tree-wide: extend read_file_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index f1b953e46ef688fcbc73d898823e572a35beaa00..3550bcd68fd08985b54cd0d7c405ae13bb1ce0c4 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -324,7 +324,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
        bool flipped_bit = false;
 
        fpath = must_make_path(parent_cgroup, "cpuset.cpus", NULL);
-       posscpus = read_file_at(-EBADF, fpath);
+       posscpus = read_file_at(-EBADF, fpath, PROTECT_OPEN, 0);
        if (!posscpus)
                return log_error_errno(false, errno, "Failed to read file \"%s\"", fpath);
 
@@ -334,7 +334,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
                return false;
 
        if (file_exists(__ISOL_CPUS)) {
-               isolcpus = read_file_at(-EBADF, __ISOL_CPUS);
+               isolcpus = read_file_at(-EBADF, __ISOL_CPUS, PROTECT_OPEN, 0);
                if (!isolcpus)
                        return log_error_errno(false, errno, "Failed to read file \"%s\"", __ISOL_CPUS);
 
@@ -353,7 +353,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
        }
 
        if (file_exists(__OFFLINE_CPUS)) {
-               offlinecpus = read_file_at(-EBADF, __OFFLINE_CPUS);
+               offlinecpus = read_file_at(-EBADF, __OFFLINE_CPUS, PROTECT_OPEN, 0);
                if (!offlinecpus)
                        return log_error_errno(false, errno, "Failed to read file \"%s\"", __OFFLINE_CPUS);
 
@@ -672,7 +672,7 @@ static char **cg_unified_get_controllers(int dfd, const char *file)
        char *sep = " \t\n";
        char *tok;
 
-       buf = read_file_at(dfd, file);
+       buf = read_file_at(dfd, file, PROTECT_OPEN, 0);
        if (!buf)
                return NULL;
 
@@ -3145,7 +3145,7 @@ static void cg_unified_delegate(char ***delegate)
        char *token;
        int idx;
 
-       buf = read_file_at(-EBADF, "/sys/kernel/cgroup/delegate");
+       buf = read_file_at(-EBADF, "/sys/kernel/cgroup/delegate", PROTECT_OPEN, 0);
        if (!buf) {
                for (char **p = standard; p && *p; p++) {
                        idx = append_null_to_list((void ***)delegate);
@@ -3183,9 +3183,9 @@ static int cg_hybrid_init(struct cgroup_ops *ops, bool relative, bool unprivileg
         * cgroups as our base in that case.
         */
        if (!relative && (geteuid() == 0))
-               basecginfo = read_file_at(-EBADF, "/proc/1/cgroup");
+               basecginfo = read_file_at(-EBADF, "/proc/1/cgroup", PROTECT_OPEN, 0);
        else
-               basecginfo = read_file_at(-EBADF, "/proc/self/cgroup");
+               basecginfo = read_file_at(-EBADF, "/proc/self/cgroup", PROTECT_OPEN, 0);
        if (!basecginfo)
                return ret_set_errno(-1, ENOMEM);
 
@@ -3314,9 +3314,9 @@ static char *cg_unified_get_current_cgroup(bool relative)
        char *base_cgroup;
 
        if (!relative && (geteuid() == 0))
-               basecginfo = read_file_at(-EBADF, "/proc/1/cgroup");
+               basecginfo = read_file_at(-EBADF, "/proc/1/cgroup", PROTECT_OPEN, 0);
        else
-               basecginfo = read_file_at(-EBADF, "/proc/self/cgroup");
+               basecginfo = read_file_at(-EBADF, "/proc/self/cgroup", PROTECT_OPEN, 0);
        if (!basecginfo)
                return NULL;
 

diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index 85faff391db56029668ddff94ada297b770d4a5c..6053d1b9a2d5d2b54ba01489e92074107f8e6050 100644 (file)
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -674,7 +674,8 @@ static void append_line(char **dest, size_t oldlen, char *new, size_t newlen)
 }
 
 /* Slurp in a whole file */
-char *read_file_at(int dfd, const char *fnam)
+char *read_file_at(int dfd, const char *fnam,
+                  unsigned int o_flags, unsigned resolve_flags)
 {
        __do_close int fd = -EBADF;
        __do_free char *buf = NULL, *line = NULL;
@@ -682,7 +683,7 @@ char *read_file_at(int dfd, const char *fnam)
        size_t len = 0, fulllen = 0;
        int linelen;
 
-       fd = openat(dfd, fnam, O_NOCTTY | O_CLOEXEC | O_NOFOLLOW | O_RDONLY);
+       fd = open_at(dfd, fnam, o_flags, resolve_flags, 0);
        if (fd < 0)
                return NULL;
 

diff --git a/src/lxc/file_utils.h b/src/lxc/file_utils.h
index cc8d8d4788c571c124cdc83fb65b9cdaef43d8c8..0250038b347f7fd7be5e2c46a899aab718d365ea 100644 (file)
--- a/src/lxc/file_utils.h
+++ b/src/lxc/file_utils.h
@@ -91,6 +91,8 @@ static inline int open_beneath(int dfd, const char *path, unsigned int flags)
        return open_at(dfd, path, flags, PROTECT_LOOKUP_BENEATH, 0);
 }
 __hidden int fd_make_nonblocking(int fd);
-__hidden extern char *read_file_at(int dfd, const char *fnam);
+__hidden extern char *read_file_at(int dfd, const char *fnam,
+                                   unsigned int o_flags,
+                                   unsigned resolve_flags);
 
 #endif /* __LXC_FILE_UTILS_H */

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index d72ca032d09efd9d85280df777fd28f357d8967e..369f7939d3c2c6f8c4ab1c07251a04485711d97f 100644 (file)
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -16,6 +16,7 @@
 #include "conf.h"
 #include "config.h"
 #include "initutils.h"
+#include "file_utils.h"
 #include "log.h"
 #include "lsm.h"
 #include "parse.h"
@@ -446,7 +447,7 @@ static char *apparmor_process_label_get_at(struct lsm_ops *ops, int fd_pid)
        __do_free char *label = NULL;
        size_t len;
 
-       label = read_file_at(fd_pid, "attr/current");
+       label = read_file_at(fd_pid, "attr/current", PROTECT_OPEN, 0);
        if (!label)
                return log_error_errno(NULL, errno, "Failed to get AppArmor context");
 

diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index 2eed296cf78c63c6e99bbb6d3a755e1787b43ed6..5ed99fb3e2b80db3ae814fbe734b342de1dded6f 100644 (file)
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -13,6 +13,7 @@
 
 #include "conf.h"
 #include "config.h"
+#include "file_utils.h"
 #include "log.h"
 #include "lsm.h"
 #include "memory_utils.h"
@@ -56,7 +57,7 @@ static char *selinux_process_label_get_at(struct lsm_ops *ops, int fd_pid)
        __do_free char *label = NULL;
        size_t len;
 
-       label = read_file_at(fd_pid, "attr/current");
+       label = read_file_at(fd_pid, "attr/current", PROTECT_OPEN, 0);
        if (!label)
                return log_error_errno(NULL, errno, "Failed to get SELinux context");