From: Christian Brauner Date: Sat, 16 Dec 2017 01:07:43 +0000 (+0100) Subject: tree-wide: s/getpid()/lxc_raw_getpid()/g X-Git-Tag: lxc-2.0.10~453 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0659cfa40a3536718ed9957ede102adba3219d2d;p=thirdparty%2Flxc.git tree-wide: s/getpid()/lxc_raw_getpid()/g This is to avoid bad surprises caused by older glibc's pid cache (up to 2.25) when using clone(). Signed-off-by: Christian Brauner --- diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 9cc5aff05..5f8975e02 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -275,7 +275,7 @@ lxc_create_SOURCES = tools/lxc_create.c tools/arguments.c lxc_snapshot_SOURCES = tools/lxc_snapshot.c tools/arguments.c lxc_usernsexec_SOURCES = tools/lxc_usernsexec.c tools/arguments.c lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c tools/arguments.c -lxc_user_nic_SOURCES = lxc_user_nic.c network.c network.h tools/arguments.c +lxc_user_nic_SOURCES = lxc_user_nic.c namespace.c network.c tools/arguments.c lxc_monitord_SOURCES = lxc_monitord.c tools/arguments.c if ENABLE_DEPRECATED @@ -289,7 +289,7 @@ endif if HAVE_STATIC_LIBCAP sbin_PROGRAMS += init.lxc.static -init_lxc_static_SOURCES = lxc_init.c error.c log.c initutils.c caps.c parse.c +init_lxc_static_SOURCES = lxc_init.c error.c log.c initutils.c caps.c parse.c namespace.c if !HAVE_GETLINE if HAVE_FGETLN diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c index 0a4534e88..6debb07f1 100644 --- a/src/lxc/af_unix.c +++ b/src/lxc/af_unix.c @@ -34,6 +34,7 @@ #include #include "log.h" +#include "utils.h" lxc_log_define(lxc_af_unix, lxc); @@ -217,7 +218,7 @@ int lxc_abstract_unix_send_credential(int fd, void *data, size_t size) struct iovec iov; struct cmsghdr *cmsg; struct ucred cred = { - .pid = getpid(), .uid = getuid(), .gid = getgid(), + .pid = lxc_raw_getpid(), .uid = getuid(), .gid = getgid(), }; char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0}; char buf[1] = {0}; diff --git a/src/lxc/attach.c b/src/lxc/attach.c index 27515965d..e6237104c 100644 --- a/src/lxc/attach.c +++ b/src/lxc/attach.c @@ -1065,7 +1065,7 @@ int lxc_attach(const char *name, const char *lxcpath, } } - pid = syscall(SYS_getpid); + pid = lxc_raw_getpid(); for (i = 0; i < LXC_NS_MAX; i++) { int j, saved_errno; diff --git a/src/lxc/cgroups/cgfs.c b/src/lxc/cgroups/cgfs.c index 6b9feeb75..4931c51e8 100644 --- a/src/lxc/cgroups/cgfs.c +++ b/src/lxc/cgroups/cgfs.c @@ -764,7 +764,7 @@ static struct cgroup_process_info *lxc_cgroup_process_info_get_self(struct cgrou struct cgroup_process_info *i; i = lxc_cgroup_process_info_getx("/proc/self/cgroup", meta); if (!i) - i = lxc_cgroup_process_info_get(getpid(), meta); + i = lxc_cgroup_process_info_get(lxc_raw_getpid(), meta); return i; } @@ -2477,7 +2477,7 @@ static bool cgfs_escape(void *hdata) if (!f) goto out; - written = fprintf(f, "%d\n", getpid()); + written = fprintf(f, "%d\n", lxc_raw_getpid()); fclose(f); if (written < 0) { SYSERROR("writing tasks failed\n"); diff --git a/src/lxc/cgroups/cgmanager.c b/src/lxc/cgroups/cgmanager.c index c4de7189d..485a16a94 100644 --- a/src/lxc/cgroups/cgmanager.c +++ b/src/lxc/cgroups/cgmanager.c @@ -44,6 +44,7 @@ #include "error.h" #include "commands.h" #include "list.h" +#include "namespace.h" #include "conf.h" #include "utils.h" #include "log.h" @@ -303,7 +304,7 @@ static bool lxc_cgmanager_create(const char *controller, const char *cgroup_path static bool cgm_escape(void *hdata) { bool ret = true, cgm_needs_disconnect = false; - pid_t me = getpid(); + pid_t me = lxc_raw_getpid(); char **slist = subsystems; int i; @@ -359,6 +360,7 @@ static int do_chown_cgroup(const char *controller, const char *cgroup_path, uid_t newuid) { int sv[2] = {-1, -1}, optval = 1, ret = -1; + pid_t pid_self; char buf[1]; struct pollfd fds; @@ -395,7 +397,9 @@ static int do_chown_cgroup(const char *controller, const char *cgroup_path, ERROR("Error getting reply from server over socketpair"); goto out; } - if (send_creds(sv[0], getpid(), getuid(), getgid())) { + + pid_self = lxc_raw_getpid(); + if (send_creds(sv[0], pid_self, getuid(), getgid())) { SYSERROR("Error sending pid over SCM_CREDENTIAL"); goto out; } @@ -410,7 +414,7 @@ static int do_chown_cgroup(const char *controller, const char *cgroup_path, ERROR("Error getting reply from server over socketpair"); goto out; } - if (send_creds(sv[0], getpid(), newuid, 0)) { + if (send_creds(sv[0], pid_self, newuid, 0)) { SYSERROR("Error sending pid over SCM_CREDENTIAL"); goto out; } @@ -898,7 +902,7 @@ static void do_cgm_get(const char *name, const char *lxcpath, const char *filena exit(1); } *cglast = '\0'; - if (!lxc_cgmanager_enter(getpid(), controller, cgroup, abs_cgroup_supported())) { + if (!lxc_cgmanager_enter(lxc_raw_getpid(), controller, cgroup, abs_cgroup_supported())) { WARN("Failed to enter container cgroup %s:%s", controller, cgroup); ret = write(outp, &len, sizeof(len)); if (ret != sizeof(len)) @@ -1038,7 +1042,7 @@ static void do_cgm_set(const char *name, const char *lxcpath, const char *filena exit(1); } *cglast = '\0'; - if (!lxc_cgmanager_enter(getpid(), controller, cgroup, abs_cgroup_supported())) { + if (!lxc_cgmanager_enter(lxc_raw_getpid(), controller, cgroup, abs_cgroup_supported())) { ERROR("Failed to enter container cgroup %s:%s", controller, cgroup); ret = write(outp, &retval, sizeof(retval)); if (ret != sizeof(retval)) @@ -1278,7 +1282,7 @@ static bool verify_final_subsystems(const char *cgroup_use) } cgroup_pattern = lxc_global_config_value("lxc.cgroup.pattern"); - i = snprintf(tmpnam, 50, "lxcprobe-%d", getpid()); + i = snprintf(tmpnam, 50, "lxcprobe-%d", lxc_raw_getpid()); if (i < 0 || i >= 50) { ERROR("Attack - format string modified?"); return false; diff --git a/src/lxc/console.c b/src/lxc/console.c index 035f52f7e..98efa958e 100644 --- a/src/lxc/console.c +++ b/src/lxc/console.c @@ -398,7 +398,7 @@ static int lxc_console_peer_proxy_alloc(struct lxc_console *console, int sockfd) console->peerpty.busy = sockfd; lxc_console_mainloop_add_peer(console); - DEBUG("%d %s peermaster:%d sockfd:%d", getpid(), __FUNCTION__, console->peerpty.master, sockfd); + DEBUG("%d %s peermaster:%d sockfd:%d", lxc_raw_getpid(), __FUNCTION__, console->peerpty.master, sockfd); return 0; err1: diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c index c0b2e340d..7ba284240 100644 --- a/src/lxc/lsm/apparmor.c +++ b/src/lxc/lsm/apparmor.c @@ -135,7 +135,7 @@ again: */ static bool apparmor_am_unconfined(void) { - char *p = apparmor_process_label_get(getpid()); + char *p = apparmor_process_label_get(lxc_raw_getpid()); bool ret = false; if (!p || strcmp(p, "unconfined") == 0) ret = true; @@ -186,7 +186,7 @@ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf return 0; } - curlabel = apparmor_process_label_get(getpid()); + curlabel = apparmor_process_label_get(lxc_raw_getpid()); if (!aa_stacking_supported() && aa_needs_transition(curlabel)) { // we're already confined, and stacking isn't supported diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c index aa77d4474..098ae577c 100644 --- a/src/lxc/lxc_init.c +++ b/src/lxc/lxc_init.c @@ -359,8 +359,8 @@ int main(int argc, char *argv[]) if (!shutdown) { shutdown = 1; prevent_forking(); - if (getpid() != 1) { - kill_children(getpid()); + if (lxc_raw_getpid() != 1) { + kill_children(lxc_raw_getpid()); } else { ret = kill(-1, SIGTERM); if (ret < 0) @@ -372,8 +372,8 @@ int main(int argc, char *argv[]) break; case SIGALRM: prevent_forking(); - if (getpid() != 1) { - kill_children(getpid()); + if (lxc_raw_getpid() != 1) { + kill_children(lxc_raw_getpid()); } else { ret = kill(-1, SIGTERM); if (ret < 0) diff --git a/src/lxc/lxc_monitord.c b/src/lxc/lxc_monitord.c index c4c2ba0d1..ea292d000 100644 --- a/src/lxc/lxc_monitord.c +++ b/src/lxc/lxc_monitord.c @@ -427,7 +427,7 @@ int main(int argc, char *argv[]) } NOTICE("lxc-monitord with pid %d is now monitoring lxcpath %s.", - getpid(), mon.lxcpath); + lxc_raw_getpid(), mon.lxcpath); for (;;) { ret = lxc_mainloop(&mon.descr, 1000 * 30); if (ret) { diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c index 5752935d0..2a5c3a43a 100644 --- a/src/lxc/lxc_user_nic.c +++ b/src/lxc/lxc_user_nic.c @@ -46,6 +46,7 @@ #include #include "config.h" +#include "namespace.h" #include "network.h" #include "utils.h" @@ -814,14 +815,16 @@ static char *lxc_secure_rename_in_ns(int pid, char *oldname, char *newname, int *container_veth_ifidx) { int ret; + pid_t pid_self; uid_t ruid, suid, euid; char ifname[IFNAMSIZ]; char *string_ret = NULL, *name = NULL; int fd = -1, ifindex = -1, ofd = -1; - ofd = lxc_preserve_ns(getpid(), "net"); + pid_self = lxc_raw_getpid(); + ofd = lxc_preserve_ns(pid_self, "net"); if (ofd < 0) { - usernic_error("Failed opening network namespace path for %d", getpid()); + usernic_error("Failed opening network namespace path for %d", pid_self); return NULL; } @@ -993,13 +996,15 @@ struct user_nic_args { static bool is_privileged_over_netns(int netns_fd) { int ret; + pid_t pid_self; uid_t euid, ruid, suid; bool bret = false; int ofd = -1; - ofd = lxc_preserve_ns(getpid(), "net"); + pid_self = lxc_raw_getpid(); + ofd = lxc_preserve_ns(pid_self, "net"); if (ofd < 0) { - usernic_error("Failed opening network namespace path for %d", getpid()); + usernic_error("Failed opening network namespace path for %d", pid_self); return false; } diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 690527af8..880b4bf19 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -908,7 +908,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a /* become session leader */ ret = setsid(); if (ret < 0) - TRACE("Process %d is already process group leader", getpid()); + TRACE("Process %d is already process group leader", lxc_raw_getpid()); } else { if (!am_single_threaded()) { ERROR("Cannot start non-daemonized container when threaded"); @@ -933,7 +933,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a return false; } - if (fprintf(pid_fp, "%d\n", getpid()) < 0) { + if (fprintf(pid_fp, "%d\n", lxc_raw_getpid()) < 0) { SYSERROR("Failed to write '%s'", c->pidfile); fclose(pid_fp); pid_fp = NULL; @@ -4148,7 +4148,7 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, return false; } - pid_outside = getpid(); + pid_outside = lxc_raw_getpid(); pid = fork(); if (pid < 0) { ERROR("Failed to fork"); diff --git a/src/lxc/network.c b/src/lxc/network.c index 4d1716331..cb6066ac3 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -2285,7 +2285,7 @@ bool lxc_delete_network_unpriv(struct lxc_handler *handler) } ret = snprintf(netns_path, sizeof(netns_path), "/proc/%d/fd/%d", - getpid(), handler->netnsfd); + lxc_raw_getpid(), handler->netnsfd); if (ret < 0 || ret >= sizeof(netns_path)) return false; @@ -2609,7 +2609,7 @@ int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler) TRACE("Moving physical network devices back to parent network namespace"); - oldfd = lxc_preserve_ns(getpid(), "net"); + oldfd = lxc_preserve_ns(lxc_raw_getpid(), "net"); if (oldfd < 0) { SYSERROR("Failed to preserve network namespace"); return -1; diff --git a/src/lxc/start.c b/src/lxc/start.c index 7e3396490..39f60cc64 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -707,7 +707,7 @@ void lxc_fini(const char *name, struct lxc_handler *handler) { int i, rc; struct lxc_list *cur, *next; - pid_t self = getpid(); + pid_t self = lxc_raw_getpid(); char *namespaces[LXC_NS_MAX + 1]; size_t namespace_count = 0; @@ -1047,7 +1047,7 @@ static int do_start(void *data) } if (handler->clone_flags & CLONE_NEWCGROUP) { - fd = lxc_preserve_ns(syscall(SYS_getpid), "cgroup"); + fd = lxc_preserve_ns(lxc_raw_getpid(), "cgroup"); if (fd < 0) { ERROR("%s - Failed to preserve cgroup namespace", strerror(errno)); close(handler->data_sock[0]); @@ -1363,7 +1363,7 @@ static int lxc_spawn(struct lxc_handler *handler) INFO("Failed to pin the rootfs for container \"%s\".", handler->name); } - if (!preserve_ns(saved_ns_fd, preserve_mask, getpid())) + if (!preserve_ns(saved_ns_fd, preserve_mask, lxc_raw_getpid())) goto out_delete_net; if (attach_ns(handler->conf->inherit_ns_fd) < 0) diff --git a/src/lxc/utils.c b/src/lxc/utils.c index 528ab76cd..aff818f5d 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -1630,7 +1630,7 @@ int lxc_mount_proc_if_needed(const char *rootfs) return -1; } - mypid = getpid(); + mypid = lxc_raw_getpid(); INFO("I am %d, /proc/self points to \"%s\"", mypid, link); if (lxc_safe_int(link, &link_to_pid) < 0) @@ -2318,17 +2318,6 @@ int lxc_make_tmpfile(char *template, bool rm) return fd; } -uint64_t lxc_getpagesize(void) -{ - int64_t pgsz; - - pgsz = sysconf(_SC_PAGESIZE); - if (pgsz <= 0) - pgsz = 1 << 12; - - return pgsz; -} - int parse_byte_size_string(const char *s, int64_t *converted) { int ret, suffix_len; diff --git a/src/lxc/utils.h b/src/lxc/utils.h index 6999eed41..e6d5872fc 100644 --- a/src/lxc/utils.h +++ b/src/lxc/utils.h @@ -508,7 +508,17 @@ extern bool has_fs_type(const char *path, fs_type_magic magic_val); extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); extern bool lxc_nic_exists(char *nic); extern int lxc_make_tmpfile(char *template, bool rm); -extern uint64_t lxc_getpagesize(void); + +static inline uint64_t lxc_getpagesize(void) +{ + int64_t pgsz; + + pgsz = sysconf(_SC_PAGESIZE); + if (pgsz <= 0) + pgsz = 1 << 12; + + return pgsz; +} /* If n is not a power of 2 this function will return the next power of 2 * greater than that number. Note that this function always returns the *next*