[lxc-devel] [go-lxc/v2] api: make InitPidFd() and SeccompNotifyFd() return os.File and error

Mon May 18 11:14:31 UTC 2020

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 511 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200518/8f649840/attachment.bin>
-------------- next part --------------
From aa191b81b40d4f137bc5cf9f5cae64e8a3991d1c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 18 May 2020 13:09:35 +0200
Subject: [PATCH 1/2] container: rework InitPidFd() api extension

Make it return os.File so callers can simply call defer f.Close().

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 container.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/container.go b/container.go
index 17c08fb..bf2f0ac 100644
--- a/container.go
+++ b/container.go
@@ -25,6 +25,8 @@ import (
 	"syscall"
 	"time"
 	"unsafe"
+
+	"golang.org/x/sys/unix"
 )
 
 // Container struct
@@ -297,13 +299,17 @@ func (c *Container) InitPid() int {
 	return int(C.go_lxc_init_pid(c.container))
 }
 
-// InitPidFd returns the pidfd of the container's init process as
-// seen from outside the container.
-func (c *Container) InitPidFd() int {
+// InitPidFd returns the pidfd of the container's init process.
+func (c *Container) InitPidFd() (*os.File, error) {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 
-	return int(C.go_lxc_init_pidfd(c.container))
+	pidfd := int(C.go_lxc_init_pidfd(c.container))
+	if pidfd < 0 {
+		return nil, unix.Errno(unix.EBADF)
+	}
+
+	return os.NewFile(uintptr(pidfd), "[pidfd]"), nil
 }
 
 // SeccompNotifyFd returns the seccomp notify fd of the container.

From 9d3dbc24f79b088d113b2e6b81b9035457cc8f48 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 18 May 2020 13:12:16 +0200
Subject: [PATCH 2/2] container: rework SeccompNotifyFd() api extension

Make it return os.File so callers can simply call defer f.Close().

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 container.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/container.go b/container.go
index bf2f0ac..f68c724 100644
--- a/container.go
+++ b/container.go
@@ -313,11 +313,16 @@ func (c *Container) InitPidFd() (*os.File, error) {
 }
 
 // SeccompNotifyFd returns the seccomp notify fd of the container.
-func (c *Container) SeccompNotifyFd() int {
+func (c *Container) SeccompNotifyFd() (*os.File, error) {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 
-	return int(C.go_lxc_seccomp_notify_fd(c.container))
+	notifyFd := int(C.go_lxc_seccomp_notify_fd(c.container))
+	if notifyFd < 0 {
+		return nil, unix.Errno(unix.EBADF)
+	}
+
+	return os.NewFile(uintptr(pidfd), "seccomp notify"), nil
 }
 
 // Daemonize returns true if the container wished to be daemonized.
