From 46bf13b7c35fb26186ec31dba971e1ddaeec66c4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 1 Feb 2021 20:12:03 +0100
Subject: [PATCH] tree-wide: extend read_file_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 18 +++++++++---------
 src/lxc/file_utils.c     |  5 +++--
 src/lxc/file_utils.h     |  4 +++-
 src/lxc/lsm/apparmor.c   |  3 ++-
 src/lxc/lsm/selinux.c    |  3 ++-
 5 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index f1b953e46..3550bcd68 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -324,7 +324,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
 	bool flipped_bit = false;
 
 	fpath = must_make_path(parent_cgroup, "cpuset.cpus", NULL);
-	posscpus = read_file_at(-EBADF, fpath);
+	posscpus = read_file_at(-EBADF, fpath, PROTECT_OPEN, 0);
 	if (!posscpus)
 		return log_error_errno(false, errno, "Failed to read file \"%s\"", fpath);
 
@@ -334,7 +334,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
 		return false;
 
 	if (file_exists(__ISOL_CPUS)) {
-		isolcpus = read_file_at(-EBADF, __ISOL_CPUS);
+		isolcpus = read_file_at(-EBADF, __ISOL_CPUS, PROTECT_OPEN, 0);
 		if (!isolcpus)
 			return log_error_errno(false, errno, "Failed to read file \"%s\"", __ISOL_CPUS);
 
@@ -353,7 +353,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
 	}
 
 	if (file_exists(__OFFLINE_CPUS)) {
-		offlinecpus = read_file_at(-EBADF, __OFFLINE_CPUS);
+		offlinecpus = read_file_at(-EBADF, __OFFLINE_CPUS, PROTECT_OPEN, 0);
 		if (!offlinecpus)
 			return log_error_errno(false, errno, "Failed to read file \"%s\"", __OFFLINE_CPUS);
 
@@ -672,7 +672,7 @@ static char **cg_unified_get_controllers(int dfd, const char *file)
 	char *sep = " \t\n";
 	char *tok;
 
-	buf = read_file_at(dfd, file);
+	buf = read_file_at(dfd, file, PROTECT_OPEN, 0);
 	if (!buf)
 		return NULL;
 
@@ -3145,7 +3145,7 @@ static void cg_unified_delegate(char ***delegate)
 	char *token;
 	int idx;
 
-	buf = read_file_at(-EBADF, "/sys/kernel/cgroup/delegate");
+	buf = read_file_at(-EBADF, "/sys/kernel/cgroup/delegate", PROTECT_OPEN, 0);
 	if (!buf) {
 		for (char **p = standard; p && *p; p++) {
 			idx = append_null_to_list((void ***)delegate);
@@ -3183,9 +3183,9 @@ static int cg_hybrid_init(struct cgroup_ops *ops, bool relative, bool unprivileg
 	 * cgroups as our base in that case.
 	 */
 	if (!relative && (geteuid() == 0))
-		basecginfo = read_file_at(-EBADF, "/proc/1/cgroup");
+		basecginfo = read_file_at(-EBADF, "/proc/1/cgroup", PROTECT_OPEN, 0);
 	else
-		basecginfo = read_file_at(-EBADF, "/proc/self/cgroup");
+		basecginfo = read_file_at(-EBADF, "/proc/self/cgroup", PROTECT_OPEN, 0);
 	if (!basecginfo)
 		return ret_set_errno(-1, ENOMEM);
 
@@ -3314,9 +3314,9 @@ static char *cg_unified_get_current_cgroup(bool relative)
 	char *base_cgroup;
 
 	if (!relative && (geteuid() == 0))
-		basecginfo = read_file_at(-EBADF, "/proc/1/cgroup");
+		basecginfo = read_file_at(-EBADF, "/proc/1/cgroup", PROTECT_OPEN, 0);
 	else
-		basecginfo = read_file_at(-EBADF, "/proc/self/cgroup");
+		basecginfo = read_file_at(-EBADF, "/proc/self/cgroup", PROTECT_OPEN, 0);
 	if (!basecginfo)
 		return NULL;
 
diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index 85faff391..6053d1b9a 100644
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -674,7 +674,8 @@ static void append_line(char **dest, size_t oldlen, char *new, size_t newlen)
 }
 
 /* Slurp in a whole file */
-char *read_file_at(int dfd, const char *fnam)
+char *read_file_at(int dfd, const char *fnam,
+		   unsigned int o_flags, unsigned resolve_flags)
 {
 	__do_close int fd = -EBADF;
 	__do_free char *buf = NULL, *line = NULL;
@@ -682,7 +683,7 @@ char *read_file_at(int dfd, const char *fnam)
 	size_t len = 0, fulllen = 0;
 	int linelen;
 
-	fd = openat(dfd, fnam, O_NOCTTY | O_CLOEXEC | O_NOFOLLOW | O_RDONLY);
+	fd = open_at(dfd, fnam, o_flags, resolve_flags, 0);
 	if (fd < 0)
 		return NULL;
 
diff --git a/src/lxc/file_utils.h b/src/lxc/file_utils.h
index cc8d8d478..0250038b3 100644
--- a/src/lxc/file_utils.h
+++ b/src/lxc/file_utils.h
@@ -91,6 +91,8 @@ static inline int open_beneath(int dfd, const char *path, unsigned int flags)
 	return open_at(dfd, path, flags, PROTECT_LOOKUP_BENEATH, 0);
 }
 __hidden int fd_make_nonblocking(int fd);
-__hidden extern char *read_file_at(int dfd, const char *fnam);
+__hidden extern char *read_file_at(int dfd, const char *fnam,
+                                   unsigned int o_flags,
+                                   unsigned resolve_flags);
 
 #endif /* __LXC_FILE_UTILS_H */
diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index d72ca032d..369f7939d 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -16,6 +16,7 @@
 #include "conf.h"
 #include "config.h"
 #include "initutils.h"
+#include "file_utils.h"
 #include "log.h"
 #include "lsm.h"
 #include "parse.h"
@@ -446,7 +447,7 @@ static char *apparmor_process_label_get_at(struct lsm_ops *ops, int fd_pid)
 	__do_free char *label = NULL;
 	size_t len;
 
-	label = read_file_at(fd_pid, "attr/current");
+	label = read_file_at(fd_pid, "attr/current", PROTECT_OPEN, 0);
 	if (!label)
 		return log_error_errno(NULL, errno, "Failed to get AppArmor context");
 
diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index 2eed296cf..5ed99fb3e 100644
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -13,6 +13,7 @@
 
 #include "conf.h"
 #include "config.h"
+#include "file_utils.h"
 #include "log.h"
 #include "lsm.h"
 #include "memory_utils.h"
@@ -56,7 +57,7 @@ static char *selinux_process_label_get_at(struct lsm_ops *ops, int fd_pid)
 	__do_free char *label = NULL;
 	size_t len;
 
-	label = read_file_at(fd_pid, "attr/current");
+	label = read_file_at(fd_pid, "attr/current", PROTECT_OPEN, 0);
 	if (!label)
 		return log_error_errno(NULL, errno, "Failed to get SELinux context");
 
-- 
2.47.2