[lxc-devel] [lxc/master] attach: bugfixes

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180820/3c867f79/attachment.bin>
-------------- next part --------------
From 78726836dab46ab38ef9adfd9676de6f4c24b0ee Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 21 Aug 2018 01:05:14 +0200
Subject: [PATCH 1/3] macro: s/rexit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/attach.c | 22 +++++++---------------
 src/lxc/macro.h  |  9 +++++++++
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index f992b4f99..9d866902a 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -652,14 +652,6 @@ static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
 	 */
 }
 
-/* Help the optimizer along if it doesn't know that exit always exits. */
-#define rexit(c)                                                               \
-	do {                                                                   \
-		int __c = (c);                                                 \
-		_exit(__c);                                                    \
-		return __c;                                                    \
-	} while (0)
-
 /* Define default options if no options are supplied by the user. */
 static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
 
@@ -986,11 +978,11 @@ static int attach_child_main(struct attach_clone_payload *payload)
 	}
 
 	/* We're done, so we can now do whatever the user intended us to do. */
-	rexit(payload->exec_function(payload->exec_payload));
+	_exit(payload->exec_function(payload->exec_payload));
 
 on_error:
 	lxc_put_attach_clone_payload(payload);
-	rexit(EXIT_FAILURE);
+	_exit(EXIT_FAILURE);
 }
 
 static int lxc_attach_terminal(struct lxc_conf *conf,
@@ -1447,7 +1439,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 	if (ret != sizeof(status)) {
 		shutdown(ipc_sockets[1], SHUT_RDWR);
 		lxc_proc_put_context_info(init_ctx);
-		rexit(-1);
+		_exit(EXIT_FAILURE);
 	}
 
 	TRACE("Intermediate process starting to initialize");
@@ -1460,7 +1452,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 		ERROR("Failed to enter namespaces");
 		shutdown(ipc_sockets[1], SHUT_RDWR);
 		lxc_proc_put_context_info(init_ctx);
-		rexit(-1);
+		_exit(EXIT_FAILURE);
 	}
 
 	/* close namespace file descriptors */
@@ -1491,7 +1483,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 		SYSERROR("Failed to clone attached process");
 		shutdown(ipc_sockets[1], SHUT_RDWR);
 		lxc_proc_put_context_info(init_ctx);
-		rexit(-1);
+		_exit(EXIT_FAILURE);
 	}
 
 	if (pid == 0) {
@@ -1516,14 +1508,14 @@ int lxc_attach(const char *name, const char *lxcpath,
 		 */
 		shutdown(ipc_sockets[1], SHUT_RDWR);
 		lxc_proc_put_context_info(init_ctx);
-		rexit(-1);
+		_exit(EXIT_FAILURE);
 	}
 
 	TRACE("Sending pid %d of attached process", pid);
 
 	/* The rest is in the hands of the initial and the attached process. */
 	lxc_proc_put_context_info(init_ctx);
-	rexit(0);
+	_exit(0);
 }
 
 int lxc_attach_run_command(void* payload)
diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index 6113adc2e..5f1b4334f 100644
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -27,6 +27,7 @@
 #include <linux/loop.h>
 #include <linux/netlink.h>
 #include <linux/rtnetlink.h>
+#include <stdbool.h>
 #include <sys/mount.h>
 #include <sys/socket.h>
 
@@ -222,4 +223,12 @@ extern int __build_bug_on_failed;
 #define MS_SLAVE (1 << 19)
 #endif
 
+/* Help the optimizer along if it doesn't know that exit always exits. */
+#define rexit(c)               \
+	do {                   \
+		int __c = (c); \
+		_exit(__c);    \
+		return __c;    \
+	} while (false)
+
 #endif /* __LXC_MACRO_H */

From 88b5ffc7157ec794e4eee1555430c056f2ed33a1 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 21 Aug 2018 01:06:05 +0200
Subject: [PATCH 2/3] attach: move struct declaration to top

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/attach.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 9d866902a..4965e1e8e 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -89,6 +89,9 @@
 
 lxc_log_define(attach, lxc);
 
+/* Define default options if no options are supplied by the user. */
+static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
+
 /* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */
 #define __PROC_STATUS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
 static struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
@@ -652,9 +655,6 @@ static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
 	 */
 }
 
-/* Define default options if no options are supplied by the user. */
-static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
-
 static bool fetch_seccomp(struct lxc_container *c, lxc_attach_options_t *options)
 {
 	int ret;

From ed4d7885325a7fdb0e37ab10adca497c234efc39 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 21 Aug 2018 01:09:19 +0200
Subject: [PATCH 3/3] macro: move macros from attach.c

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/attach.c | 44 +++++++++-----------------------------------
 src/lxc/macro.h  | 20 ++++++++++++++++++++
 2 files changed, 29 insertions(+), 35 deletions(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 4965e1e8e..741767ed4 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -24,36 +24,24 @@
 #define _GNU_SOURCE
 #include <errno.h>
 #include <fcntl.h>
-#include <termios.h>
 #include <grp.h>
+#include <linux/unistd.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <unistd.h>
-#include <linux/unistd.h>
 #include <sys/mount.h>
 #include <sys/param.h>
 #include <sys/prctl.h>
 #include <sys/socket.h>
 #include <sys/syscall.h>
 #include <sys/wait.h>
+#include <termios.h>
+#include <unistd.h>
 
 #include <lxc/lxccontainer.h>
 
-#ifndef HAVE_DECL_PR_CAPBSET_DROP
-#define PR_CAPBSET_DROP 24
-#endif
-
-#ifndef HAVE_DECL_PR_SET_NO_NEW_PRIVS
-#define PR_SET_NO_NEW_PRIVS 38
-#endif
-
-#ifndef HAVE_DECL_PR_GET_NO_NEW_PRIVS
-#define PR_GET_NO_NEW_PRIVS 39
-#endif
-
 #include "af_unix.h"
 #include "attach.h"
 #include "caps.h"
@@ -75,38 +63,24 @@
 #include <sys/personality.h>
 #endif
 
-#ifndef SOCK_CLOEXEC
-#define SOCK_CLOEXEC 02000000
-#endif
-
-#ifndef MS_REC
-#define MS_REC 16384
-#endif
-
-#ifndef MS_SLAVE
-#define MS_SLAVE (1 << 19)
-#endif
-
 lxc_log_define(attach, lxc);
 
 /* Define default options if no options are supplied by the user. */
 static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
 
-/* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */
-#define __PROC_STATUS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
 static struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
 {
 	int ret;
 	bool found;
 	FILE *proc_file;
-	char proc_fn[__PROC_STATUS_LEN];
+	char proc_fn[LXC_PROC_STATUS_LEN];
 	size_t line_bufsz = 0;
 	char *line = NULL;
 	struct lxc_proc_context_info *info = NULL;
 
 	/* Read capabilities. */
-	ret = snprintf(proc_fn, __PROC_STATUS_LEN, "/proc/%d/status", pid);
-	if (ret < 0 || ret >= __PROC_STATUS_LEN)
+	ret = snprintf(proc_fn, LXC_PROC_STATUS_LEN, "/proc/%d/status", pid);
+	if (ret < 0 || ret >= LXC_PROC_STATUS_LEN)
 		goto on_error;
 
 	proc_file = fopen(proc_fn, "r");
@@ -607,7 +581,7 @@ static char *lxc_attach_getpwshell(uid_t uid)
 static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
 {
 	FILE *proc_file;
-	char proc_fn[__PROC_STATUS_LEN];
+	char proc_fn[LXC_PROC_STATUS_LEN];
 	int ret;
 	char *line = NULL;
 	size_t line_bufsz = 0;
@@ -615,8 +589,8 @@ static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
 	uid_t uid = (uid_t)-1;
 	gid_t gid = (gid_t)-1;
 
-	ret = snprintf(proc_fn, __PROC_STATUS_LEN, "/proc/%d/status", 1);
-	if (ret < 0 || ret >= __PROC_STATUS_LEN)
+	ret = snprintf(proc_fn, LXC_PROC_STATUS_LEN, "/proc/%d/status", 1);
+	if (ret < 0 || ret >= LXC_PROC_STATUS_LEN)
 		return;
 
 	proc_file = fopen(proc_fn, "r");
diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index 5f1b4334f..f44b220b4 100644
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -68,6 +68,19 @@
 #define CAP_SYS_ADMIN 21
 #endif
 
+#ifndef HAVE_DECL_PR_CAPBSET_DROP
+#define PR_CAPBSET_DROP 24
+#endif
+
+/* prctl */
+#ifndef HAVE_DECL_PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS 38
+#endif
+
+#ifndef HAVE_DECL_PR_GET_NO_NEW_PRIVS
+#define PR_GET_NO_NEW_PRIVS 39
+#endif
+
 #ifndef CGROUP_SUPER_MAGIC
 #define CGROUP_SUPER_MAGIC 0x27e0eb
 #endif
@@ -97,6 +110,8 @@
  * \0           =    1
  */
 #define LXC_PROC_PID_FD_LEN (6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1)
+/* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */
+#define LXC_PROC_STATUS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
 
 /* loop devices */
 #ifndef LO_FLAGS_AUTOCLEAR
@@ -223,6 +238,11 @@ extern int __build_bug_on_failed;
 #define MS_SLAVE (1 << 19)
 #endif
 
+/* sockets */
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC 02000000
+#endif
+
 /* Help the optimizer along if it doesn't know that exit always exits. */
 #define rexit(c)               \
 	do {                   \