From a052913dd020b73a0881e9f5697e03885b3ca298 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@canonical.com>
Date: Sat, 19 Nov 2016 05:45:01 +0100
Subject: [PATCH] attach, utils: bugfixes

- simply check /proc/self/ns
- improve SYSERROR() report
- use #define to prevent gcc & clang to use a VLA

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
---
 src/lxc/attach.c | 6 ++----
 src/lxc/utils.c  | 9 +++++----
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 9fe66a8e9..aac38ffe1 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -220,7 +220,6 @@ static void lxc_proc_put_context_info(struct lxc_proc_context_info *ctx)
 
 static int lxc_attach_to_ns(pid_t pid, int which)
 {
-	char path[MAXPATHLEN];
 	/* according to <http://article.gmane.org/gmane.linux.kernel.containers.lxc.devel/1429>,
 	 * the file for user namespaces in /proc/$pid/ns will be called
 	 * 'user' once the kernel supports it
@@ -235,8 +234,7 @@ static int lxc_attach_to_ns(pid_t pid, int which)
 	int i, j, saved_errno;
 
 
-	snprintf(path, MAXPATHLEN, "/proc/%d/ns", pid);
-	if (access(path, X_OK)) {
+	if (access("/proc/self/ns", X_OK)) {
 		ERROR("Does this kernel version support 'attach' ?");
 		return -1;
 	}
@@ -261,7 +259,7 @@ static int lxc_attach_to_ns(pid_t pid, int which)
 				close(fd[j]);
 
 			errno = saved_errno;
-			SYSERROR("failed to open '%s'", path);
+			SYSERROR("failed to open namespace: '%s'.", ns[i]);
 			return -1;
 		}
 	}
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 70f5aeb0d..9198340f6 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1972,17 +1972,18 @@ int lxc_append_string(char ***list, char *entry)
 int lxc_preserve_ns(const int pid, const char *ns)
 {
 	int ret;
-	size_t len = 5 /* /proc */ + 21 /* /int_as_str */ + 3 /* /ns */ + 20 /* /NS_NAME */ + 1 /* \0 */;
-	char path[len];
+/* 5 /proc + 21 /int_as_str + 3 /ns + 20 /NS_NAME + 1 \0 */
+#define __NS_PATH_LEN 50
+	char path[__NS_PATH_LEN];
 
 	/* This way we can use this function to also check whether namespaces
 	 * are supported by the kernel by passing in the NULL or the empty
 	 * string.
 	 */
-	ret = snprintf(path, len, "/proc/%d/ns%s%s", pid,
+	ret = snprintf(path, __NS_PATH_LEN, "/proc/%d/ns%s%s", pid,
 		       !ns || strcmp(ns, "") == 0 ? "" : "/",
 		       !ns || strcmp(ns, "") == 0 ? "" : ns);
-	if (ret < 0 || (size_t)ret >= len)
+	if (ret < 0 || (size_t)ret >= __NS_PATH_LEN)
 		return -1;
 
 	return open(path, O_RDONLY | O_CLOEXEC);
-- 
2.47.2