[lxc-devel] [lxd/master] forkmount: prevent interpreting negative numbers as flags

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200526/46efa579/attachment.bin>
-------------- next part --------------
From 5cfc51497a5b6cc797922fc5ab5b672fa751f3cf Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 26 May 2020 22:05:08 +0200
Subject: [PATCH] forkmount: prevent interpreting negative numbers as flags

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/instance/drivers/driver_lxc.go | 25 +++++++++++++++++++++++--
 lxd/main_forkmount.go              |  3 +++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/lxd/instance/drivers/driver_lxc.go b/lxd/instance/drivers/driver_lxc.go
index 967a386dbf..1d8e552de7 100644
--- a/lxd/instance/drivers/driver_lxc.go
+++ b/lxd/instance/drivers/driver_lxc.go
@@ -6060,6 +6060,7 @@ func (c *lxc) insertMountLXD(source, target, fstype string, flags int, mntnsPID
 		c.state.OS.ExecPath,
 		"forkmount",
 		"lxd-mount",
+		"--",
 		pidStr,
 		fmt.Sprintf("%d", pidFdNr),
 		mntsrc,
@@ -6083,7 +6084,18 @@ func (c *lxc) insertMountLXC(source, target, fstype string, flags int) error {
 		target = "/" + target
 	}
 
-	_, err := shared.RunCommand(c.state.OS.ExecPath, "forkmount", "lxc-mount", cname, c.state.OS.LxcPath, configPath, source, target, fstype, fmt.Sprintf("%d", flags))
+	_, err := shared.RunCommand(
+		c.state.OS.ExecPath,
+		"forkmount",
+		"lxc-mount",
+		"--",
+		cname,
+		c.state.OS.LxcPath,
+		configPath,
+		source,
+		target,
+		fstype,
+		fmt.Sprintf("%d", flags))
 	if err != nil {
 		return err
 	}
@@ -6115,7 +6127,15 @@ func (c *lxc) removeMount(mount string) error {
 			mount = "/" + mount
 		}
 
-		_, err := shared.RunCommand(c.state.OS.ExecPath, "forkmount", "lxc-umount", cname, c.state.OS.LxcPath, configPath, mount)
+		_, err := shared.RunCommand(
+			c.state.OS.ExecPath,
+			"forkmount",
+			"lxc-umount",
+			"--",
+			cname,
+			c.state.OS.LxcPath,
+			configPath,
+			mount)
 		if err != nil {
 			return err
 		}
@@ -6131,6 +6151,7 @@ func (c *lxc) removeMount(mount string) error {
 			c.state.OS.ExecPath,
 			"forkmount",
 			"lxd-umount",
+			"--",
 			fmt.Sprintf("%d", pid),
 			fmt.Sprintf("%d", pidFdNr),
 			mount)
diff --git a/lxd/main_forkmount.go b/lxd/main_forkmount.go
index 3a62b09422..c71e6d2f23 100644
--- a/lxd/main_forkmount.go
+++ b/lxd/main_forkmount.go
@@ -343,6 +343,9 @@ void forkmount(void)
 		_exit(1);
 	}
 
+	// skip "--"
+	advance_arg(true);
+
 	// Call the subcommands
 	if (strcmp(command, "lxd-mount") == 0) {
 		// Get the pid