From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 23 Nov 2012 10:42:18 +0000 (+0000)
Subject: Ensure LXC container exits if cgroups setup fails
X-Git-Tag: CVE-2012-3411~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e1f0c38fa7ffbfb1f266e6bdb865c3ad807c473;p=thirdparty%2Flibvirt.git

Ensure LXC container exits if cgroups setup fails

The code setting up LXC cgroups used an 'rc' variable both
for capturing the return value of methods it calls, and
its own return status. The result was that several failures
in setting up cgroups would actually result in success being
returned.

Use a separate 'ret' for tracking return value as per normal
code design in other parts of libvirt

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index bdfaa54e66..ed86b4368e 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -224,7 +224,8 @@ int virLXCCgroupSetup(virDomainDefPtr def)
 {
     virCgroupPtr driver = NULL;
     virCgroupPtr cgroup = NULL;
-    int rc = -1;
+    int ret = -1;
+    int rc;
 
     rc = virCgroupForDriver("lxc", &driver, 1, 0);
     if (rc != 0) {
@@ -234,7 +235,7 @@ int virLXCCgroupSetup(virDomainDefPtr def)
 
         virReportSystemError(-rc, "%s",
                              _("Unable to get cgroup for driver"));
-        return rc;
+        goto cleanup;
     }
 
     rc = virCgroupForDomain(driver, def->name, &cgroup, 1);
@@ -262,11 +263,14 @@ int virLXCCgroupSetup(virDomainDefPtr def)
         virReportSystemError(-rc,
                              _("Unable to add task %d to cgroup for domain %s"),
                              getpid(), def->name);
+        goto cleanup;
     }
 
+    ret = 0;
+
 cleanup:
     virCgroupFree(&cgroup);
     virCgroupFree(&driver);
 
-    return rc;
+    return ret;
 }