From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 29 Apr 2018 14:42:44 +0000 (+0200)
Subject: lxccontainer: use thread-safe open() + write()
X-Git-Tag: lxc-3.1.0~318^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7cea5905852bf935fa486f05192a5cb13942ad51;p=thirdparty%2Flxc.git

lxccontainer: use thread-safe open() + write()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index fb5e508db..2f9c15c56 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -622,7 +622,7 @@ copy_parent:
 	*lastslash = oldv;
 	free(fpath);
 	fpath = must_make_path(path, "cpuset.cpus", NULL);
-	ret = lxc_write_to_file(fpath, cpulist, strlen(cpulist), false);
+	ret = lxc_write_to_file(fpath, cpulist, strlen(cpulist), false, 0666);
 	if (ret < 0) {
 		SYSERROR("Failed to write cpu list to \"%s\"", fpath);
 		goto on_error;
@@ -673,7 +673,7 @@ static bool copy_parent_file(char *path, char *file)
 
 	*lastslash = oldv;
 	fpath = must_make_path(path, file, NULL);
-	ret = lxc_write_to_file(fpath, value, len, false);
+	ret = lxc_write_to_file(fpath, value, len, false, 0666);
 	if (ret < 0)
 		SYSERROR("Failed to write \"%s\" to file \"%s\"", value, fpath);
 	free(fpath);
@@ -762,7 +762,7 @@ static bool cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h, char *cgname)
 	}
 	free(cgpath);
 
-	ret = lxc_write_to_file(clonechildrenpath, "1", 1, false);
+	ret = lxc_write_to_file(clonechildrenpath, "1", 1, false, 0666);
 	if (ret < 0) {
 		/* Set clone_children so children inherit our settings */
 		SYSERROR("Failed to write 1 to \"%s\"", clonechildrenpath);
@@ -1712,7 +1712,7 @@ static bool cg_unified_create_cgroup(struct hierarchy *h, char *cgname)
 
 		cgroup = must_append_path(cgroup, parts[i], NULL);
 		target = must_make_path(cgroup, "cgroup.subtree_control", NULL);
-		ret = lxc_write_to_file(target, add_controllers, full_len, false);
+		ret = lxc_write_to_file(target, add_controllers, full_len, false, 0666);
 		free(target);
 		if (ret < 0) {
 			SYSERROR("Could not enable \"%s\" controllers in the "
@@ -1858,7 +1858,7 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
 
 		fullpath = must_make_path(hierarchies[i]->fullcgpath,
 					  "cgroup.procs", NULL);
-		ret = lxc_write_to_file(fullpath, pidstr, len, false);
+		ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666);
 		if (ret != 0) {
 			SYSERROR("Failed to enter cgroup \"%s\"", fullpath);
 			free(fullpath);
@@ -2306,7 +2306,7 @@ static bool cgfsng_escape()
 		fullpath = must_make_path(hierarchies[i]->mountpoint,
 					  hierarchies[i]->base_cgroup,
 					  "cgroup.procs", NULL);
-		ret = lxc_write_to_file(fullpath, "0", 2, false);
+		ret = lxc_write_to_file(fullpath, "0", 2, false, 0666);
 		if (ret != 0) {
 			SYSERROR("Failed to escape to cgroup \"%s\"", fullpath);
 			free(fullpath);
@@ -2359,7 +2359,7 @@ static bool cgfsng_unfreeze(void *hdata)
 		return false;
 
 	fullpath = must_make_path(h->fullcgpath, "freezer.state", NULL);
-	ret = lxc_write_to_file(fullpath, THAWED, THAWED_LEN, false);
+	ret = lxc_write_to_file(fullpath, THAWED, THAWED_LEN, false, 0666);
 	free(fullpath);
 	if (ret < 0)
 		return false;
@@ -2417,7 +2417,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
 	base_path = must_make_path(h->mountpoint, container_cgroup, NULL);
 	full_path = must_make_path(base_path, "cgroup.procs", NULL);
 	/* cgroup is populated */
-	ret = lxc_write_to_file(full_path, pidstr, pidstr_len, false);
+	ret = lxc_write_to_file(full_path, pidstr, pidstr_len, false, 0666);
 	if (ret < 0 && errno != EBUSY)
 		goto on_error;
 
@@ -2443,7 +2443,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
 			goto on_error;
 
 		strcat(full_path, "/cgroup.procs");
-		ret = lxc_write_to_file(full_path, pidstr, len, false);
+		ret = lxc_write_to_file(full_path, pidstr, len, false, 0666);
 		if (ret == 0)
 			goto on_success;
 
@@ -2495,7 +2495,7 @@ static bool cgfsng_attach(const char *name, const char *lxcpath, pid_t pid)
 
 		fullpath = build_full_cgpath_from_monitorpath(h, path, "cgroup.procs");
 		free(path);
-		ret = lxc_write_to_file(fullpath, pidstr, len, false);
+		ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666);
 		if (ret < 0) {
 			SYSERROR("Failed to attach %d to %s", (int)pid, fullpath);
 			free(fullpath);
@@ -2573,7 +2573,7 @@ static int cgfsng_set(const char *filename, const char *value, const char *name,
 		char *fullpath;
 
 		fullpath = build_full_cgpath_from_monitorpath(h, path, filename);
-		ret = lxc_write_to_file(fullpath, value, strlen(value), false);
+		ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
 		free(fullpath);
 	}
 	free(path);
@@ -2698,7 +2698,7 @@ static int cg_legacy_set_data(const char *filename, const char *value,
 	}
 
 	fullpath = must_make_path(h->fullcgpath, filename, NULL);
-	ret = lxc_write_to_file(fullpath, value, strlen(value), false);
+	ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
 	free(fullpath);
 	return ret;
 }
@@ -2767,7 +2767,7 @@ static bool __cg_unified_setup_limits(void *hdata,
 		struct lxc_cgroup *cg = iterator->elem;
 
 		fullpath = must_make_path(h->fullcgpath, cg->subsystem, NULL);
-		ret = lxc_write_to_file(fullpath, cg->value, strlen(cg->value), false);
+		ret = lxc_write_to_file(fullpath, cg->value, strlen(cg->value), false, 0666);
 		free(fullpath);
 		if (ret < 0) {
 			SYSERROR("Failed to set \"%s\" to \"%s\"",
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 8ba06dbb3..48c4b4ecc 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2560,7 +2560,7 @@ int setup_sysctl_parameters(struct lxc_list *sysctls)
 		}
 
 		ret = lxc_write_to_file(filename, elem->value,
-					strlen(elem->value), false);
+					strlen(elem->value), false, 0666);
 		if (ret < 0) {
 			ERROR("Failed to setup sysctl parameters %s to %s",
 			      elem->key, elem->value);
@@ -2595,7 +2595,7 @@ int setup_proc_filesystem(struct lxc_list *procs, pid_t pid)
 		}
 
 		ret = lxc_write_to_file(filename, elem->value,
-					strlen(elem->value), false);
+					strlen(elem->value), false, 0666);
 		if (ret < 0) {
 			ERROR("Failed to setup proc filesystem %s to %s",
 			      elem->filename, elem->value);
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index c742e74d8..c15f74534 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -837,7 +837,6 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 	struct lxc_handler *handler;
 	struct lxc_conf *conf;
 	bool daemonize = false;
-	FILE *pid_fp = NULL;
 	char *default_args[] = {
 		"/sbin/init",
 		NULL,
@@ -1001,30 +1000,34 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 	 * write the right PID.
 	 */
 	if (c->pidfile) {
-		pid_fp = fopen(c->pidfile, "w");
-		if (pid_fp == NULL) {
-			SYSERROR("Failed to create pidfile '%s' for '%s'",
-				 c->pidfile, c->name);
+		int ret, w;
+		char pidstr[LXC_NUMSTRLEN64];
+
+		w = snprintf(pidstr, LXC_NUMSTRLEN64, "%d", (int)lxc_raw_getpid());
+		if (w < 0 || (size_t)w >= LXC_NUMSTRLEN64) {
 			free_init_cmd(init_cmd);
 			lxc_free_handler(handler);
+
+			SYSERROR("Failed to write monitor pid to \"%s\"", c->pidfile);
+
 			if (daemonize)
 				_exit(EXIT_FAILURE);
+
 			return false;
 		}
 
-		if (fprintf(pid_fp, "%d\n", lxc_raw_getpid()) < 0) {
-			SYSERROR("Failed to write '%s'", c->pidfile);
-			fclose(pid_fp);
-			pid_fp = NULL;
+		ret = lxc_write_to_file(c->pidfile, pidstr, w, false, 0600);
+		if (ret < 0) {
 			free_init_cmd(init_cmd);
 			lxc_free_handler(handler);
+
+			SYSERROR("Failed to write '%s'", c->pidfile);
+
 			if (daemonize)
 				_exit(EXIT_FAILURE);
+
 			return false;
 		}
-
-		fclose(pid_fp);
-		pid_fp = NULL;
 	}
 
 	conf->reboot = 0;
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index f8d6a3fe1..3d0f8641c 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -971,12 +971,13 @@ size_t lxc_array_len(void **array)
 	return result;
 }
 
-int lxc_write_to_file(const char *filename, const void* buf, size_t count, bool add_newline)
+int lxc_write_to_file(const char *filename, const void *buf, size_t count,
+		      bool add_newline, mode_t mode)
 {
 	int fd, saved_errno;
 	ssize_t ret;
 
-	fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
+	fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, mode);
 	if (fd < 0)
 		return -1;
 	ret = lxc_write_nointr(fd, buf, count);
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index 141d27012..b15076cbd 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -392,7 +392,7 @@ extern int sha1sum_file(char *fnam, unsigned char *md_value);
 
 /* read and write whole files */
 extern int lxc_write_to_file(const char *filename, const void *buf,
-			     size_t count, bool add_newline);
+			     size_t count, bool add_newline, mode_t mode);
 extern int lxc_read_from_file(const char *filename, void* buf, size_t count);
 
 /* convert variadic argument lists to arrays (for execl type argument lists) */