2);
+                if (ret < 0 || (size_t)ret >= sizeof(path)) {
+                        ERROR("Failed to create string");
+                        goto on_error;
+                }
+
+                fd = open(path, O_WRONLY);
+                if (fd < 0) {
+                        SYSERROR("Failed to open \"%s\"", path);
+                        goto on_error;
+                }
+
+                if (write(fd, "1", 1) != 1)
+                        SYSERROR("Failed to write to \"%s\"", path);
+
+                close(fd);
+		fd = -1;
+                break;
 	}
 
-out:
+on_error:
+	if (fd >= 0)
+		close(fd);
+	free(line);
 	fclose(f);
 }
 
