[lxc-devel] [lxc/master] memory_utils: improvements
brauner on Github
lxc-bot at linuxcontainers.org
Sun Mar 15 01:41:35 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200314/6ff5d558/attachment-0001.bin>
-------------- next part --------------
From e16ad728f827f87175918cc3cfa6e67f46a3acd1 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 15 Mar 2020 01:28:22 +0100
Subject: [PATCH 1/6] memory_utils: add call_cleaner() helper
This allows to trivially declare cleanup attributes on the fly.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/memory_utils.h | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/lxc/memory_utils.h b/src/lxc/memory_utils.h
index 196c957a5f..5968eee1e0 100644
--- a/src/lxc/memory_utils.h
+++ b/src/lxc/memory_utils.h
@@ -12,13 +12,15 @@
#include "macro.h"
-#define define_cleanup_attribute(type, func) \
- static inline void func##_ptr(type *ptr) \
- { \
- if (*ptr) \
- func(*ptr); \
+#define define_cleanup_function(type, cleaner) \
+ static inline void cleaner##_function(type *ptr) \
+ { \
+ if (*ptr) \
+ cleaner(*ptr); \
}
+#define call_cleaner(cleaner) __attribute__((__cleanup__(cleaner##_function)))
+
#define free_disarm(ptr) \
({ \
free(ptr); \
@@ -38,8 +40,9 @@ static inline void free_string_list(char **list)
free_disarm(list);
}
}
-define_cleanup_attribute(char **, free_string_list);
-#define __do_free_string_list __attribute__((__cleanup__(free_string_list_ptr)))
+define_cleanup_function(char **, free_string_list);
+#define __do_free_string_list \
+ __attribute__((__cleanup__(free_string_list_function)))
static inline void __auto_fclose__(FILE **f)
{
From 1e22a68300fb2bfac51c283d59eac4b002c75e8a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 15 Mar 2020 01:37:32 +0100
Subject: [PATCH 2/6] caps: port to call_cleaner() based cleanup
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/caps.c | 181 ++++++++++++++++---------------------------------
1 file changed, 58 insertions(+), 123 deletions(-)
diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 34547304a1..b3ab37a1f5 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -15,14 +15,17 @@
#include "file_utils.h"
#include "log.h"
#include "macro.h"
+#include "memory_utils.h"
lxc_log_define(caps, lxc);
#if HAVE_LIBCAP
+define_cleanup_function(cap_t, cap_free);
+
int lxc_caps_down(void)
{
- cap_t caps;
+ call_cleaner(cap_free) cap_t caps = NULL;
int ret = -1;
/* When we are root, we don't want to play with capabilities. */
@@ -30,34 +33,23 @@ int lxc_caps_down(void)
return 0;
caps = cap_get_proc();
- if (!caps) {
- SYSERROR("Failed to retrieve capabilities");
- return ret;
- }
+ if (!caps)
+ return log_error_errno(ret, errno, "Failed to retrieve capabilities");
ret = cap_clear_flag(caps, CAP_EFFECTIVE);
- if (ret) {
- SYSERROR("Failed to clear effective capabilities");
- goto on_error;
- }
+ if (ret)
+ return log_error_errno(ret, errno, "Failed to clear effective capabilities");
ret = cap_set_proc(caps);
- if (ret) {
- SYSERROR("Failed to change effective capabilities");
- goto on_error;
- }
-
- ret = 0;
+ if (ret)
+ return log_error_errno(ret, errno, "Failed to change effective capabilities");
-on_error:
- cap_free(caps);
-
- return ret;
+ return 0;
}
int lxc_caps_up(void)
{
- cap_t caps;
+ call_cleaner(cap_free) cap_t caps = NULL;
cap_value_t cap;
int ret = -1;
@@ -66,10 +58,8 @@ int lxc_caps_up(void)
return 0;
caps = cap_get_proc();
- if (!caps) {
- SYSERROR("Failed to retrieve capabilities");
- return ret;
- }
+ if (!caps)
+ return log_error_errno(ret, errno, "Failed to retrieve capabilities");
for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
cap_flag_value_t flag;
@@ -80,49 +70,36 @@ int lxc_caps_up(void)
INFO("Last supported cap was %d", cap - 1);
break;
} else {
- SYSERROR("Failed to retrieve setting for "
- "permitted capability %d", cap - 1);
- goto on_error;
+ return log_error_errno(ret, errno, "Failed to retrieve setting for permitted capability %d", cap - 1);
}
}
ret = cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap, flag);
- if (ret) {
- SYSERROR("Failed to set effective capability %d", cap - 1);
- goto on_error;
- }
+ if (ret)
+ return log_error_errno(ret, errno, "Failed to set effective capability %d", cap - 1);
}
ret = cap_set_proc(caps);
- if (ret) {
- SYSERROR("Failed to change effective capabilities");
- goto on_error;
- }
-
- ret = 0;
-
-on_error:
- cap_free(caps);
+ if (ret)
+ return log_error_errno(ret, errno, "Failed to change effective capabilities");
- return ret;
+ return 0;
}
int lxc_ambient_caps_up(void)
{
+ call_cleaner(cap_free) cap_t caps = NULL;
+ __do_free char *cap_names = NULL;
int ret;
- cap_t caps;
cap_value_t cap;
int last_cap = CAP_LAST_CAP;
- char *cap_names = NULL;
if (!getuid() || geteuid())
return 0;
caps = cap_get_proc();
- if (!caps) {
- SYSERROR("Failed to retrieve capabilities");
- return -1;
- }
+ if (!caps)
+ return log_error_errno(-1, errno, "Failed to retrieve capabilities");
for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
cap_flag_value_t flag;
@@ -135,51 +112,37 @@ int lxc_ambient_caps_up(void)
break;
}
- SYSERROR("Failed to retrieve capability flag");
- goto out;
+ return log_error_errno(ret, errno, "Failed to retrieve capability flag");
}
ret = cap_set_flag(caps, CAP_INHERITABLE, 1, &cap, flag);
- if (ret < 0) {
- SYSERROR("Failed to set capability flag");
- goto out;
- }
+ if (ret < 0)
+ return log_error_errno(ret, errno, "Failed to set capability flag");
}
ret = cap_set_proc(caps);
- if (ret < 0) {
- SYSERROR("Failed to set capabilities");
- goto out;
- }
+ if (ret < 0)
+ return log_error_errno(ret, errno, "Failed to set capabilities");
for (cap = 0; cap <= last_cap; cap++) {
ret = prctl(PR_CAP_AMBIENT, prctl_arg(PR_CAP_AMBIENT_RAISE),
prctl_arg(cap), prctl_arg(0), prctl_arg(0));
- if (ret < 0) {
- SYSWARN("Failed to raise ambient capability %d", cap);
- goto out;
- }
+ if (ret < 0)
+ return log_warn_errno(ret, errno, "Failed to raise ambient capability %d", cap);
}
cap_names = cap_to_text(caps, NULL);
- if (!cap_names) {
- SYSWARN("Failed to convert capabilities %d", cap);
- goto out;
- }
+ if (!cap_names)
+ return log_warn_errno(0, errno, "Failed to convert capabilities %d", cap);
TRACE("Raised %s in inheritable and ambient capability set", cap_names);
-
-out:
-
- cap_free(cap_names);
- cap_free(caps);
return 0;
}
int lxc_ambient_caps_down(void)
{
+ call_cleaner(cap_free) cap_t caps = NULL;
int ret;
- cap_t caps;
cap_value_t cap;
if (!getuid() || geteuid())
@@ -187,33 +150,23 @@ int lxc_ambient_caps_down(void)
ret = prctl(PR_CAP_AMBIENT, prctl_arg(PR_CAP_AMBIENT_CLEAR_ALL),
prctl_arg(0), prctl_arg(0), prctl_arg(0));
- if (ret < 0) {
- SYSERROR("Failed to clear ambient capability set");
- return -1;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to clear ambient capability set");
caps = cap_get_proc();
- if (!caps) {
- SYSERROR("Failed to retrieve capabilities");
- return -1;
- }
+ if (!caps)
+ return log_error_errno(-1, errno, "Failed to retrieve capabilities");
for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
ret = cap_set_flag(caps, CAP_INHERITABLE, 1, &cap, CAP_CLEAR);
- if (ret < 0) {
- SYSERROR("Failed to remove capability from inheritable set");
- goto out;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to clear capability");
}
ret = cap_set_proc(caps);
- if (ret < 0) {
- SYSERROR("Failed to set capabilities");
- goto out;
- }
+ if (ret < 0)
+ return log_error_errno(ret, errno, "Failed to set capabilities");
-out:
- cap_free(caps);
return 0;
}
@@ -233,29 +186,21 @@ int lxc_caps_init(void)
INFO("Command is run as setuid root (uid: %d)", uid);
ret = prctl(PR_SET_KEEPCAPS, prctl_arg(1));
- if (ret < 0) {
- SYSERROR("Failed to set PR_SET_KEEPCAPS");
- return -1;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to set PR_SET_KEEPCAPS");
gid = getgid();
ret = setresgid(gid, gid, gid);
- if (ret < 0) {
- SYSERROR("Failed to change rgid, egid, and sgid to %d", gid);
- return -1;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to change rgid, egid, and sgid to %d", gid);
ret = setresuid(uid, uid, uid);
- if (ret < 0) {
- SYSERROR("Failed to change ruid, euid, and suid to %d", uid);
- return -1;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to change ruid, euid, and suid to %d", uid);
ret = lxc_caps_up();
- if (ret < 0) {
- SYSERROR("Failed to restore capabilities");
- return -1;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to restore capabilities");
}
if (uid == euid)
@@ -320,10 +265,8 @@ static bool lxc_cap_is_set(cap_t caps, cap_value_t cap, cap_flag_t flag)
cap_flag_value_t flagval;
ret = cap_get_flag(caps, cap, flag, &flagval);
- if (ret < 0) {
- SYSERROR("Failed to retrieve current setting for capability %d", cap);
- return false;
- }
+ if (ret < 0)
+ return log_error_errno(false, errno, "Failed to retrieve current setting for capability %d", cap);
return flagval == CAP_SET;
}
@@ -331,8 +274,7 @@ static bool lxc_cap_is_set(cap_t caps, cap_value_t cap, cap_flag_t flag)
bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag)
{
#if LIBCAP_SUPPORTS_FILE_CAPABILITIES
- bool cap_is_set;
- cap_t caps;
+ call_cleaner(cap_free) cap_t caps = NULL;
caps = cap_get_file(path);
if (!caps) {
@@ -347,9 +289,7 @@ bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag)
return false;
}
- cap_is_set = lxc_cap_is_set(caps, cap, flag);
- cap_free(caps);
- return cap_is_set;
+ return lxc_cap_is_set(caps, cap, flag);
#else
errno = ENODATA;
return false;
@@ -358,17 +298,12 @@ bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag)
bool lxc_proc_cap_is_set(cap_value_t cap, cap_flag_t flag)
{
- bool cap_is_set;
- cap_t caps;
+ call_cleaner(cap_free) cap_t caps = NULL;
caps = cap_get_proc();
- if (!caps) {
- SYSERROR("Failed to retrieve capabilities");
- return false;
- }
+ if (!caps)
+ return log_error_errno(false, errno, "Failed to retrieve capabilities");
- cap_is_set = lxc_cap_is_set(caps, cap, flag);
- cap_free(caps);
- return cap_is_set;
+ return lxc_cap_is_set(caps, cap, flag);
}
#endif
From 5a07663367606d138d62323e245cf289706640f6 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 15 Mar 2020 01:55:24 +0100
Subject: [PATCH 3/6] tree-wide: port cgroup cleanup to
call_cleaner(cgroup_exit)
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/attach.c | 2 +-
src/lxc/cgroups/cgroup.h | 11 +++--------
src/lxc/freezer.c | 2 +-
src/lxc/lxccontainer.c | 21 ++++++---------------
4 files changed, 11 insertions(+), 25 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 26fd753ecc..d147a59ed1 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -1176,7 +1176,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
*/
ret = cgroup_attach(name, lxcpath, pid);
if (ret) {
- __do_cgroup_exit struct cgroup_ops *cgroup_ops = NULL;
+ call_cleaner(cgroup_exit) struct cgroup_ops *cgroup_ops = NULL;
cgroup_ops = cgroup_init(conf);
if (!cgroup_ops)
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
index 309f31fae7..9f44ad51ba 100644
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -8,6 +8,7 @@
#include <sys/types.h>
#include "macro.h"
+#include "memory_utils.h"
#define DEFAULT_CGROUP_MOUNTPOINT "/sys/fs/cgroup"
#define DEFAULT_PAYLOAD_CGROUP_PREFIX "lxc.payload."
@@ -171,20 +172,14 @@ struct cgroup_ops {
};
extern struct cgroup_ops *cgroup_init(struct lxc_conf *conf);
+
extern void cgroup_exit(struct cgroup_ops *ops);
+define_cleanup_function(struct cgroup_ops *, cgroup_exit);
extern void prune_init_scope(char *cg);
-static inline void __auto_cgroup_exit__(struct cgroup_ops **ops)
-{
- if (*ops)
- cgroup_exit(*ops);
-}
-
extern int cgroup_attach(const char *name, const char *lxcpath, int64_t pid);
-#define __do_cgroup_exit __attribute__((__cleanup__(__auto_cgroup_exit__)))
-
static inline bool pure_unified_layout(const struct cgroup_ops *ops)
{
return ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED;
diff --git a/src/lxc/freezer.c b/src/lxc/freezer.c
index 13b7756158..dbb70f61df 100644
--- a/src/lxc/freezer.c
+++ b/src/lxc/freezer.c
@@ -35,7 +35,7 @@ static void notify_state_listeners(const char *name, const char *lxcpath,
static int do_freeze_thaw(bool freeze, struct lxc_conf *conf, const char *name,
const char *lxcpath)
{
- __do_cgroup_exit struct cgroup_ops *cgroup_ops = NULL;
+ call_cleaner(cgroup_exit) struct cgroup_ops *cgroup_ops = NULL;
lxc_state_t new_state = freeze ? FROZEN : THAWED;
int ret;
const char *state;
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 0c69670aae..42e3b562f7 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -3308,8 +3308,7 @@ WRAP_API_1(bool, lxcapi_set_config_path, const char *)
static bool do_lxcapi_set_cgroup_item(struct lxc_container *c, const char *subsys, const char *value)
{
- int ret;
- struct cgroup_ops *cgroup_ops;
+ call_cleaner(cgroup_exit) struct cgroup_ops *cgroup_ops = NULL;
if (!c)
return false;
@@ -3321,19 +3320,15 @@ static bool do_lxcapi_set_cgroup_item(struct lxc_container *c, const char *subsy
if (!cgroup_ops)
return false;
- ret = cgroup_ops->set(cgroup_ops, subsys, value, c->name, c->config_path);
-
- cgroup_exit(cgroup_ops);
-
- return ret == 0;
+ return cgroup_ops->set(cgroup_ops, subsys, value, c->name,
+ c->config_path) == 0;
}
WRAP_API_2(bool, lxcapi_set_cgroup_item, const char *, const char *)
static int do_lxcapi_get_cgroup_item(struct lxc_container *c, const char *subsys, char *retv, int inlen)
{
- int ret;
- struct cgroup_ops *cgroup_ops;
+ call_cleaner(cgroup_exit) struct cgroup_ops *cgroup_ops = NULL;
if (!c)
return -1;
@@ -3345,12 +3340,8 @@ static int do_lxcapi_get_cgroup_item(struct lxc_container *c, const char *subsys
if (!cgroup_ops)
return -1;
- ret = cgroup_ops->get(cgroup_ops, subsys, retv, inlen, c->name,
- c->config_path);
-
- cgroup_exit(cgroup_ops);
-
- return ret;
+ return cgroup_ops->get(cgroup_ops, subsys, retv, inlen, c->name,
+ c->config_path);
}
WRAP_API_3(int, lxcapi_get_cgroup_item, const char *, char *, int)
From 6e87cb176f72c13f97807636690cefa9a5744b03 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 15 Mar 2020 02:34:20 +0100
Subject: [PATCH 4/6] memory_utils: adapt to new infrastructure
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/memory_utils.h | 58 +++++++++++++++++-------------------------
1 file changed, 24 insertions(+), 34 deletions(-)
diff --git a/src/lxc/memory_utils.h b/src/lxc/memory_utils.h
index 5968eee1e0..6758864fd6 100644
--- a/src/lxc/memory_utils.h
+++ b/src/lxc/memory_utils.h
@@ -21,16 +21,37 @@
#define call_cleaner(cleaner) __attribute__((__cleanup__(cleaner##_function)))
+#define close_prot_errno_disarm(fd) \
+ if (fd >= 0) { \
+ int _e_ = errno; \
+ close(fd); \
+ errno = _e_; \
+ fd = -EBADF; \
+ }
+
+static inline void close_prot_errno_disarm_function(int *fd)
+{
+ close_prot_errno_disarm(*fd);
+}
+#define __do_close_prot_errno call_cleaner(close_prot_errno_disarm)
+
+define_cleanup_function(FILE *, fclose);
+#define __do_fclose call_cleaner(fclose)
+
+define_cleanup_function(DIR *, closedir);
+#define __do_closedir call_cleaner(closedir)
+
#define free_disarm(ptr) \
({ \
free(ptr); \
move_ptr(ptr); \
})
-static inline void __auto_free__(void *p)
+static inline void free_disarm_function(void *ptr)
{
- free(*(void **)p);
+ free_disarm(*(void **)ptr);
}
+#define __do_free call_cleaner(free_disarm)
static inline void free_string_list(char **list)
{
@@ -41,38 +62,7 @@ static inline void free_string_list(char **list)
}
}
define_cleanup_function(char **, free_string_list);
-#define __do_free_string_list \
- __attribute__((__cleanup__(free_string_list_function)))
-
-static inline void __auto_fclose__(FILE **f)
-{
- if (*f)
- fclose(*f);
-}
-
-static inline void __auto_closedir__(DIR **d)
-{
- if (*d)
- closedir(*d);
-}
-
-#define close_prot_errno_disarm(fd) \
- if (fd >= 0) { \
- int _e_ = errno; \
- close(fd); \
- errno = _e_; \
- fd = -EBADF; \
- }
-
-static inline void __auto_close__(int *fd)
-{
- close_prot_errno_disarm(*fd);
-}
-
-#define __do_close_prot_errno __attribute__((__cleanup__(__auto_close__)))
-#define __do_free __attribute__((__cleanup__(__auto_free__)))
-#define __do_fclose __attribute__((__cleanup__(__auto_fclose__)))
-#define __do_closedir __attribute__((__cleanup__(__auto_closedir__)))
+#define __do_free_string_list call_cleaner(free_string_list)
static inline void *memdup(const void *data, size_t len)
{
From f62cf1d486bf02319aea25ae4ecdfc3fd3c2125a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 15 Mar 2020 02:38:36 +0100
Subject: [PATCH 5/6] tree-wide: s/__do_close_prot_errno/__do_close/g
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/af_unix.c | 6 +++---
src/lxc/attach.c | 2 +-
src/lxc/cgroups/cgfsng.c | 16 ++++++++--------
src/lxc/cgroups/cgroup2_devices.c | 4 ++--
src/lxc/cmd/lxc_user_nic.c | 2 +-
src/lxc/commands.c | 14 +++++++-------
src/lxc/commands_utils.c | 2 +-
src/lxc/conf.c | 10 +++++-----
src/lxc/file_utils.c | 20 ++++++++++----------
src/lxc/lxccontainer.c | 8 ++++----
src/lxc/memory_utils.h | 2 +-
src/lxc/rexec.c | 4 ++--
src/lxc/seccomp.c | 8 ++++----
src/lxc/start.c | 8 ++++----
src/lxc/terminal.c | 2 +-
src/lxc/utils.c | 4 ++--
src/lxc/uuid.c | 2 +-
17 files changed, 57 insertions(+), 57 deletions(-)
diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 04aef44ade..e17208888a 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -53,7 +53,7 @@ static ssize_t lxc_abstract_unix_set_sockaddr(struct sockaddr_un *addr,
int lxc_abstract_unix_open(const char *path, int type, int flags)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int ret;
ssize_t len;
struct sockaddr_un addr;
@@ -90,7 +90,7 @@ void lxc_abstract_unix_close(int fd)
int lxc_abstract_unix_connect(const char *path)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int ret;
ssize_t len;
struct sockaddr_un addr;
@@ -326,7 +326,7 @@ int lxc_unix_sockaddr(struct sockaddr_un *ret, const char *path)
int lxc_unix_connect_type(struct sockaddr_un *addr, int type)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int ret;
ssize_t len;
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index d147a59ed1..d9da4ad81e 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -131,7 +131,7 @@ static void lxc_proc_put_context_info(struct lxc_proc_context_info *ctx)
*/
static int in_same_namespace(pid_t pid1, pid_t pid2, const char *ns)
{
- __do_close_prot_errno int ns_fd1 = -1, ns_fd2 = -1;
+ __do_close int ns_fd1 = -1, ns_fd2 = -1;
int ret = -1;
struct stat ns_st1, ns_st2;
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 462ee3696c..b78779ef77 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -494,7 +494,7 @@ static int cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h,
const char *cgroup_leaf)
{
__do_free char *parent_cgroup = NULL, *child_cgroup = NULL, *dup = NULL;
- __do_close_prot_errno int cgroup_fd = -EBADF;
+ __do_close int cgroup_fd = -EBADF;
int fret = -1;
int ret;
char v;
@@ -1169,10 +1169,10 @@ static void cgroup_remove_leaf(struct hierarchy *h, bool payload)
__do_free char *full_path = NULL;
if (payload) {
- __lxc_unused __do_close_prot_errno int fd = move_fd(h->cgfd_con);
+ __lxc_unused __do_close int fd = move_fd(h->cgfd_con);
full_path = move_ptr(h->container_full_path);
} else {
- __lxc_unused __do_close_prot_errno int fd = move_fd(h->cgfd_mon);
+ __lxc_unused __do_close int fd = move_fd(h->cgfd_mon);
full_path = move_ptr(h->monitor_full_path);
}
@@ -1866,7 +1866,7 @@ static bool cg_legacy_freeze(struct cgroup_ops *ops)
static int freezer_cgroup_events_cb(int fd, uint32_t events, void *cbdata,
struct lxc_epoll_descr *descr)
{
- __do_close_prot_errno int duped_fd = -EBADF;
+ __do_close int duped_fd = -EBADF;
__do_free char *line = NULL;
__do_fclose FILE *f = NULL;
int state = PTR_TO_INT(cbdata);
@@ -1899,7 +1899,7 @@ static int freezer_cgroup_events_cb(int fd, uint32_t events, void *cbdata,
static int cg_unified_freeze(struct cgroup_ops *ops, int timeout)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
__do_lxc_mainloop_close struct lxc_epoll_descr *descr_ptr = NULL;
int ret;
struct lxc_epoll_descr descr;
@@ -1967,7 +1967,7 @@ static int cg_legacy_unfreeze(struct cgroup_ops *ops)
static int cg_unified_unfreeze(struct cgroup_ops *ops, int timeout)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
__do_lxc_mainloop_close struct lxc_epoll_descr *descr_ptr = NULL;
int ret;
struct lxc_epoll_descr descr;
@@ -2099,7 +2099,7 @@ static int cgroup_attach_leaf(int unified_fd, int64_t pid)
int cgroup_attach(const char *name, const char *lxcpath, int64_t pid)
{
- __do_close_prot_errno int unified_fd = -EBADF;
+ __do_close int unified_fd = -EBADF;
unified_fd = lxc_cmd_get_cgroup2_fd(name, lxcpath);
if (unified_fd < 0)
@@ -2121,7 +2121,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
const char *lxcpath, pid_t pid,
const char *controller)
{
- __do_close_prot_errno int unified_fd = -EBADF;
+ __do_close int unified_fd = -EBADF;
int ret;
ret = cgroup_attach(name, lxcpath, pid);
diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c
index eef4647b09..11e2bdd986 100644
--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -341,7 +341,7 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
const char *path, uint32_t flags)
{
__do_free char *copy = NULL;
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
union bpf_attr attr;
int ret;
@@ -396,7 +396,7 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
int bpf_program_cgroup_detach(struct bpf_program *prog)
{
int ret;
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
if (!prog)
return 0;
diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
index f2388a5b4c..7a2e47011b 100644
--- a/src/lxc/cmd/lxc_user_nic.c
+++ b/src/lxc/cmd/lxc_user_nic.c
@@ -73,7 +73,7 @@ __noreturn static void usage(bool fail)
static int open_and_lock(const char *path)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int ret;
struct flock lk;
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index 08fada3ac2..204af14f30 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -111,7 +111,7 @@ static const char *lxc_cmd_str(lxc_cmd_t cmd)
*/
static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
{
- __do_close_prot_errno int fd_rsp = -EBADF;
+ __do_close int fd_rsp = -EBADF;
int ret;
struct lxc_cmd_rsp *rsp = &cmd->rsp;
@@ -214,7 +214,7 @@ static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
const char *lxcpath, const char *hashed_sock_name)
{
- __do_close_prot_errno int client_fd = -EBADF;
+ __do_close int client_fd = -EBADF;
ssize_t ret = -1;
client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
@@ -267,7 +267,7 @@ static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
const char *lxcpath, const char *hashed_sock_name)
{
- __do_close_prot_errno int client_fd = -EBADF;
+ __do_close int client_fd = -EBADF;
int ret = -1;
bool stay_connected = false;
@@ -898,7 +898,7 @@ int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
lxc_state_t states[MAX_STATE],
int *state_client_fd)
{
- __do_close_prot_errno int clientfd = -EBADF;
+ __do_close int clientfd = -EBADF;
int state, stopped;
ssize_t ret;
struct lxc_cmd_rr cmd = {
@@ -1217,7 +1217,7 @@ static int lxc_cmd_seccomp_notify_add_listener_callback(int fd,
#ifdef HAVE_SECCOMP_NOTIFY
int ret;
- __do_close_prot_errno int recv_fd = -EBADF;
+ __do_close int recv_fd = -EBADF;
ret = lxc_abstract_unix_recv_fds(fd, &recv_fd, 1, NULL, 0);
if (ret <= 0) {
@@ -1505,7 +1505,7 @@ static int lxc_cmd_handler(int fd, uint32_t events, void *data,
static int lxc_cmd_accept(int fd, uint32_t events, void *data,
struct lxc_epoll_descr *descr)
{
- __do_close_prot_errno int connection = -EBADF;
+ __do_close int connection = -EBADF;
int opt = 1, ret = -1;
connection = accept(fd, NULL, 0);
@@ -1531,7 +1531,7 @@ static int lxc_cmd_accept(int fd, uint32_t events, void *data,
int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int ret;
char path[LXC_AUDS_ADDR_LEN] = {0};
diff --git a/src/lxc/commands_utils.c b/src/lxc/commands_utils.c
index dbc06bf334..2f2670d748 100644
--- a/src/lxc/commands_utils.c
+++ b/src/lxc/commands_utils.c
@@ -57,7 +57,7 @@ int lxc_cmd_sock_rcv_state(int state_client_fd, int timeout)
int lxc_cmd_sock_get_state(const char *name, const char *lxcpath,
lxc_state_t states[MAX_STATE], int timeout)
{
- __do_close_prot_errno int state_client_fd = -EBADF;
+ __do_close int state_client_fd = -EBADF;
int ret;
ret = lxc_cmd_add_state_client(name, lxcpath, states, &state_client_fd);
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 0113079f45..08e6da29e9 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1380,7 +1380,7 @@ int lxc_chroot(const struct lxc_rootfs *rootfs)
*/
static int lxc_pivot_root(const char *rootfs)
{
- __do_close_prot_errno int oldroot = -EBADF, newroot = -EBADF;
+ __do_close int oldroot = -EBADF, newroot = -EBADF;
int ret;
oldroot = open("/", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
@@ -2193,7 +2193,7 @@ static const char nesting_helpers[] =
FILE *make_anonymous_mount_file(struct lxc_list *mount,
bool include_nesting_helpers)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
FILE *f;
int ret;
char *mount_entry;
@@ -2567,12 +2567,12 @@ struct lxc_conf *lxc_conf_init(void)
int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
size_t buf_size)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int ret;
char path[PATH_MAX];
if (geteuid() != 0 && idtype == ID_TYPE_GID) {
- __do_close_prot_errno int setgroups_fd = -EBADF;
+ __do_close int setgroups_fd = -EBADF;
ret = snprintf(path, PATH_MAX, "/proc/%d/setgroups", pid);
if (ret < 0 || ret >= PATH_MAX)
@@ -3018,7 +3018,7 @@ void remount_all_slave(void)
{
__do_free char *line = NULL;
__do_fclose FILE *f = NULL;
- __do_close_prot_errno int memfd = -EBADF, mntinfo_fd = -EBADF;
+ __do_close int memfd = -EBADF, mntinfo_fd = -EBADF;
int ret;
ssize_t copied;
size_t len = 0;
diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index 747e5c18cf..ab445751bd 100644
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -27,7 +27,7 @@ int lxc_open_dirfd(const char *dir)
int lxc_readat(int dirfd, const char *filename, void *buf, size_t count)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
ssize_t ret;
fd = openat(dirfd, filename, O_RDONLY | O_CLOEXEC);
@@ -43,7 +43,7 @@ int lxc_readat(int dirfd, const char *filename, void *buf, size_t count)
int lxc_writeat(int dirfd, const char *filename, const void *buf, size_t count)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
ssize_t ret;
fd = openat(dirfd, filename,
@@ -61,7 +61,7 @@ int lxc_writeat(int dirfd, const char *filename, const void *buf, size_t count)
int lxc_write_openat(const char *dir, const char *filename, const void *buf,
size_t count)
{
- __do_close_prot_errno int dirfd = -EBADF;
+ __do_close int dirfd = -EBADF;
dirfd = open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
if (dirfd < 0)
@@ -73,7 +73,7 @@ int lxc_write_openat(const char *dir, const char *filename, const void *buf,
int lxc_write_to_file(const char *filename, const void *buf, size_t count,
bool add_newline, mode_t mode)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
ssize_t ret;
fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, mode);
@@ -98,7 +98,7 @@ int lxc_write_to_file(const char *filename, const void *buf, size_t count,
int lxc_read_from_file(const char *filename, void *buf, size_t count)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
ssize_t ret;
fd = open(filename, O_RDONLY | O_CLOEXEC);
@@ -203,7 +203,7 @@ ssize_t lxc_read_nointr_expect(int fd, void *buf, size_t count,
ssize_t lxc_read_file_expect(const char *path, void *buf, size_t count,
const void *expected_buf)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd < 0)
@@ -268,7 +268,7 @@ int lxc_count_file_lines(const char *fn)
int lxc_make_tmpfile(char *template, bool rm)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int ret;
mode_t msk;
@@ -322,7 +322,7 @@ bool fhas_fs_type(int fd, fs_type_magic magic_val)
FILE *fopen_cloexec(const char *path, const char *mode)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int open_mode = 0, step = 0;
FILE *f;
@@ -430,7 +430,7 @@ static char *fd_to_buf(int fd, size_t *length)
char *file_to_buf(const char *path, size_t *length)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
if (!length)
return NULL;
@@ -482,7 +482,7 @@ FILE *fdopen_cached(int fd, const char *mode, void **caller_freed_buffer)
#else
- __do_close_prot_errno int dupfd = -EBADF;
+ __do_close int dupfd = -EBADF;
dupfd = dup(fd);
if (dupfd < 0)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 42e3b562f7..06a1eb9b61 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -140,7 +140,7 @@ enum {
static int ongoing_create(struct lxc_container *c)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
__do_free char *path = NULL;
struct flock lk = {0};
int ret;
@@ -1976,7 +1976,7 @@ static bool lxcapi_create(struct lxc_container *c, const char *t,
static bool do_lxcapi_reboot(struct lxc_container *c)
{
- __do_close_prot_errno int pidfd = -EBADF;
+ __do_close int pidfd = -EBADF;
pid_t pid = -1;
int ret;
int rebootsignal = SIGINT;
@@ -2012,7 +2012,7 @@ WRAP_API(bool, lxcapi_reboot)
static bool do_lxcapi_reboot2(struct lxc_container *c, int timeout)
{
- __do_close_prot_errno int pidfd = -EBADF, state_client_fd = -EBADF;
+ __do_close int pidfd = -EBADF, state_client_fd = -EBADF;
int rebootsignal = SIGINT;
pid_t pid = -1;
lxc_state_t states[MAX_STATE] = {0};
@@ -2081,7 +2081,7 @@ WRAP_API_1(bool, lxcapi_reboot2, int)
static bool do_lxcapi_shutdown(struct lxc_container *c, int timeout)
{
- __do_close_prot_errno int pidfd = -EBADF, state_client_fd = -EBADF;
+ __do_close int pidfd = -EBADF, state_client_fd = -EBADF;
int haltsignal = SIGPWR;
pid_t pid = -1;
lxc_state_t states[MAX_STATE] = {0};
diff --git a/src/lxc/memory_utils.h b/src/lxc/memory_utils.h
index 6758864fd6..29878fb67d 100644
--- a/src/lxc/memory_utils.h
+++ b/src/lxc/memory_utils.h
@@ -33,7 +33,7 @@ static inline void close_prot_errno_disarm_function(int *fd)
{
close_prot_errno_disarm(*fd);
}
-#define __do_close_prot_errno call_cleaner(close_prot_errno_disarm)
+#define __do_close call_cleaner(close_prot_errno_disarm)
define_cleanup_function(FILE *, fclose);
#define __do_fclose call_cleaner(fclose)
diff --git a/src/lxc/rexec.c b/src/lxc/rexec.c
index 00b5f142e5..c9c84b8c1a 100644
--- a/src/lxc/rexec.c
+++ b/src/lxc/rexec.c
@@ -65,7 +65,7 @@ static int parse_argv(char ***argv)
static int is_memfd(void)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int seals;
fd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
@@ -87,7 +87,7 @@ static int is_memfd(void)
static void lxc_rexec_as_memfd(char **argv, char **envp, const char *memfd_name)
{
- __do_close_prot_errno int execfd = -EBADF, fd = -EBADF, memfd = -EBADF,
+ __do_close int execfd = -EBADF, fd = -EBADF, memfd = -EBADF,
tmpfd = -EBADF;
int ret;
ssize_t bytes_sent = 0;
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 0c56ec5caf..6aedb5274d 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1299,7 +1299,7 @@ void lxc_seccomp_free(struct lxc_seccomp *seccomp)
#if HAVE_DECL_SECCOMP_NOTIFY_FD
static int seccomp_notify_reconnect(struct lxc_handler *handler)
{
- __do_close_prot_errno int notify_fd = -EBADF;
+ __do_close int notify_fd = -EBADF;
close_prot_errno_disarm(handler->conf->seccomp.notifier.proxy_fd);
@@ -1338,8 +1338,8 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
{
#if HAVE_DECL_SECCOMP_NOTIFY_FD
- __do_close_prot_errno int fd_pid = -EBADF;
- __do_close_prot_errno int fd_mem = -EBADF;
+ __do_close int fd_pid = -EBADF;
+ __do_close int fd_mem = -EBADF;
int ret;
ssize_t bytes;
int send_fd_list[2];
@@ -1514,7 +1514,7 @@ int lxc_seccomp_setup_proxy(struct lxc_seccomp *seccomp,
#if HAVE_DECL_SECCOMP_NOTIFY_FD
if (seccomp->notifier.wants_supervision &&
seccomp->notifier.proxy_addr.sun_path[1] != '\0') {
- __do_close_prot_errno int notify_fd = -EBADF;
+ __do_close int notify_fd = -EBADF;
int ret;
notify_fd = lxc_unix_connect_type(&seccomp->notifier.proxy_addr,
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 2e6f8c6d42..75ccddd855 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -724,7 +724,7 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,
int lxc_init(const char *name, struct lxc_handler *handler)
{
- __do_close_prot_errno int status_fd = -EBADF;
+ __do_close int status_fd = -EBADF;
int ret;
const char *loglevel;
struct lxc_conf *conf = handler->conf;
@@ -1053,9 +1053,9 @@ void lxc_abort(const char *name, struct lxc_handler *handler)
static int do_start(void *data)
{
struct lxc_handler *handler = data;
- __lxc_unused __do_close_prot_errno int data_sock0 = handler->data_sock[0],
+ __lxc_unused __do_close int data_sock0 = handler->data_sock[0],
data_sock1 = handler->data_sock[1];
- __do_close_prot_errno int status_fd = -EBADF;
+ __do_close int status_fd = -EBADF;
int ret;
uid_t new_uid;
gid_t new_gid;
@@ -1557,7 +1557,7 @@ static inline int do_share_ns(void *arg)
*/
static int lxc_spawn(struct lxc_handler *handler)
{
- __do_close_prot_errno int data_sock0 = -EBADF, data_sock1 = -EBADF;
+ __do_close int data_sock0 = -EBADF, data_sock1 = -EBADF;
int i, ret;
char pidstr[20];
bool wants_to_map_ids;
diff --git a/src/lxc/terminal.c b/src/lxc/terminal.c
index 26b2d50d7c..1b170cabe8 100644
--- a/src/lxc/terminal.c
+++ b/src/lxc/terminal.c
@@ -94,7 +94,7 @@ int lxc_terminal_signalfd_cb(int fd, uint32_t events, void *cbdata,
struct lxc_terminal_state *lxc_terminal_signal_init(int srcfd, int dstfd)
{
- __do_close_prot_errno int signal_fd = -EBADF;
+ __do_close int signal_fd = -EBADF;
__do_free struct lxc_terminal_state *ts = NULL;
int ret;
sigset_t mask;
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 7d996e3677..a3b5f128f1 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -635,7 +635,7 @@ int detect_shared_rootfs(void)
bool switch_to_ns(pid_t pid, const char *ns)
{
- __do_close_prot_errno int fd = -EBADF;
+ __do_close int fd = -EBADF;
int ret;
char nspath[STRLITERALLEN("/proc//ns/")
+ INTTYPE_TO_STRLEN(pid_t)
@@ -1642,7 +1642,7 @@ uint64_t lxc_find_next_power2(uint64_t n)
static int process_dead(/* takes */ int status_fd)
{
- __do_close_prot_errno int dupfd = -EBADF;
+ __do_close int dupfd = -EBADF;
__do_free char *line = NULL;
__do_fclose FILE *f = NULL;
int ret = 0;
diff --git a/src/lxc/uuid.c b/src/lxc/uuid.c
index fa96b1a042..414a003414 100644
--- a/src/lxc/uuid.c
+++ b/src/lxc/uuid.c
@@ -39,7 +39,7 @@ static lxc_id128_t make_v4_uuid(lxc_id128_t id)
static int get_random_bytes(void *p, size_t n)
{
- __do_close_prot_errno int fd = -1;
+ __do_close int fd = -1;
ssize_t bytes = 0;
fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC | O_NOCTTY);
From 644e73938557147ae8295b145cbd4edd8e23e252 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 15 Mar 2020 02:40:13 +0100
Subject: [PATCH 6/6] tree-wide: remove last -1 fd initialization with cleanup
macros in favor of -EBADF
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/attach.c | 2 +-
src/lxc/uuid.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index d9da4ad81e..083f709bb5 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -131,7 +131,7 @@ static void lxc_proc_put_context_info(struct lxc_proc_context_info *ctx)
*/
static int in_same_namespace(pid_t pid1, pid_t pid2, const char *ns)
{
- __do_close int ns_fd1 = -1, ns_fd2 = -1;
+ __do_close int ns_fd1 = -EBADF, ns_fd2 = -EBADF;
int ret = -1;
struct stat ns_st1, ns_st2;
diff --git a/src/lxc/uuid.c b/src/lxc/uuid.c
index 414a003414..a5d24bbcba 100644
--- a/src/lxc/uuid.c
+++ b/src/lxc/uuid.c
@@ -39,7 +39,7 @@ static lxc_id128_t make_v4_uuid(lxc_id128_t id)
static int get_random_bytes(void *p, size_t n)
{
- __do_close int fd = -1;
+ __do_close int fd = -EBADF;
ssize_t bytes = 0;
fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC | O_NOCTTY);
More information about the lxc-devel
mailing list