From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 15 Feb 2021 16:02:55 +0000 (+0100)
Subject: confile: forbid absolute paths in config items that modify the cgroup layout
X-Git-Tag: lxc-5.0.0~286^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f63ef155271b2848ae18fcdfb5550dddad9ec852;p=thirdparty%2Flxc.git

confile: forbid absolute paths in config items that modify the cgroup layout

This is not a safety measure but merely is supposed to raise awareness that
these paths are always relative to the cgroup root as determined by
lxc.cgroup.relative.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 8153b72bb..880c1c55c 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1824,6 +1824,9 @@ static int set_config_cgroup_dir(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_dir(key, lxc_conf, NULL);
 
+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
 	if (dotdot(value))
 		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
 
@@ -1836,6 +1839,9 @@ static int set_config_cgroup_monitor_dir(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_monitor_dir(key, lxc_conf, NULL);
 
+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
 	if (dotdot(value))
 		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
 
@@ -1848,6 +1854,9 @@ static int set_config_cgroup_monitor_pivot_dir(const char *key, const char *valu
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_monitor_pivot_dir(key, lxc_conf, NULL);
 
+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
 	if (dotdot(value))
 		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
 
@@ -1861,6 +1870,9 @@ static int set_config_cgroup_container_dir(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_container_dir(key, lxc_conf, NULL);
 
+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
 	if (dotdot(value))
 		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
 
@@ -1875,6 +1887,9 @@ static int set_config_cgroup_container_inner_dir(const char *key,
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_container_inner_dir(key, lxc_conf, NULL);
 
+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
 	if (strchr(value, '/') || strequal(value, ".") || strequal(value, ".."))
 		return log_error_errno(-EINVAL, EINVAL, "lxc.cgroup.dir.container.inner must be a single directory name");
 
diff --git a/src/lxc/string_utils.h b/src/lxc/string_utils.h
index f18f274d6..6cf23d186 100644
--- a/src/lxc/string_utils.h
+++ b/src/lxc/string_utils.h
@@ -145,6 +145,11 @@ static inline bool dotdot(const char *str)
 	return !!strstr(str, "..");
 }
 
+static inline bool abspath(const char *str)
+{
+	return *str == '/';
+}
+
 #define strnprintf(buf, buf_size, ...)                                            \
 	({                                                                        \
 		int __ret_strnprintf;                                             \