From: Tycho Andersen Date: Wed, 10 Jun 2015 21:57:50 +0000 (+0000) Subject: uniformly nullify std fds X-Git-Tag: lxc-1.0.8~58 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be2c5f27eead6b1ab571d937f7f73514368994fb;p=thirdparty%2Flxc.git uniformly nullify std fds In various places throughout the code, we want to "nullify" the std fds, opening them to /dev/null or zero or so. Instead, let's unify this code and do it in such a way that Coverity (probably) won't complain. v2: use /dev/null for stdin as well v3: add a comment about use of C's short circuiting v4: axe comment, check errors on dup2, s/quiet/need_null_stdfds Reported-by: Coverity Signed-off-by: Tycho Andersen Signed-off-by: Serge Hallyn --- diff --git a/src/lxc/bdev.c b/src/lxc/bdev.c index f9891c3aa..c02bf8631 100644 --- a/src/lxc/bdev.c +++ b/src/lxc/bdev.c @@ -227,12 +227,8 @@ static int do_mkfs(const char *path, const char *fstype) // If the file is not a block device, we don't want mkfs to ask // us about whether to proceed. - close(0); - close(1); - close(2); - open("/dev/zero", O_RDONLY); - open("/dev/null", O_RDWR); - open("/dev/null", O_RDWR); + if (null_stdfds() < 0) + exit(1); execlp("mkfs", "mkfs", "-t", fstype, path, NULL); exit(1); } diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index dfc255334..c2c8b12d7 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -623,12 +623,10 @@ static bool lxcapi_start(struct lxc_container *c, int useinit, char * const argv return false; } lxc_check_inherited(conf, -1); - close(0); - close(1); - close(2); - open("/dev/zero", O_RDONLY); - open("/dev/null", O_RDWR); - open("/dev/null", O_RDWR); + if (null_stdfds() < 0) { + ERROR("failed to close fds"); + return false; + } setsid(); } else { if (!am_single_threaded()) { @@ -838,7 +836,7 @@ static char *lxcbasename(char *path) return p; } -static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet, +static bool create_run_template(struct lxc_container *c, char *tpath, bool need_null_stdfds, char *const argv[]) { pid_t pid; @@ -860,13 +858,8 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet char **newargv; struct lxc_conf *conf = c->lxc_conf; - if (quiet) { - close(0); - close(1); - close(2); - open("/dev/zero", O_RDONLY); - open("/dev/null", O_RDWR); - open("/dev/null", O_RDWR); + if (need_null_stdfds && null_stdfds() < 0) { + exit(1); } src = c->lxc_conf->rootfs.path; diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c index ada9a0b49..700aaa88f 100644 --- a/src/lxc/monitor.c +++ b/src/lxc/monitor.c @@ -329,12 +329,8 @@ int lxc_monitord_spawn(const char *lxcpath) exit(EXIT_FAILURE); } lxc_check_inherited(NULL, pipefd[1]); - close(0); - close(1); - close(2); - open("/dev/null", O_RDONLY); - open("/dev/null", O_RDWR); - open("/dev/null", O_RDWR); + if (null_stdfds() < 0) + exit(EXIT_FAILURE); close(pipefd[0]); sprintf(pipefd_str, "%d", pipefd[1]); execvp(args[0], args); diff --git a/src/lxc/utils.c b/src/lxc/utils.c index e921c63e4..d6bb882d9 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -1122,3 +1122,24 @@ char *get_template_path(const char *t) return tpath; } + +int null_stdfds(void) +{ + int fd, ret = -1; + + fd = open("/dev/null", O_RDWR); + if (fd < 0) + return -1; + + if (dup2(fd, 0) < 0) + goto err; + if (dup2(fd, 1) < 0) + goto err; + if (dup2(fd, 2) < 0) + goto err; + + ret = 0; +err: + close(fd); + return ret; +} diff --git a/src/lxc/utils.h b/src/lxc/utils.h index d6de78a13..378c9d569 100644 --- a/src/lxc/utils.h +++ b/src/lxc/utils.h @@ -273,4 +273,5 @@ int detect_shared_rootfs(void); int detect_ramfs_rootfs(void); char *on_path(char *cmd); char *get_template_path(const char *t); +int null_stdfds(void); #endif /* __LXC_UTILS_H */