From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 27 Feb 2023 10:02:43 +0000 (+0100)
Subject: apparmor: don't try to mmap empty files
X-Git-Tag: v6.0.0~64^2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4284%2Fhead;p=thirdparty%2Flxc.git

apparmor: don't try to mmap empty files

In case empty profile files linger somehow (eg. powerloss or
oom killer etc. between creating and writing the file) we
tried to use mmap() with a length of 0 which is invalid.
Let's treat this as if it did not exist.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index 23af021aa..685d3b9ef 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -973,12 +973,14 @@ static int load_apparmor_profile(struct lsm_ops *ops, struct lxc_conf *conf, con
 			goto out;
 		}
 		old_len = profile_sb.st_size;
-		old_content = lxc_strmmap(NULL, old_len, PROT_READ,
-		                          MAP_PRIVATE, profile_fd, 0);
-		if (old_content == MAP_FAILED) {
-			SYSERROR("Failed to mmap old profile from %s",
-			         profile_path);
-			goto out;
+		if (old_len) {
+			old_content = lxc_strmmap(NULL, old_len, PROT_READ,
+						  MAP_PRIVATE, profile_fd, 0);
+			if (old_content == MAP_FAILED) {
+				SYSERROR("Failed to mmap old profile from %s",
+					 profile_path);
+				goto out;
+			}
 		}
 	} else if (errno != ENOENT) {
 		SYSERROR("Error reading old profile from %s", profile_path);