#include "lxcseccomp.h"
#include "macro.h"
#include "mainloop.h"
+#include "memory_utils.h"
#include "namespace.h"
#include "raw_syscalls.h"
#include "syscall_wrappers.h"
static struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
{
+ __do_free char *line = NULL;
+ __do_fclose FILE *proc_file = NULL;
int ret;
bool found;
- FILE *proc_file;
char proc_fn[LXC_PROC_STATUS_LEN];
+ struct lxc_proc_context_info *info;
size_t line_bufsz = 0;
- char *line = NULL;
- struct lxc_proc_context_info *info = NULL;
/* Read capabilities. */
ret = snprintf(proc_fn, LXC_PROC_STATUS_LEN, "/proc/%d/status", pid);
if (ret < 0 || ret >= LXC_PROC_STATUS_LEN)
- goto on_error;
+ return NULL;
proc_file = fopen(proc_fn, "r");
if (!proc_file) {
- SYSERROR("Could not open %s", proc_fn);
- goto on_error;
+ SYSERROR("Failed to open %s", proc_fn);
+ return NULL;
}
info = calloc(1, sizeof(*info));
- if (!info) {
- SYSERROR("Could not allocate memory");
- fclose(proc_file);
+ if (!info)
return NULL;
- }
found = false;
}
}
- free(line);
- fclose(proc_file);
-
if (!found) {
- ERROR("Could not read capability bounding set from %s",
- proc_fn);
- goto on_error;
+ ERROR("Could not read capability bounding set from %s", proc_fn);
+ free(info);
+ return NULL;
}
info->lsm_label = lsm_process_label_get(pid);
memset(info->ns_fd, -1, sizeof(int) * LXC_NS_MAX);
return info;
-
-on_error:
- free(info);
- return NULL;
}
static inline void lxc_proc_close_ns_fd(struct lxc_proc_context_info *ctx)
static char *lxc_attach_getpwshell(uid_t uid)
{
+ __do_free char *line = NULL;
+ __do_fclose FILE *pipe_f = NULL;
int fd, ret;
pid_t pid;
int pipes[2];
- FILE *pipe_f;
bool found = false;
size_t line_bufsz = 0;
- char *line = NULL, *result = NULL;
+ char *result = NULL;
/* We need to fork off a process that runs the getent program, and we
* need to capture its output, so we use a pipe for that purpose.
found = true;
}
- free(line);
- fclose(pipe_f);
-
ret = wait_for_pid(pid);
if (ret < 0) {
free(result);
static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
{
- FILE *proc_file;
+ __do_free char *line = NULL;
+ __do_fclose FILE *proc_file = NULL;
char proc_fn[LXC_PROC_STATUS_LEN];
int ret;
- char *line = NULL;
size_t line_bufsz = 0;
long value = -1;
uid_t uid = (uid_t)-1;
break;
}
- fclose(proc_file);
- free(line);
-
/* Only override arguments if we found something. */
if (uid != (uid_t)-1)
*init_uid = uid;
static bool fetch_seccomp(struct lxc_container *c, lxc_attach_options_t *options)
{
+ __do_free char *path = NULL;
int ret;
bool bret;
- char *path;
if (!(options->namespaces & CLONE_NEWNS) ||
!(options->attach_flags & LXC_ATTACH_LSM)) {
/* Copy the value into the new lxc_conf. */
bret = c->set_config_item(c, "lxc.seccomp.profile", path);
- free(path);
if (!bret)
return false;
static bool no_new_privs(struct lxc_container *c, lxc_attach_options_t *options)
{
- bool bret;
- char *val;
+ __do_free char *val = NULL;
/* Remove current setting. */
if (!c->set_config_item(c, "lxc.no_new_privs", "")) {
}
/* Set currently active setting. */
- bret = c->set_config_item(c, "lxc.no_new_privs", val);
- free(val);
- return bret;
+ return c->set_config_item(c, "lxc.no_new_privs", val);
}
static signed long get_personality(const char *name, const char *lxcpath)
{
- char *p;
- signed long ret;
+ __do_free char *p;
p = lxc_cmd_get_config_item(name, "lxc.arch", lxcpath);
if (!p)
return -1;
- ret = lxc_config_parse_arch(p);
- free(p);
-
- return ret;
+ return lxc_config_parse_arch(p);
}
struct attach_clone_payload {
int lxc_attach_run_shell(void* payload)
{
+ __do_free char *buf = NULL;
uid_t uid;
struct passwd pwent;
struct passwd *pwentp = NULL;
char *user_shell;
- char *buf;
size_t bufsize;
int ret;
if (!pwentp)
free(user_shell);
- free(buf);
return -1;
}
projects / thirdparty / lxc.git / commitdiff
