[lxc-devel] [go-lxc/v2] api: make InitPidFd() and SeccompNotifyFd() return os.File and error
brauner on Github
lxc-bot at linuxcontainers.org
Mon May 18 11:14:31 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 511 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200518/8f649840/attachment.bin>
-------------- next part --------------
From aa191b81b40d4f137bc5cf9f5cae64e8a3991d1c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 18 May 2020 13:09:35 +0200
Subject: [PATCH 1/2] container: rework InitPidFd() api extension
Make it return os.File so callers can simply call defer f.Close().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
container.go | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/container.go b/container.go
index 17c08fb..bf2f0ac 100644
--- a/container.go
+++ b/container.go
@@ -25,6 +25,8 @@ import (
"syscall"
"time"
"unsafe"
+
+ "golang.org/x/sys/unix"
)
// Container struct
@@ -297,13 +299,17 @@ func (c *Container) InitPid() int {
return int(C.go_lxc_init_pid(c.container))
}
-// InitPidFd returns the pidfd of the container's init process as
-// seen from outside the container.
-func (c *Container) InitPidFd() int {
+// InitPidFd returns the pidfd of the container's init process.
+func (c *Container) InitPidFd() (*os.File, error) {
c.mu.RLock()
defer c.mu.RUnlock()
- return int(C.go_lxc_init_pidfd(c.container))
+ pidfd := int(C.go_lxc_init_pidfd(c.container))
+ if pidfd < 0 {
+ return nil, unix.Errno(unix.EBADF)
+ }
+
+ return os.NewFile(uintptr(pidfd), "[pidfd]"), nil
}
// SeccompNotifyFd returns the seccomp notify fd of the container.
From 9d3dbc24f79b088d113b2e6b81b9035457cc8f48 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 18 May 2020 13:12:16 +0200
Subject: [PATCH 2/2] container: rework SeccompNotifyFd() api extension
Make it return os.File so callers can simply call defer f.Close().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
container.go | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/container.go b/container.go
index bf2f0ac..f68c724 100644
--- a/container.go
+++ b/container.go
@@ -313,11 +313,16 @@ func (c *Container) InitPidFd() (*os.File, error) {
}
// SeccompNotifyFd returns the seccomp notify fd of the container.
-func (c *Container) SeccompNotifyFd() int {
+func (c *Container) SeccompNotifyFd() (*os.File, error) {
c.mu.RLock()
defer c.mu.RUnlock()
- return int(C.go_lxc_seccomp_notify_fd(c.container))
+ notifyFd := int(C.go_lxc_seccomp_notify_fd(c.container))
+ if notifyFd < 0 {
+ return nil, unix.Errno(unix.EBADF)
+ }
+
+ return os.NewFile(uintptr(pidfd), "seccomp notify"), nil
}
// Daemonize returns true if the container wished to be daemonized.
More information about the lxc-devel
mailing list