]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d630991)
lxccontainer: use thread-safe open() + write()
authorChristian Brauner <christian.brauner@ubuntu.com>
Sun, 29 Apr 2018 14:42:44 +0000 (16:42 +0200)
committerChristian Brauner <christian.brauner@ubuntu.com>
Sun, 29 Apr 2018 14:42:44 +0000 (16:42 +0200)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/cgroups/cgfsng.c patch | blob | blame | history
src/lxc/conf.c patch | blob | blame | history
src/lxc/lxccontainer.c patch | blob | blame | history
src/lxc/utils.c patch | blob | blame | history
src/lxc/utils.h patch | blob | blame | history

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index fb5e508dbef36aa7f282bc1c4afa69affed5b608..2f9c15c56ea02147756a1164096984de09d48ba4 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -622,7 +622,7 @@ copy_parent:
        *lastslash = oldv;
        free(fpath);
        fpath = must_make_path(path, "cpuset.cpus", NULL);
-       ret = lxc_write_to_file(fpath, cpulist, strlen(cpulist), false);
+       ret = lxc_write_to_file(fpath, cpulist, strlen(cpulist), false, 0666);
        if (ret < 0) {
                SYSERROR("Failed to write cpu list to \"%s\"", fpath);
                goto on_error;
@@ -673,7 +673,7 @@ static bool copy_parent_file(char *path, char *file)
 
        *lastslash = oldv;
        fpath = must_make_path(path, file, NULL);
-       ret = lxc_write_to_file(fpath, value, len, false);
+       ret = lxc_write_to_file(fpath, value, len, false, 0666);
        if (ret < 0)
                SYSERROR("Failed to write \"%s\" to file \"%s\"", value, fpath);
        free(fpath);
@@ -762,7 +762,7 @@ static bool cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h, char *cgname)
        }
        free(cgpath);
 
-       ret = lxc_write_to_file(clonechildrenpath, "1", 1, false);
+       ret = lxc_write_to_file(clonechildrenpath, "1", 1, false, 0666);
        if (ret < 0) {
                /* Set clone_children so children inherit our settings */
                SYSERROR("Failed to write 1 to \"%s\"", clonechildrenpath);
@@ -1712,7 +1712,7 @@ static bool cg_unified_create_cgroup(struct hierarchy *h, char *cgname)
 
                cgroup = must_append_path(cgroup, parts[i], NULL);
                target = must_make_path(cgroup, "cgroup.subtree_control", NULL);
-               ret = lxc_write_to_file(target, add_controllers, full_len, false);
+               ret = lxc_write_to_file(target, add_controllers, full_len, false, 0666);
                free(target);
                if (ret < 0) {
                        SYSERROR("Could not enable \"%s\" controllers in the "
@@ -1858,7 +1858,7 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
 
                fullpath = must_make_path(hierarchies[i]->fullcgpath,
                                          "cgroup.procs", NULL);
-               ret = lxc_write_to_file(fullpath, pidstr, len, false);
+               ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666);
                if (ret != 0) {
                        SYSERROR("Failed to enter cgroup \"%s\"", fullpath);
                        free(fullpath);
@@ -2306,7 +2306,7 @@ static bool cgfsng_escape()
                fullpath = must_make_path(hierarchies[i]->mountpoint,
                                          hierarchies[i]->base_cgroup,
                                          "cgroup.procs", NULL);
-               ret = lxc_write_to_file(fullpath, "0", 2, false);
+               ret = lxc_write_to_file(fullpath, "0", 2, false, 0666);
                if (ret != 0) {
                        SYSERROR("Failed to escape to cgroup \"%s\"", fullpath);
                        free(fullpath);
@@ -2359,7 +2359,7 @@ static bool cgfsng_unfreeze(void *hdata)
                return false;
 
        fullpath = must_make_path(h->fullcgpath, "freezer.state", NULL);
-       ret = lxc_write_to_file(fullpath, THAWED, THAWED_LEN, false);
+       ret = lxc_write_to_file(fullpath, THAWED, THAWED_LEN, false, 0666);
        free(fullpath);
        if (ret < 0)
                return false;
@@ -2417,7 +2417,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
        base_path = must_make_path(h->mountpoint, container_cgroup, NULL);
        full_path = must_make_path(base_path, "cgroup.procs", NULL);
        /* cgroup is populated */
-       ret = lxc_write_to_file(full_path, pidstr, pidstr_len, false);
+       ret = lxc_write_to_file(full_path, pidstr, pidstr_len, false, 0666);
        if (ret < 0 && errno != EBUSY)
                goto on_error;
 
@@ -2443,7 +2443,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
                        goto on_error;
 
                strcat(full_path, "/cgroup.procs");
-               ret = lxc_write_to_file(full_path, pidstr, len, false);
+               ret = lxc_write_to_file(full_path, pidstr, len, false, 0666);
                if (ret == 0)
                        goto on_success;
 
@@ -2495,7 +2495,7 @@ static bool cgfsng_attach(const char *name, const char *lxcpath, pid_t pid)
 
                fullpath = build_full_cgpath_from_monitorpath(h, path, "cgroup.procs");
                free(path);
-               ret = lxc_write_to_file(fullpath, pidstr, len, false);
+               ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666);
                if (ret < 0) {
                        SYSERROR("Failed to attach %d to %s", (int)pid, fullpath);
                        free(fullpath);
@@ -2573,7 +2573,7 @@ static int cgfsng_set(const char *filename, const char *value, const char *name,
                char *fullpath;
 
                fullpath = build_full_cgpath_from_monitorpath(h, path, filename);
-               ret = lxc_write_to_file(fullpath, value, strlen(value), false);
+               ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
                free(fullpath);
        }
        free(path);
@@ -2698,7 +2698,7 @@ static int cg_legacy_set_data(const char *filename, const char *value,
        }
 
        fullpath = must_make_path(h->fullcgpath, filename, NULL);
-       ret = lxc_write_to_file(fullpath, value, strlen(value), false);
+       ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
        free(fullpath);
        return ret;
 }
@@ -2767,7 +2767,7 @@ static bool __cg_unified_setup_limits(void *hdata,
                struct lxc_cgroup *cg = iterator->elem;
 
                fullpath = must_make_path(h->fullcgpath, cg->subsystem, NULL);
-               ret = lxc_write_to_file(fullpath, cg->value, strlen(cg->value), false);
+               ret = lxc_write_to_file(fullpath, cg->value, strlen(cg->value), false, 0666);
                free(fullpath);
                if (ret < 0) {
                        SYSERROR("Failed to set \"%s\" to \"%s\"",
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 8ba06dbb34661d97f04b62ff4def218d54f2dc94..48c4b4ecc639b767f56014961141000fa7361cd3 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2560,7 +2560,7 @@ int setup_sysctl_parameters(struct lxc_list *sysctls)
                }
 
                ret = lxc_write_to_file(filename, elem->value,
-                                       strlen(elem->value), false);
+                                       strlen(elem->value), false, 0666);
                if (ret < 0) {
                        ERROR("Failed to setup sysctl parameters %s to %s",
                              elem->key, elem->value);
@@ -2595,7 +2595,7 @@ int setup_proc_filesystem(struct lxc_list *procs, pid_t pid)
                }
 
                ret = lxc_write_to_file(filename, elem->value,
-                                       strlen(elem->value), false);
+                                       strlen(elem->value), false, 0666);
                if (ret < 0) {
                        ERROR("Failed to setup proc filesystem %s to %s",
                              elem->filename, elem->value);
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index c742e74d8ef7f37ed132dade4c026e3a41dc79e7..c15f74534ffc861e62ceb0ebd47d7357e0613c53 100644 (file)
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -837,7 +837,6 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
        struct lxc_handler *handler;
        struct lxc_conf *conf;
        bool daemonize = false;
-       FILE *pid_fp = NULL;
        char *default_args[] = {
                "/sbin/init",
                NULL,
@@ -1001,30 +1000,34 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
         * write the right PID.
         */
        if (c->pidfile) {
-               pid_fp = fopen(c->pidfile, "w");
-               if (pid_fp == NULL) {
-                       SYSERROR("Failed to create pidfile '%s' for '%s'",
-                                c->pidfile, c->name);
+               int ret, w;
+               char pidstr[LXC_NUMSTRLEN64];
+
+               w = snprintf(pidstr, LXC_NUMSTRLEN64, "%d", (int)lxc_raw_getpid());
+               if (w < 0 || (size_t)w >= LXC_NUMSTRLEN64) {
                        free_init_cmd(init_cmd);
                        lxc_free_handler(handler);
+
+                       SYSERROR("Failed to write monitor pid to \"%s\"", c->pidfile);
+
                        if (daemonize)
                                _exit(EXIT_FAILURE);
+
                        return false;
                }
 
-               if (fprintf(pid_fp, "%d\n", lxc_raw_getpid()) < 0) {
-                       SYSERROR("Failed to write '%s'", c->pidfile);
-                       fclose(pid_fp);
-                       pid_fp = NULL;
+               ret = lxc_write_to_file(c->pidfile, pidstr, w, false, 0600);
+               if (ret < 0) {
                        free_init_cmd(init_cmd);
                        lxc_free_handler(handler);
+
+                       SYSERROR("Failed to write '%s'", c->pidfile);
+
                        if (daemonize)
                                _exit(EXIT_FAILURE);
+
                        return false;
                }
-
-               fclose(pid_fp);
-               pid_fp = NULL;
        }
 
        conf->reboot = 0;
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index f8d6a3fe1a24de8bd34f71e4428d4f34aa60a31e..3d0f8641c40d2bdedc72f41d48a2bd5589c85aa3 100644 (file)
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -971,12 +971,13 @@ size_t lxc_array_len(void **array)
        return result;
 }
 
-int lxc_write_to_file(const char *filename, const void* buf, size_t count, bool add_newline)
+int lxc_write_to_file(const char *filename, const void *buf, size_t count,
+                     bool add_newline, mode_t mode)
 {
        int fd, saved_errno;
        ssize_t ret;
 
-       fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
+       fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, mode);
        if (fd < 0)
                return -1;
        ret = lxc_write_nointr(fd, buf, count);
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index 141d27012d19946f7b5c35fd86ffaa033db8a323..b15076cbd5abf3f68c65a87081725e5af34afdca 100644 (file)
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -392,7 +392,7 @@ extern int sha1sum_file(char *fnam, unsigned char *md_value);
 
 /* read and write whole files */
 extern int lxc_write_to_file(const char *filename, const void *buf,
-                            size_t count, bool add_newline);
+                            size_t count, bool add_newline, mode_t mode);
 extern int lxc_read_from_file(const char *filename, void* buf, size_t count);
 
 /* convert variadic argument lists to arrays (for execl type argument lists) */
Mirror of https://github.com/lxc/lxc.git