From: Christian Brauner Date: Sat, 16 Dec 2017 01:07:43 +0000 (+0100) Subject: tree-wide: s/getpid()/lxc_raw_getpid()/g X-Git-Tag: lxc-3.0.0.beta1~94^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0059379ff44bd52cf17d72300e60432686f2fba0;p=thirdparty%2Flxc.git tree-wide: s/getpid()/lxc_raw_getpid()/g This is to avoid bad surprises caused by older glibc's pid cache (up to 2.25) when using clone(). Signed-off-by: Christian Brauner --- diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 13a7ab4dd..895684e0b 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -290,7 +290,7 @@ lxc_create_SOURCES = tools/lxc_create.c tools/arguments.c lxc_snapshot_SOURCES = tools/lxc_snapshot.c tools/arguments.c lxc_usernsexec_SOURCES = tools/lxc_usernsexec.c tools/arguments.c lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c tools/arguments.c -lxc_user_nic_SOURCES = lxc_user_nic.c network.c network.h tools/arguments.c +lxc_user_nic_SOURCES = lxc_user_nic.c namespace.c network.c tools/arguments.c lxc_monitord_SOURCES = lxc_monitord.c tools/arguments.c if ENABLE_DEPRECATED @@ -304,7 +304,7 @@ endif if HAVE_STATIC_LIBCAP sbin_PROGRAMS += init.lxc.static -init_lxc_static_SOURCES = lxc_init.c error.c log.c initutils.c caps.c parse.c +init_lxc_static_SOURCES = lxc_init.c error.c log.c initutils.c caps.c parse.c namespace.c if !HAVE_GETLINE if HAVE_FGETLN diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c index 0a4534e88..6debb07f1 100644 --- a/src/lxc/af_unix.c +++ b/src/lxc/af_unix.c @@ -34,6 +34,7 @@ #include #include "log.h" +#include "utils.h" lxc_log_define(lxc_af_unix, lxc); @@ -217,7 +218,7 @@ int lxc_abstract_unix_send_credential(int fd, void *data, size_t size) struct iovec iov; struct cmsghdr *cmsg; struct ucred cred = { - .pid = getpid(), .uid = getuid(), .gid = getgid(), + .pid = lxc_raw_getpid(), .uid = getuid(), .gid = getgid(), }; char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0}; char buf[1] = {0}; diff --git a/src/lxc/attach.c b/src/lxc/attach.c index 142cd9d05..5ef0802a2 100644 --- a/src/lxc/attach.c +++ b/src/lxc/attach.c @@ -1121,7 +1121,7 @@ int lxc_attach(const char *name, const char *lxcpath, } } - pid = syscall(SYS_getpid); + pid = lxc_raw_getpid(); for (i = 0; i < LXC_NS_MAX; i++) { int j, saved_errno; diff --git a/src/lxc/cgroups/cgfs.c b/src/lxc/cgroups/cgfs.c index a6c26549e..fc25bc9b5 100644 --- a/src/lxc/cgroups/cgfs.c +++ b/src/lxc/cgroups/cgfs.c @@ -764,7 +764,7 @@ static struct cgroup_process_info *lxc_cgroup_process_info_get_self(struct cgrou struct cgroup_process_info *i; i = lxc_cgroup_process_info_getx("/proc/self/cgroup", meta); if (!i) - i = lxc_cgroup_process_info_get(getpid(), meta); + i = lxc_cgroup_process_info_get(lxc_raw_getpid(), meta); return i; } @@ -2480,7 +2480,7 @@ static bool cgfs_escape(void *hdata) if (!f) goto out; - written = fprintf(f, "%d\n", getpid()); + written = fprintf(f, "%d\n", lxc_raw_getpid()); fclose(f); if (written < 0) { SYSERROR("writing tasks failed\n"); diff --git a/src/lxc/cgroups/cgmanager.c b/src/lxc/cgroups/cgmanager.c index e8ef8c66c..dccc04c3c 100644 --- a/src/lxc/cgroups/cgmanager.c +++ b/src/lxc/cgroups/cgmanager.c @@ -44,6 +44,7 @@ #include "error.h" #include "commands.h" #include "list.h" +#include "namespace.h" #include "conf.h" #include "utils.h" #include "log.h" @@ -303,7 +304,7 @@ static bool lxc_cgmanager_create(const char *controller, const char *cgroup_path static bool cgm_escape(void *hdata) { bool ret = true, cgm_needs_disconnect = false; - pid_t me = getpid(); + pid_t me = lxc_raw_getpid(); char **slist = subsystems; int i; @@ -359,6 +360,7 @@ static int do_chown_cgroup(const char *controller, const char *cgroup_path, uid_t newuid) { int sv[2] = {-1, -1}, optval = 1, ret = -1; + pid_t pid_self; char buf[1]; struct pollfd fds; @@ -395,7 +397,9 @@ static int do_chown_cgroup(const char *controller, const char *cgroup_path, ERROR("Error getting reply from server over socketpair"); goto out; } - if (send_creds(sv[0], getpid(), getuid(), getgid())) { + + pid_self = lxc_raw_getpid(); + if (send_creds(sv[0], pid_self, getuid(), getgid())) { SYSERROR("Error sending pid over SCM_CREDENTIAL"); goto out; } @@ -410,7 +414,7 @@ static int do_chown_cgroup(const char *controller, const char *cgroup_path, ERROR("Error getting reply from server over socketpair"); goto out; } - if (send_creds(sv[0], getpid(), newuid, 0)) { + if (send_creds(sv[0], pid_self, newuid, 0)) { SYSERROR("Error sending pid over SCM_CREDENTIAL"); goto out; } @@ -898,7 +902,7 @@ static void do_cgm_get(const char *name, const char *lxcpath, const char *filena exit(1); } *cglast = '\0'; - if (!lxc_cgmanager_enter(getpid(), controller, cgroup, abs_cgroup_supported())) { + if (!lxc_cgmanager_enter(lxc_raw_getpid(), controller, cgroup, abs_cgroup_supported())) { WARN("Failed to enter container cgroup %s:%s", controller, cgroup); ret = write(outp, &len, sizeof(len)); if (ret != sizeof(len)) @@ -1038,7 +1042,7 @@ static void do_cgm_set(const char *name, const char *lxcpath, const char *filena exit(1); } *cglast = '\0'; - if (!lxc_cgmanager_enter(getpid(), controller, cgroup, abs_cgroup_supported())) { + if (!lxc_cgmanager_enter(lxc_raw_getpid(), controller, cgroup, abs_cgroup_supported())) { ERROR("Failed to enter container cgroup %s:%s", controller, cgroup); ret = write(outp, &retval, sizeof(retval)); if (ret != sizeof(retval)) @@ -1278,7 +1282,7 @@ static bool verify_final_subsystems(const char *cgroup_use) } cgroup_pattern = lxc_global_config_value("lxc.cgroup.pattern"); - i = snprintf(tmpnam, 50, "lxcprobe-%d", getpid()); + i = snprintf(tmpnam, 50, "lxcprobe-%d", lxc_raw_getpid()); if (i < 0 || i >= 50) { ERROR("Attack - format string modified?"); return false; diff --git a/src/lxc/console.c b/src/lxc/console.c index 7a7678d18..ad4a31405 100644 --- a/src/lxc/console.c +++ b/src/lxc/console.c @@ -414,7 +414,7 @@ static int lxc_console_peer_proxy_alloc(struct lxc_console *console, int sockfd) console->peerpty.busy = sockfd; lxc_console_mainloop_add_peer(console); - DEBUG("%d %s peermaster:%d sockfd:%d", getpid(), __FUNCTION__, console->peerpty.master, sockfd); + DEBUG("%d %s peermaster:%d sockfd:%d", lxc_raw_getpid(), __FUNCTION__, console->peerpty.master, sockfd); return 0; err1: diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c index e74f7c20d..2faa9a20d 100644 --- a/src/lxc/lsm/apparmor.c +++ b/src/lxc/lsm/apparmor.c @@ -135,7 +135,7 @@ again: */ static bool apparmor_am_unconfined(void) { - char *p = apparmor_process_label_get(getpid()); + char *p = apparmor_process_label_get(lxc_raw_getpid()); bool ret = false; if (!p || strcmp(p, "unconfined") == 0) ret = true; @@ -186,7 +186,7 @@ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf return 0; } - curlabel = apparmor_process_label_get(getpid()); + curlabel = apparmor_process_label_get(lxc_raw_getpid()); if (!aa_stacking_supported() && aa_needs_transition(curlabel)) { /* we're already confined, and stacking isn't supported */ diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c index c849b5475..24ff12322 100644 --- a/src/lxc/lxc_init.c +++ b/src/lxc/lxc_init.c @@ -40,12 +40,13 @@ #include "error.h" #include "initutils.h" #include "log.h" +#include "namespace.h" #include "parse.h" #include "version.h" /* option keys for long only options */ #define OPT_USAGE 0x1000 -#define OPT_VERSION OPT_USAGE - 1 +#define OPT_VERSION OPT_USAGE - 1 #define QUOTE(macro) #macro #define QUOTEVAL(macro) QUOTE(macro) @@ -61,14 +62,14 @@ static void interrupt_handler(int sig) } static struct option long_options[] = { - { "name", required_argument, 0, 'n' }, - { "help", no_argument, 0, 'h' }, - { "usage", no_argument, 0, OPT_USAGE }, - { "version", no_argument, 0, OPT_VERSION }, - { "quiet", no_argument, 0, 'q' }, - { "logfile", required_argument, 0, 'o' }, - { "logpriority", required_argument, 0, 'l' }, - { "lxcpath", required_argument, 0, 'P' }, + { "name", required_argument, 0, 'n' }, + { "help", no_argument, 0, 'h' }, + { "usage", no_argument, 0, OPT_USAGE }, + { "version", no_argument, 0, OPT_VERSION }, + { "quiet", no_argument, 0, 'q' }, + { "logfile", required_argument, 0, 'o' }, + { "logpriority", required_argument, 0, 'l' }, + { "lxcpath", required_argument, 0, 'P' }, { 0, 0, 0, 0 } }; static char short_options[] = "n:hqo:l:P:"; @@ -359,7 +360,7 @@ int main(int argc, char *argv[]) case SIGPWR: case SIGTERM: if (!shutdown) { - pid_t mypid = getpid(); + pid_t mypid = lxc_raw_getpid(); shutdown = 1; prevent_forking(); @@ -375,7 +376,7 @@ int main(int argc, char *argv[]) } break; case SIGALRM: { - pid_t mypid = getpid(); + pid_t mypid = lxc_raw_getpid(); prevent_forking(); if (mypid != 1) { diff --git a/src/lxc/lxc_monitord.c b/src/lxc/lxc_monitord.c index c4c2ba0d1..ea292d000 100644 --- a/src/lxc/lxc_monitord.c +++ b/src/lxc/lxc_monitord.c @@ -427,7 +427,7 @@ int main(int argc, char *argv[]) } NOTICE("lxc-monitord with pid %d is now monitoring lxcpath %s.", - getpid(), mon.lxcpath); + lxc_raw_getpid(), mon.lxcpath); for (;;) { ret = lxc_mainloop(&mon.descr, 1000 * 30); if (ret) { diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c index 5752935d0..2a5c3a43a 100644 --- a/src/lxc/lxc_user_nic.c +++ b/src/lxc/lxc_user_nic.c @@ -46,6 +46,7 @@ #include #include "config.h" +#include "namespace.h" #include "network.h" #include "utils.h" @@ -814,14 +815,16 @@ static char *lxc_secure_rename_in_ns(int pid, char *oldname, char *newname, int *container_veth_ifidx) { int ret; + pid_t pid_self; uid_t ruid, suid, euid; char ifname[IFNAMSIZ]; char *string_ret = NULL, *name = NULL; int fd = -1, ifindex = -1, ofd = -1; - ofd = lxc_preserve_ns(getpid(), "net"); + pid_self = lxc_raw_getpid(); + ofd = lxc_preserve_ns(pid_self, "net"); if (ofd < 0) { - usernic_error("Failed opening network namespace path for %d", getpid()); + usernic_error("Failed opening network namespace path for %d", pid_self); return NULL; } @@ -993,13 +996,15 @@ struct user_nic_args { static bool is_privileged_over_netns(int netns_fd) { int ret; + pid_t pid_self; uid_t euid, ruid, suid; bool bret = false; int ofd = -1; - ofd = lxc_preserve_ns(getpid(), "net"); + pid_self = lxc_raw_getpid(); + ofd = lxc_preserve_ns(pid_self, "net"); if (ofd < 0) { - usernic_error("Failed opening network namespace path for %d", getpid()); + usernic_error("Failed opening network namespace path for %d", pid_self); return false; } diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 7182b81fe..15c05521f 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -941,7 +941,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a /* become session leader */ ret = setsid(); if (ret < 0) - TRACE("Process %d is already process group leader", getpid()); + TRACE("Process %d is already process group leader", lxc_raw_getpid()); } else { if (!am_single_threaded()) { ERROR("Cannot start non-daemonized container when threaded"); @@ -966,7 +966,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a return false; } - if (fprintf(pid_fp, "%d\n", getpid()) < 0) { + if (fprintf(pid_fp, "%d\n", lxc_raw_getpid()) < 0) { SYSERROR("Failed to write '%s'", c->pidfile); fclose(pid_fp); pid_fp = NULL; @@ -4451,7 +4451,7 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, return false; } - pid_outside = getpid(); + pid_outside = lxc_raw_getpid(); pid = fork(); if (pid < 0) { ERROR("Failed to fork"); diff --git a/src/lxc/network.c b/src/lxc/network.c index 734cfe4e0..3954a4f57 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -2369,7 +2369,7 @@ bool lxc_delete_network_unpriv(struct lxc_handler *handler) } ret = snprintf(netns_path, sizeof(netns_path), "/proc/%d/fd/%d", - getpid(), handler->nsfd[LXC_NS_NET]); + lxc_raw_getpid(), handler->nsfd[LXC_NS_NET]); if (ret < 0 || ret >= sizeof(netns_path)) return false; @@ -2693,7 +2693,7 @@ int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler) TRACE("Moving physical network devices back to parent network namespace"); - oldfd = lxc_preserve_ns(getpid(), "net"); + oldfd = lxc_preserve_ns(lxc_raw_getpid(), "net"); if (oldfd < 0) { SYSERROR("Failed to preserve network namespace"); return -1; diff --git a/src/lxc/start.c b/src/lxc/start.c index c53d43656..2d3f4ed4a 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -726,7 +726,7 @@ void lxc_fini(const char *name, struct lxc_handler *handler) */ lxc_set_state(name, handler, STOPPING); - self = getpid(); + self = lxc_raw_getpid(); for (i = 0; i < LXC_NS_MAX; i++) { if (handler->nsfd[i] < 0) continue; @@ -1006,7 +1006,7 @@ static int do_start(void *data) } if (handler->clone_flags & CLONE_NEWCGROUP) { - fd = lxc_preserve_ns(syscall(SYS_getpid), "cgroup"); + fd = lxc_preserve_ns(lxc_raw_getpid(), "cgroup"); if (fd < 0) { ERROR("%s - Failed to preserve cgroup namespace", strerror(errno)); close(handler->data_sock[0]); @@ -1263,8 +1263,8 @@ int resolve_clone_flags(struct lxc_handler *handler) * not reset anymore. * However, if for whatever reason you - dear commiter - somehow need to get the * pid of the dummy intermediate process for do_share_ns() you need to call - * syscall(__NR_getpid) directly. The next lxc_clone() call does not employ - * CLONE_VM and will be fine. + * lxc_raw_getpid(). The next lxc_raw_clone() call does not employ CLONE_VM and + * will be fine. */ static inline int do_share_ns(void *arg) { diff --git a/src/lxc/utils.c b/src/lxc/utils.c index 79e47732c..3b2eaa242 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -1701,7 +1701,7 @@ int lxc_mount_proc_if_needed(const char *rootfs) return -1; } - mypid = getpid(); + mypid = lxc_raw_getpid(); INFO("I am %d, /proc/self points to \"%s\"", mypid, link); if (lxc_safe_int(link, &link_to_pid) < 0) @@ -2389,17 +2389,6 @@ int lxc_make_tmpfile(char *template, bool rm) return fd; } -uint64_t lxc_getpagesize(void) -{ - int64_t pgsz; - - pgsz = sysconf(_SC_PAGESIZE); - if (pgsz <= 0) - pgsz = 1 << 12; - - return pgsz; -} - int parse_byte_size_string(const char *s, int64_t *converted) { int ret, suffix_len; diff --git a/src/lxc/utils.h b/src/lxc/utils.h index 54a0ac95c..f8cf26fbf 100644 --- a/src/lxc/utils.h +++ b/src/lxc/utils.h @@ -519,7 +519,17 @@ extern bool has_fs_type(const char *path, fs_type_magic magic_val); extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); extern bool lxc_nic_exists(char *nic); extern int lxc_make_tmpfile(char *template, bool rm); -extern uint64_t lxc_getpagesize(void); + +static inline uint64_t lxc_getpagesize(void) +{ + int64_t pgsz; + + pgsz = sysconf(_SC_PAGESIZE); + if (pgsz <= 0) + pgsz = 1 << 12; + + return pgsz; +} /* If n is not a power of 2 this function will return the next power of 2 * greater than that number. Note that this function always returns the *next*