From cce677d168761da7a1e979bd396a63638c859c50 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 1 Feb 2021 17:08:06 +0100
Subject: [PATCH] syscall_wrappers: add PROTECT_LOOKUP, PROTECT_OPEN,
 PROTECT_LOOKUP_WITH_SYMLINKS, PROTECT_OPEN_WITH_TRAILING_SYMLINKS

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/file_utils.c       |  6 +++---
 src/lxc/file_utils.h       | 10 +++-------
 src/lxc/syscall_wrappers.h | 14 ++++++++++++++
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index 8b6d6f16c..ce1c83d61 100644
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -621,8 +621,8 @@ bool exists_file_at(int dir_fd, const char *path)
 	return fstatat(dir_fd, path, &sb, 0) == 0;
 }
 
-int open_at(int dfd, const char *path, mode_t mode, unsigned int o_flags,
-	    unsigned int resolve_flags)
+int open_at(int dfd, const char *path, unsigned int o_flags,
+	    unsigned int resolve_flags, mode_t mode)
 {
 	__do_close int fd = -EBADF;
 	struct lxc_open_how how = {
@@ -638,7 +638,7 @@ int open_at(int dfd, const char *path, mode_t mode, unsigned int o_flags,
 	if (errno != ENOSYS)
 		return -errno;
 
-	return openat(dfd, path, O_NOFOLLOW | o_flags);
+	return openat(dfd, path, O_NOFOLLOW | o_flags, mode);
 }
 
 int fd_make_nonblocking(int fd)
diff --git a/src/lxc/file_utils.h b/src/lxc/file_utils.h
index b50773dd5..7a8d322e7 100644
--- a/src/lxc/file_utils.h
+++ b/src/lxc/file_utils.h
@@ -82,15 +82,11 @@ __hidden extern FILE *fopen_cached(const char *path, const char *mode, void **ca
 __hidden extern int timens_offset_write(clockid_t clk_id, int64_t s_offset, int64_t ns_offset);
 __hidden extern bool exists_dir_at(int dir_fd, const char *path);
 __hidden extern bool exists_file_at(int dir_fd, const char *path);
-__hidden extern int open_at(int dfd, const char *path, mode_t mode,
-                            unsigned int o_flags, unsigned int resolve_flags);
+__hidden extern int open_at(int dfd, const char *path, unsigned int o_flags,
+			    unsigned int resolve_flags, mode_t mode);
 static inline int open_beneath(int dfd, const char *path, unsigned int flags)
 {
-	return open_at(dfd, path, 0, flags,
-		       RESOLVE_NO_XDEV |
-		       RESOLVE_NO_SYMLINKS |
-		       RESOLVE_NO_MAGICLINKS |
-		       RESOLVE_BENEATH);
+	return open_at(dfd, path, flags, PROTECT_LOOKUP_BENEATH, 0);
 }
 __hidden int fd_make_nonblocking(int fd);
 __hidden extern char *read_file_at(int dfd, const char *fnam);
diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h
index 37aa76c28..27f77dec5 100644
--- a/src/lxc/syscall_wrappers.h
+++ b/src/lxc/syscall_wrappers.h
@@ -254,6 +254,20 @@ struct lxc_open_how {
 					(similar to chroot(2)). */
 #endif
 
+#define PROTECT_LOOKUP_BENEATH  (RESOLVE_BENEATH | RESOLVE_NO_XDEV | RESOLVE_NO_MAGICLINKS | RESOLVE_NO_SYMLINKS)
+#define PROTECT_LOOKUP_BENEATH_WITH_SYMLINKS (PROTECT_LOOKUP_BENEATH & ~RESOLVE_NO_SYMLINKS)
+#define PROTECT_LOOKUP_BENEATH_WITH_MAGICLINKS (PROTECT_LOOKUP_BENEATH & ~(RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS))
+
+#define PROTECT_LOOKUP_ABSOLUTE (PROTECT_LOOKUP_BENEATH & ~RESOLVE_BENEATH)
+#define PROTECT_LOOKUP_ABSOLUTE_WITH_SYMLINKS (PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_SYMLINKS)
+#define PROTECT_LOOKUP_ABSOLUTE_WITH_MAGICLINKS (PROTECT_LOOKUP_ABSOLUTE & ~(RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS))
+
+#define PROTECT_OPATH_FILE (O_NOFOLLOW | O_PATH | O_CLOEXEC)
+#define PROTECT_OPATH_DIRECTORY (PROTECT_OPATH_FILE | O_DIRECTORY)
+
+#define PROTECT_OPEN_WITH_TRAILING_SYMLINKS (O_CLOEXEC | O_NOCTTY | O_RDONLY)
+#define PROTECT_OPEN (PROTECT_OPEN_WITH_TRAILING_SYMLINKS | O_NOFOLLOW)
+
 #ifndef HAVE_OPENAT2
 static inline int openat2(int dfd, const char *filename, struct lxc_open_how *how, size_t size)
 {
-- 
2.47.2