Merge pull request #3698 from brauner/2021-02-25/fixes

src/lxc/af_unix.c

@@ -198,7 +198,7 @@ again:
 		if (errno == EINTR)
 			goto again;
 
-		return syserrno(-errno, "Failed to receive response");
+		return syserror("Failed to receive response");
 	}
 	if (ret == 0)
 		return 0;
@@ -228,14 +228,14 @@ again:
 				for (idx = 0; idx < num_raw; idx++)
 					close(fds_raw[idx]);
 
-				return syserrno_set(-EFBIG, "Received excessive number of file descriptors");
+				return syserror_set(-EFBIG, "Received excessive number of file descriptors");
 			}
 
 			if (msg.msg_flags & MSG_CTRUNC) {
 				for (idx = 0; idx < num_raw; idx++)
 					close(fds_raw[idx]);
 
-				return syserrno_set(-EFBIG, "Control message was truncated; closing all fds and rejecting incomplete message");
+				return syserror_set(-EFBIG, "Control message was truncated; closing all fds and rejecting incomplete message");
 			}
 
 			if (ret_fds->fd_count_max > num_raw) {
@@ -243,7 +243,7 @@ again:
 					for (idx = 0; idx < num_raw; idx++)
 						close(fds_raw[idx]);
 
-					return syserrno_set(-EINVAL, "Received fewer file descriptors than we expected %u != %u",
+					return syserror_set(-EINVAL, "Received fewer file descriptors than we expected %u != %u",
 							    ret_fds->fd_count_max, num_raw);
 				}
 
@@ -261,7 +261,7 @@ again:
 					for (idx = 0; idx < num_raw; idx++)
 						close(fds_raw[idx]);
 
-					return syserrno_set(-EINVAL, "Received more file descriptors than we expected %u != %u",
+					return syserror_set(-EINVAL, "Received more file descriptors than we expected %u != %u",
 							    ret_fds->fd_count_max, num_raw);
 				}
 
@@ -280,7 +280,7 @@ again:
 				for (idx = 0; idx < num_raw; idx++)
 					close(fds_raw[idx]);
 
-				return syserrno_set(-EINVAL, "Invalid flag combination; closing to not risk leaking fds %u != %u",
+				return syserror_set(-EINVAL, "Invalid flag combination; closing to not risk leaking fds %u != %u",
 						    ret_fds->fd_count_max, num_raw);
 			}
 
@@ -296,7 +296,7 @@ again:
 		/* We expected to receive file descriptors. */
 		if ((ret_fds->flags & UNIX_FDS_ACCEPT_MASK) &&
 		    !(ret_fds->flags & UNIX_FDS_ACCEPT_NONE))
-			return syserrno_set(-EINVAL, "Received no file descriptors");
+			return syserror_set(-EINVAL, "Received no file descriptors");
 	}
 
 	return ret;

src/lxc/attach.c

@@ -512,7 +512,7 @@ static int same_ns(int dfd_pid1, int dfd_pid2, const char *ns_path)
 	if (ns_fd2 < 0) {
 		if (errno == ENOENT)
 			return -ENOENT;
-		return syserrno(-errno, "Failed to open %d(%s)", dfd_pid2, ns_path);
+		return syserror("Failed to open %d(%s)", dfd_pid2, ns_path);
 	}
 
 	ret = same_nsfd(dfd_pid1, dfd_pid2, ns_path);
@@ -551,7 +551,7 @@ static int __prepare_namespaces_pidfd(struct attach_context *ctx)
 			break;
 		}
 
-		return syserrno(-errno, "Failed to determine whether %s namespace is shared",
+		return syserror("Failed to determine whether %s namespace is shared",
 				ns_info[i].proc_name);
 	}
 

src/lxc/cgroups/cgfsng.c

@@ -425,7 +425,7 @@ static int cgroup_hierarchy_add(struct cgroup_ops *ops, int dfd_mnt, char *mnt,
 	int idx;
 
 	if (abspath(base_cgroup))
-		return syserrno_set(-EINVAL, "Container base path must be relative to controller mount");
+		return syserror_set(-EINVAL, "Container base path must be relative to controller mount");
 
 	new = zalloc(sizeof(*new));
 	if (!new)
@@ -685,29 +685,29 @@ static bool cpuset1_initialize(int dfd_base, int dfd_next)
 	 */
 	bytes = lxc_readat(dfd_base, "cgroup.clone_children", &v, 1);
 	if (bytes < 0)
-		return syserrno(false, "Failed to read file %d(cgroup.clone_children)", dfd_base);
+		return syserror_ret(false, "Failed to read file %d(cgroup.clone_children)", dfd_base);
 
 	/*
 	* Initialize cpuset.cpus and make remove any isolated
 	* and offline cpus.
 	 */
 	if (!cpuset1_cpus_initialize(dfd_base, dfd_next, v == '1'))
-		return syserrno(false, "Failed to initialize cpuset.cpus");
+		return syserror_ret(false, "Failed to initialize cpuset.cpus");
 
 	/* Read cpuset.mems from parent... */
 	bytes = lxc_readat(dfd_base, "cpuset.mems", mems, sizeof(mems));
 	if (bytes < 0)
-		return syserrno(false, "Failed to read file %d(cpuset.mems)", dfd_base);
+		return syserror_ret(false, "Failed to read file %d(cpuset.mems)", dfd_base);
 
 	/* ... and copy to first cgroup in the tree... */
 	bytes = lxc_writeat(dfd_next, "cpuset.mems", mems, bytes);
 	if (bytes < 0)
-		return syserrno(false, "Failed to write %d(cpuset.mems)", dfd_next);
+		return syserror_ret(false, "Failed to write %d(cpuset.mems)", dfd_next);
 
 	/* ... and finally turn on cpuset inheritance. */
 	bytes = lxc_writeat(dfd_next, "cgroup.clone_children", "1", 1);
 	if (bytes < 0)
-		return syserrno(false, "Failed to write %d(cgroup.clone_children)", dfd_next);
+		return syserror_ret(false, "Failed to write %d(cgroup.clone_children)", dfd_next);
 
 	return log_trace(true, "Initialized cpuset in the legacy hierarchy");
 }
@@ -736,15 +736,15 @@ static int __cgroup_tree_create(int dfd_base, const char *path, mode_t mode,
 		 * absolute nor walks upwards.
 		 */
 		if (abspath(cur))
-			return syserrno_set(-EINVAL, "No absolute paths allowed");
+			return syserror_set(-EINVAL, "No absolute paths allowed");
 
 		if (strnequal(cur, "..", STRLITERALLEN("..")))
-			return syserrno_set(-EINVAL, "No upward walking paths allowed");
+			return syserror_set(-EINVAL, "No upward walking paths allowed");
 
 		ret = mkdirat(dfd_cur, cur, mode);
 		if (ret < 0) {
 			if (errno != EEXIST)
-				return syserrno(-errno, "Failed to create %d(%s)", dfd_cur, cur);
+				return syserror("Failed to create %d(%s)", dfd_cur, cur);
 
 			ret = -EEXIST;
 		}
@@ -752,12 +752,12 @@ static int __cgroup_tree_create(int dfd_base, const char *path, mode_t mode,
 
 		dfd_final = open_at(dfd_cur, cur, PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_BENEATH, 0);
 		if (dfd_final < 0)
-			return syserrno(-errno, "Fail to open%s directory %d(%s)",
+			return syserror("Fail to open%s directory %d(%s)",
 					!ret ? " newly created" : "", dfd_base, cur);
 		if (dfd_cur != dfd_base)
 			close(dfd_cur);
 		else if (cpuset_v1 && !cpuset1_initialize(dfd_base, dfd_final))
-			return syserrno(-EINVAL, "Failed to initialize cpuset controller in the legacy hierarchy");
+			return syserror_set(-EINVAL, "Failed to initialize cpuset controller in the legacy hierarchy");
 		/*
 		 * Leave dfd_final pointing to the last fd we opened so
 		 * it will be automatically zapped if we return early.
@@ -768,7 +768,7 @@ static int __cgroup_tree_create(int dfd_base, const char *path, mode_t mode,
 	/* The final cgroup must be succesfully creatd by us. */
 	if (ret) {
 		if (ret != -EEXIST || !eexist_ignore)
-			return syserrno_set(ret, "Creating the final cgroup %d(%s) failed", dfd_base, path);
+			return syserror_set(ret, "Creating the final cgroup %d(%s) failed", dfd_base, path);
 	}
 
 	return move_fd(dfd_final);
@@ -792,7 +792,7 @@ static bool cgroup_tree_create(struct cgroup_ops *ops, struct lxc_conf *conf,
 		/* With isolation both parts need to not already exist. */
 		fd_limit = __cgroup_tree_create(h->dfd_base, cgroup_limit_dir, 0755, cpuset_v1, false);
 		if (fd_limit < 0)
-			return syserrno(false, "Failed to create limiting cgroup %d(%s)", h->dfd_base, cgroup_limit_dir);
+			return syserror_ret(false, "Failed to create limiting cgroup %d(%s)", h->dfd_base, cgroup_limit_dir);
 
 		TRACE("Created limit cgroup %d->%d(%s)",
 		      fd_limit, h->dfd_base, cgroup_limit_dir);
@@ -828,7 +828,7 @@ static bool cgroup_tree_create(struct cgroup_ops *ops, struct lxc_conf *conf,
 		fd_final = __cgroup_tree_create(h->dfd_base, cgroup_limit_dir, 0755, cpuset_v1, false);
 	}
 	if (fd_final < 0)
-		return syserrno(false, "Failed to create %s cgroup %d(%s)", payload ? "payload" : "monitor", h->dfd_base, cgroup_limit_dir);
+		return syserror_ret(false, "Failed to create %s cgroup %d(%s)", payload ? "payload" : "monitor", h->dfd_base, cgroup_limit_dir);
 
 	if (payload) {
 		h->dfd_con = move_fd(fd_final);
@@ -1339,7 +1339,7 @@ static int chown_cgroup_wrapper(void *data)
 		int dirfd = arg->hierarchies[i]->dfd_con;
 
 		if (dirfd < 0)
-			return syserrno_set(-EBADF, "Invalid cgroup file descriptor");
+			return syserror_set(-EBADF, "Invalid cgroup file descriptor");
 
 		(void)fchowmodat(dirfd, "", destuid, nsgid, 0775);
 
@@ -1695,8 +1695,8 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 		dfd_mnt_unified = open_at(rootfs->dfd_mnt, DEFAULT_CGROUP_MOUNTPOINT_RELATIVE,
 					  PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_BENEATH_XDEV, 0);
 		if (dfd_mnt_unified < 0)
-			return syserrno(-errno, "Failed to open %d(%s)", rootfs->dfd_mnt,
-					DEFAULT_CGROUP_MOUNTPOINT_RELATIVE);
+			return syserror_ret(false, "Failed to open %d(%s)",
+					    rootfs->dfd_mnt, DEFAULT_CGROUP_MOUNTPOINT_RELATIVE);
 		/*
 		 * If cgroup namespaces are supported but the container will
 		 * not have CAP_SYS_ADMIN after it has started we need to mount
@@ -1729,7 +1729,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 			 */
 			ret = cgroupfs_mount(cgroup_automount_type, ops->unified, rootfs, dfd_mnt_unified, "");
 			if (ret < 0)
-				return syserrno(false, "Failed to force mount cgroup filesystem in cgroup namespace");
+				return syserror_ret(false, "Failed to force mount cgroup filesystem in cgroup namespace");
 
 			return log_trace(true, "Force mounted cgroup filesystem in new cgroup namespace");
 		} else {
@@ -1760,7 +1760,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 			}
 		}
 
-		return syserrno(false, "Failed to mount cgroups");
+		return syserror_ret(false, "Failed to mount cgroups");
 	}
 
 	/*
@@ -1798,8 +1798,8 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 	dfd_mnt_tmpfs = open_at(rootfs->dfd_mnt, DEFAULT_CGROUP_MOUNTPOINT_RELATIVE,
 				PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_BENEATH_XDEV, 0);
 	if (dfd_mnt_tmpfs < 0)
-		return syserrno(-errno, "Failed to open %d(%s)", rootfs->dfd_mnt,
-				DEFAULT_CGROUP_MOUNTPOINT_RELATIVE);
+		return syserror_ret(false, "Failed to open %d(%s)",
+				    rootfs->dfd_mnt, DEFAULT_CGROUP_MOUNTPOINT_RELATIVE);
 
 	for (int i = 0; ops->hierarchies[i]; i++) {
 		__do_free char *hierarchy_mnt = NULL, *path2 = NULL;
@@ -1807,7 +1807,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 
 		ret = mkdirat(dfd_mnt_tmpfs, h->at_mnt, 0000);
 		if (ret < 0)
-			return syserrno(false, "Failed to create cgroup at_mnt %d(%s)", dfd_mnt_tmpfs, h->at_mnt);
+			return syserror_ret(false, "Failed to create cgroup at_mnt %d(%s)", dfd_mnt_tmpfs, h->at_mnt);
 
 		if (in_cgroup_ns && wants_force_mount) {
 			/*
@@ -2787,7 +2787,7 @@ static int bpf_device_cgroup_prepare(struct cgroup_ops *ops,
 	else
 		ret = device_cgroup_rule_parse(&device_item, key, val);
 	if (ret < 0)
-		return syserrno_set(EINVAL, "Failed to parse device rule %s=%s", key, val);
+		return syserror_set(EINVAL, "Failed to parse device rule %s=%s", key, val);
 
 	/*
 	 * Note that bpf_list_add_device() returns 1 if it altered the device
@@ -2930,20 +2930,20 @@ static bool __cgfsng_delegate_controllers(struct cgroup_ops *ops, const char *cg
 		 * absolute nor walks upwards.
 		 */
 		if (abspath(cur))
-			return syserrno_set(-EINVAL, "No absolute paths allowed");
+			return syserror_set(-EINVAL, "No absolute paths allowed");
 
 		if (strnequal(cur, "..", STRLITERALLEN("..")))
-			return syserrno_set(-EINVAL, "No upward walking paths allowed");
+			return syserror_set(-EINVAL, "No upward walking paths allowed");
 
 		ret = lxc_writeat(dfd_cur, "cgroup.subtree_control", add_controllers, full_len);
 		if (ret < 0)
-			return syserrno(-errno, "Could not enable \"%s\" controllers in the unified cgroup %d", add_controllers, dfd_cur);
+			return syserror("Could not enable \"%s\" controllers in the unified cgroup %d", add_controllers, dfd_cur);
 
 		TRACE("Enabled \"%s\" controllers in the unified cgroup %d", add_controllers, dfd_cur);
 
 		dfd_final = open_at(dfd_cur, cur, PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_BENEATH, 0);
 		if (dfd_final < 0)
-			return syserrno(-errno, "Fail to open directory %d(%s)", dfd_cur, cur);
+			return syserror("Fail to open directory %d(%s)", dfd_cur, cur);
 		if (dfd_cur != unified->dfd_base)
 			close(dfd_cur);
 		/*
@@ -3030,7 +3030,7 @@ static int __list_cgroup_delegate(char ***delegate)
 		}
 
 		*delegate = move_ptr(list);
-		return syswarn(0, "Failed to read /sys/kernel/cgroup/delegate");
+		return syswarn_ret(0, "Failed to read /sys/kernel/cgroup/delegate");
 	}
 
 	lxc_iterate_parts(token, buf, " \t\n") {
@@ -3057,13 +3057,13 @@ static bool unified_hierarchy_delegated(int dfd_base, char ***ret_files)
 
 	ret = __list_cgroup_delegate(&list);
 	if (ret < 0)
-		return syserrno(ret, "Failed to determine unified cgroup delegation requirements");
+		return syserror_ret(ret, "Failed to determine unified cgroup delegation requirements");
 
 	for (char *const *s = list; s && *s; s++) {
 		if (!faccessat(dfd_base, *s, W_OK, 0) || errno == ENOENT)
 			continue;
 
-		return sysinfo(false, "The %s file is not writable, skipping unified hierarchy", *s);
+		return sysinfo_ret(false, "The %s file is not writable, skipping unified hierarchy", *s);
 	}
 
 	*ret_files = move_ptr(list);
@@ -3073,7 +3073,7 @@ static bool unified_hierarchy_delegated(int dfd_base, char ***ret_files)
 static bool legacy_hierarchy_delegated(int dfd_base)
 {
 	if (faccessat(dfd_base, "cgroup.procs", W_OK, 0) && errno != ENOENT)
-		return sysinfo(false, "The cgroup.procs file is not writable, skipping legacy hierarchy");
+		return sysinfo_ret(false, "The cgroup.procs file is not writable, skipping legacy hierarchy");
 
 	return true;
 }
@@ -3126,7 +3126,7 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 			}
 			if (dfd_mnt < 0) {
 				if (errno != ENOENT)
-					return syserrno(-errno, "Failed to open %d/unified", ops->dfd_mnt);
+					return syserror("Failed to open %d/unified", ops->dfd_mnt);
 
 				SYSTRACE("Unified cgroup not mounted");
 				continue;
@@ -3138,7 +3138,7 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 						   PROTECT_OPATH_DIRECTORY,
 						   PROTECT_LOOKUP_BENEATH_XDEV, 0);
 				if (dfd_base < 0)
-					return syserrno(-errno, "Failed to open %d/%s", dfd_mnt, current_cgroup);
+					return syserror("Failed to open %d/%s", dfd_mnt, current_cgroup);
 				dfd = dfd_base;
 			}
 
@@ -3150,7 +3150,7 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 				TRACE("No controllers are enabled for delegation in the unified hierarchy");
 				controller_list = list_new();
 				if (!controller_list)
-					return syserrno(-ENOMEM, "Failed to create empty controller list");
+					return syserror_set(-ENOMEM, "Failed to create empty controller list");
 			}
 
 			controllers = strdup(unified_mnt);
@@ -3181,7 +3181,7 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 					  PROTECT_LOOKUP_ABSOLUTE_XDEV, 0);
 			if (dfd_mnt < 0) {
 				if (errno != ENOENT)
-					return syserrno(-errno, "Failed to open %d/%s",
+					return syserror("Failed to open %d/%s",
 							ops->dfd_mnt, controllers);
 
 				SYSTRACE("%s not mounted", controllers);
@@ -3208,7 +3208,7 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 						   PROTECT_OPATH_DIRECTORY,
 						   PROTECT_LOOKUP_BENEATH_XDEV, 0);
 				if (dfd_base < 0)
-					return syserrno(-errno, "Failed to open %d/%s",
+					return syserror("Failed to open %d/%s",
 							dfd_mnt, current_cgroup);
 				dfd = dfd_base;
 			}
@@ -3223,7 +3223,7 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 			 */
 			controller_list = list_add_controllers(__controllers);
 			if (!controller_list)
-				return syserrno(-ENOMEM, "Failed to create controller list from %s", __controllers);
+				return syserror_set(-ENOMEM, "Failed to create controller list from %s", __controllers);
 
 			if (skip_hierarchy(ops, controller_list))
 				continue;
@@ -3234,7 +3234,7 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 		ret = cgroup_hierarchy_add(ops, dfd_mnt, controllers, dfd,
 					   current_cgroup, controller_list, type);
 		if (ret < 0)
-			return syserrno(ret, "Failed to add %s hierarchy", controllers);
+			return syserror_ret(ret, "Failed to add %s hierarchy", controllers);
 
 		/* Transfer ownership. */
 		move_fd(dfd_mnt);
@@ -3258,7 +3258,7 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 	}
 
 	if (!controllers_available(ops))
-		return syserrno_set(-ENOENT, "One or more requested controllers unavailable or not delegated");
+		return syserror_set(-ENOENT, "One or more requested controllers unavailable or not delegated");
 
 	return 0;
 }
@@ -3280,7 +3280,7 @@ static int initialize_cgroups(struct cgroup_ops *ops, struct lxc_conf *conf)
 	dfd = open_at(-EBADF, DEFAULT_CGROUP_MOUNTPOINT,
 			PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE_XDEV, 0);
 	if (dfd < 0)
-		return syserrno(-errno, "Failed to open " DEFAULT_CGROUP_MOUNTPOINT);
+		return syserror("Failed to open " DEFAULT_CGROUP_MOUNTPOINT);
 
 	controllers_use = lxc_global_config_value("lxc.cgroup.use");
 	if (controllers_use) {
@@ -3307,7 +3307,7 @@ static int initialize_cgroups(struct cgroup_ops *ops, struct lxc_conf *conf)
 
 	ret = __initialize_cgroups(ops, conf->cgroup_meta.relative, !lxc_list_empty(&conf->id_map));
 	if (ret < 0)
-		return syserrno(ret, "Failed to initialize cgroups");
+		return syserror_ret(ret, "Failed to initialize cgroups");
 
 	/* Transfer ownership to cgroup_ops. */
 	move_fd(dfd);
@@ -3430,13 +3430,13 @@ static int __cgroup_attach_many(const struct lxc_conf *conf, const char *name,
 		else
 			ret = lxc_writeat(dfd_con, "cgroup.procs", pidstr, pidstr_len);
 		if (ret)
-			return syserrno(ret, "Failed to attach to cgroup fd %d", dfd_con);
+			return syserror_ret(ret, "Failed to attach to cgroup fd %d", dfd_con);
 		else
 			TRACE("Attached to cgroup fd %d", dfd_con);
 	}
 
 	if (idx == 0)
-		return syserrno_set(-ENOENT, "Failed to attach to cgroups");
+		return syserror_set(-ENOENT, "Failed to attach to cgroups");
 
 	TRACE("Attached to %s cgroup layout", cgroup_layout_name(ctx->layout));
 	return 0;

src/lxc/cgroups/cgroup2_devices.c

@@ -352,7 +352,7 @@ static int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
 		return ret_errno(EBADF);
 
 	if (flags & ~(BPF_F_ALLOW_OVERRIDE | BPF_F_ALLOW_MULTI | BPF_F_REPLACE))
-		return syserrno_set(-EINVAL, "Invalid flags for bpf program");
+		return syserror_set(-EINVAL, "Invalid flags for bpf program");
 
 	/*
 	 * Don't allow the bpf program to be overwritten for now. If we ever
@@ -369,7 +369,7 @@ static int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
 
 	ret = bpf_program_load_kernel(prog);
 	if (ret < 0)
-		return syserrno(-errno, "Failed to load bpf program");
+		return syserror("Failed to load bpf program");
 
 	attr = &(union bpf_attr){
 		.attach_type	= type,
@@ -380,7 +380,7 @@ static int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
 
 	ret = bpf(BPF_PROG_ATTACH, attr, sizeof(*attr));
 	if (ret < 0)
-		return syserrno(-errno, "Failed to attach bpf program");
+		return syserror("Failed to attach bpf program");
 
 	prog->fd_cgroup		= move_fd(fd_attach);
 	prog->attached_type	= type;
@@ -414,7 +414,7 @@ int bpf_program_cgroup_detach(struct bpf_program *prog)
 
 	ret = bpf(BPF_PROG_DETACH, attr, sizeof(*attr));
 	if (ret < 0)
-		return syserrno(-errno, "Failed to detach bpf program from cgroup %d", fd_cgroup);
+		return syserror("Failed to detach bpf program from cgroup %d", fd_cgroup);
 
 	TRACE("Detached bpf program from cgroup %d", fd_cgroup);
 
@@ -513,11 +513,11 @@ int bpf_list_add_device(struct bpf_devices *bpf_devices,
 
 	list_elem = malloc(sizeof(*list_elem));
 	if (!list_elem)
-		return syserrno_set(ENOMEM, "Failed to allocate new device list");
+		return syserror_set(ENOMEM, "Failed to allocate new device list");
 
 	new_device = memdup(device, sizeof(struct device_item));
 	if (!new_device)
-		return syserrno_set(ENOMEM, "Failed to allocate new device item");
+		return syserror_set(ENOMEM, "Failed to allocate new device item");
 
 	lxc_list_add_elem(list_elem, move_ptr(new_device));
 	lxc_list_add_tail(&bpf_devices->device_item, move_ptr(list_elem));
@@ -565,11 +565,11 @@ static struct bpf_program *__bpf_cgroup_devices(struct bpf_devices *bpf_devices)
 
 	prog = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);
 	if (!prog)
-		return syserrno(NULL, "Failed to create new bpf program");
+		return syserror_ret(NULL, "Failed to create new bpf program");
 
 	ret = bpf_program_init(prog);
 	if (ret)
-		return syserrno(NULL, "Failed to initialize bpf program");
+		return syserror_ret(NULL, "Failed to initialize bpf program");
 
 	prog->device_list_type = bpf_devices->list_type;
 	TRACE("Device cgroup %s all devices by default",
@@ -586,14 +586,14 @@ static struct bpf_program *__bpf_cgroup_devices(struct bpf_devices *bpf_devices)
 
 		ret = bpf_program_append_device(prog, cur);
 		if (ret)
-			return syserrno(NULL, "Failed adding new device rule");
+			return syserror_ret(NULL, "Failed adding new device rule");
 
 		TRACE("Added new device rule");
 	}
 
 	ret = bpf_program_finalize(prog);
 	if (ret)
-		return syserrno(NULL, "Failed to finalize device program");
+		return syserror_ret(NULL, "Failed to finalize device program");
 
 	return move_ptr(prog);
 }
@@ -606,13 +606,13 @@ bool bpf_cgroup_devices_attach(struct cgroup_ops *ops,
 
 	prog = __bpf_cgroup_devices(bpf_devices);
 	if (!prog)
-		return syserrno(false, "Failed to create bpf program");
+		return syserror_ret(false, "Failed to create bpf program");
 
 	ret = bpf_program_cgroup_attach(prog, BPF_CGROUP_DEVICE,
 					ops->unified->dfd_lim,
 					BPF_F_ALLOW_MULTI);
 	if (ret)
-		return syserrno(false, "Failed to attach bpf program");
+		return syserror_ret(false, "Failed to attach bpf program");
 
 	/* Replace old bpf program. */
 	swap(prog, ops->cgroup2_devices);
@@ -657,11 +657,11 @@ bool bpf_cgroup_devices_update(struct cgroup_ops *ops,
 
 	prog = __bpf_cgroup_devices(bpf_devices);
 	if (!prog)
-		return syserrno(false, "Failed to create bpf program");
+		return syserror_ret(false, "Failed to create bpf program");
 
 	ret = bpf_program_load_kernel(prog);
 	if (ret < 0)
-		return syserrno(false, "Failed to load bpf program");
+		return syserror_ret(false, "Failed to load bpf program");
 
 	attr = &(union bpf_attr){
 		.attach_type	= prog_old->attached_type,
@@ -693,7 +693,7 @@ bool bpf_cgroup_devices_update(struct cgroup_ops *ops,
 		break;
 	}
 	if (ret < 0)
-		return syserrno(false, "Failed to update bpf program");
+		return syserror_ret(false, "Failed to update bpf program");
 
 	if (can_use_bpf_replace > 0) {
 		/* The old program was automatically detached by the kernel. */

src/lxc/commands.c

@@ -168,8 +168,7 @@ static ssize_t lxc_cmd_rsp_recv_fds(int fd_sock, struct unix_fds *fds,
  */
 static ssize_t lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 {
-	__do_free void *__private_ptr = NULL;
-	struct lxc_cmd_tty_rsp_data *data_console = NULL;
+	__do_free void *__data = NULL;
 	call_cleaner(put_unix_fds) struct unix_fds *fds = &(struct unix_fds){
 		.fd[0 ... KERNEL_SCM_MAX_FD - 1] = -EBADF,
 	};
@@ -232,7 +231,7 @@ static ssize_t lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 	 */
 	if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
 	    (cur_cmd != LXC_CMD_CONSOLE_LOG))
-		return syserrno_set(-E2BIG, "Response data for command \"%s\" is too long: %d bytes > %d",
+		return syserror_set(-E2BIG, "Response data for command \"%s\" is too long: %d bytes > %d",
 				    cur_cmdstr, rsp->datalen, LXC_CMD_DATA_MAX);
 
 	/*
@@ -255,14 +254,14 @@ static ssize_t lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 		__fallthrough;
 	case LXC_CMD_GET_LIMIT_CGROUP_FD:	/* data */
 		if (rsp->datalen > sizeof(struct cgroup_fd))
-			return syserrno_set(-EINVAL, "Invalid response size from server for \"%s\"", cur_cmdstr);
+			return syserror_set(-EINVAL, "Invalid response size from server for \"%s\"", cur_cmdstr);
 
 		/* Don't pointlessly allocate. */
 		rsp->data = (void *)cmd->req.data;
 		break;
 	case LXC_CMD_GET_CGROUP_CTX:		/* data */
 		if (rsp->datalen > sizeof(struct cgroup_ctx))
-			return syserrno_set(-EINVAL, "Invalid response size from server for \"%s\"", cur_cmdstr);
+			return syserror_set(-EINVAL, "Invalid response size from server for \"%s\"", cur_cmdstr);
 
 		/* Don't pointlessly allocate. */
 		rsp->data = (void *)cmd->req.data;
@@ -275,24 +274,25 @@ static ssize_t lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 		if (bytes_recv == 0 || rsp->ret < 0)
 			return 0;
 
-		__private_ptr = malloc(sizeof(struct lxc_cmd_tty_rsp_data));
-		if (!__private_ptr)
-			return syserrno_set(-ENOMEM, "Failed to receive response for command \"%s\"", cur_cmdstr);
-		data_console = (struct lxc_cmd_tty_rsp_data *)__private_ptr;
-		data_console->ptxfd = move_fd(fds->fd[0]);
-		data_console->ttynum = PTR_TO_INT(rsp->data);
+		__data = malloc(sizeof(struct lxc_cmd_tty_rsp_data));
+		if (__data) {
+			struct lxc_cmd_tty_rsp_data *tty = __data;
 
+			tty->ptxfd	= move_fd(fds->fd[0]);
+			tty->ttynum	= PTR_TO_INT(rsp->data);
 			rsp->datalen	= 0;
-		rsp->data = data_console;
+			rsp->data	= tty;
 			break;
+		}
+		return syserror_set(-ENOMEM, "Failed to receive response for command \"%s\"", cur_cmdstr);
 	case LXC_CMD_CONSOLE_LOG:		/* data */
-		__private_ptr = zalloc(rsp->datalen + 1);
-		rsp->data = __private_ptr;
+		__data = zalloc(rsp->datalen + 1);
+		rsp->data = __data;
 		break;
 	default:				/* catch any additional command */
 		if (rsp->datalen > 0) {
-			__private_ptr = zalloc(rsp->datalen);
-			rsp->data = __private_ptr;
+			__data = zalloc(rsp->datalen);
+			rsp->data = __data;
 		}
 		break;
 	}
@@ -305,12 +305,12 @@ static ssize_t lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 		 * Either static or allocated memory.
 		 */
 		if (!rsp->data)
-			return syserrno_set(-ENOMEM, "Failed to prepare response buffer for command \"%s\"",
+			return syserror_set(-ENOMEM, "Failed to prepare response buffer for command \"%s\"",
 					    cur_cmdstr);
 
 		bytes_recv = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
 		if (bytes_recv != rsp->datalen)
-			return syserrno(-errno, "Failed to receive response data for command \"%s\": %zd != %d",
+			return syserror("Failed to receive response data for command \"%s\": %zd != %d",
 					cur_cmdstr, bytes_recv, rsp->datalen);
 
 		switch (cur_cmd) {
@@ -326,10 +326,10 @@ static ssize_t lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 			err = 0;
 		}
 		if (err < 0)
-			return syserrno(err, "Failed to transfer file descriptors for command \"%s\"", cur_cmdstr);
+			return syserror_ret(err, "Failed to transfer file descriptors for command \"%s\"", cur_cmdstr);
 	}
 
-	move_ptr(__private_ptr);
+	move_ptr(__data);
 	return bytes_recv;
 }
 
@@ -347,14 +347,14 @@ static int __lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
 
 	ret = lxc_send_nointr(fd, rsp, sizeof(*rsp), MSG_NOSIGNAL);
 	if (ret < 0 || (size_t)ret != sizeof(*rsp))
-		return syserrno(-errno, "Failed to send command response %zd", ret);
+		return syserror("Failed to send command response %zd", ret);
 
 	if (!rsp->data || rsp->datalen <= 0)
 		return 0;
 
 	ret = lxc_send_nointr(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
 	if (ret < 0 || ret != (ssize_t)rsp->datalen)
-		return syswarn(-errno, "Failed to send command response %zd", ret);
+		return syswarn("Failed to send command response %zd", ret);
 
 	return 0;
 }
@@ -381,7 +381,7 @@ static inline int lxc_cmd_rsp_send_keep(int fd, struct lxc_cmd_rsp *rsp)
 	return 0;
 }
 
-static inline int rsp_one_fd(int fd, int fd_send, struct lxc_cmd_rsp *rsp)
+static inline int rsp_one_fd_reap(int fd, int fd_send, struct lxc_cmd_rsp *rsp)
 {
 	ssize_t ret;
 
@@ -392,7 +392,7 @@ static inline int rsp_one_fd(int fd, int fd_send, struct lxc_cmd_rsp *rsp)
 	if (rsp->data && rsp->datalen > 0) {
 		ret = lxc_send_nointr(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
 		if (ret < 0 || ret != (ssize_t)rsp->datalen)
-			return syswarn(-errno, "Failed to send command response %zd", ret);
+			return syswarn("Failed to send command response %zd", ret);
 	}
 
 	return LXC_CMD_REAP_CLIENT_FD;
@@ -402,14 +402,14 @@ static inline int rsp_one_fd_keep(int fd, int fd_send, struct lxc_cmd_rsp *rsp)
 {
 	int ret;
 
-	ret = rsp_one_fd(fd, fd_send, rsp);
+	ret = rsp_one_fd_reap(fd, fd_send, rsp);
 	if (ret == LXC_CMD_REAP_CLIENT_FD)
 		ret = LXC_CMD_KEEP_CLIENT_FD;
 
 	return ret;
 }
 
-__access_r(3, 2) static int rsp_many_fds(int fd, __u32 fds_len,
+__access_r(3, 2) static int rsp_many_fds_reap(int fd, __u32 fds_len,
 					      const __s32 fds[static 2],
 					      struct lxc_cmd_rsp *rsp)
 {
@@ -430,7 +430,7 @@ __access_r(3, 2) static int rsp_many_fds(int fd, __u32 fds_len,
 	if (rsp->data && rsp->datalen > 0) {
 		ret = lxc_send_nointr(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
 		if (ret < 0 || ret != (ssize_t)rsp->datalen)
-			return syswarn(-errno, "Failed to send command response %zd", ret);
+			return syswarn("Failed to send command response %zd", ret);
 	}
 
 	return LXC_CMD_REAP_CLIENT_FD;
@@ -507,7 +507,7 @@ static ssize_t lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, bool *stopped,
 		if (IN_SET(errno, ECONNREFUSED, EPIPE))
 			*stopped = 1;
 
-		return systrace(-errno, "Command \"%s\" failed to connect command socket", lxc_cmd_str(cmd->req.cmd));
+		return systrace("Command \"%s\" failed to connect command socket", lxc_cmd_str(cmd->req.cmd));
 	}
 
 	ret = lxc_cmd_rsp_recv(client_fd, cmd);
@@ -622,23 +622,27 @@ static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
 int lxc_cmd_get_init_pidfd(const char *name, const char *lxcpath)
 {
 	bool stopped = false;
-	int pidfd, ret;
+	int fd;
+	ssize_t ret;
 	struct lxc_cmd_rr cmd;
 
 	lxc_cmd_init(&cmd, LXC_CMD_GET_INIT_PIDFD);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return sysdebug("Failed to process init pidfd command");
+		return sysdebug("Failed to process \"%s\"",
+				lxc_cmd_str(LXC_CMD_GET_INIT_PIDFD));
 
 	if (cmd.rsp.ret < 0)
-		return sysdebug_set(cmd.rsp.ret, "Failed to receive init pidfd");
+		return sysdebug_set(cmd.rsp.ret, "Failed to receive file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_INIT_PIDFD));
 
-	pidfd = PTR_TO_INT(cmd.rsp.data);
-	if (pidfd < 0)
-		return sysdebug_set(pidfd, "Failed to receive init pidfd");
+	fd = PTR_TO_INT(cmd.rsp.data);
+	if (fd < 0)
+		return sysdebug_set(fd, "Received invalid file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_INIT_PIDFD));
 
-	return pidfd;
+	return fd;
 }
 
 static int lxc_cmd_get_init_pidfd_callback(int fd, struct lxc_cmd_req *req,
@@ -653,12 +657,13 @@ static int lxc_cmd_get_init_pidfd_callback(int fd, struct lxc_cmd_req *req,
 		return lxc_cmd_rsp_send_reap(fd, &rsp);
 
 	rsp.ret = 0;
-	return rsp_one_fd(fd, handler->pidfd, &rsp);
+	return rsp_one_fd_reap(fd, handler->pidfd, &rsp);
 }
 
 int lxc_cmd_get_devpts_fd(const char *name, const char *lxcpath)
 {
 	bool stopped = false;
+	int fd;
 	ssize_t ret;
 	struct lxc_cmd_rr cmd;
 
@@ -666,12 +671,18 @@ int lxc_cmd_get_devpts_fd(const char *name, const char *lxcpath)
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return log_debug_errno(-1, errno, "Failed to process devpts fd command");
+		return sysdebug("Failed to process \"%s\"",
+				lxc_cmd_str(LXC_CMD_GET_DEVPTS_FD));
 
 	if (cmd.rsp.ret < 0)
-		return log_debug_errno(-EBADF, errno, "Failed to receive devpts fd");
+		return sysdebug_set(cmd.rsp.ret, "Failed to receive file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_DEVPTS_FD));
 
-	return PTR_TO_INT(cmd.rsp.data);
+	fd = PTR_TO_INT(cmd.rsp.data);
+	if (fd < 0)
+		return sysdebug_set(fd, "Received invalid file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_DEVPTS_FD));
+	return fd;
 }
 
 static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req,
@@ -682,17 +693,18 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req,
 		.ret = -EBADF,
 	};
 
-	if (!handler->conf || handler->conf->devpts_fd < 0)
+	if (handler->conf->devpts_fd < 0)
 		return lxc_cmd_rsp_send_reap(fd, &rsp);
 
 	rsp.ret = 0;
-	return rsp_one_fd(fd, handler->conf->devpts_fd, &rsp);
+	return rsp_one_fd_reap(fd, handler->conf->devpts_fd, &rsp);
 }
 
 int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath)
 {
 #ifdef HAVE_SECCOMP_NOTIFY
 	bool stopped = false;
+	int fd;
 	ssize_t ret;
 	struct lxc_cmd_rr cmd;
 
@@ -700,14 +712,20 @@ int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath)
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return log_debug_errno(-1, errno, "Failed to process seccomp notify fd command");
+		return sysdebug("Failed to process \"%s\"",
+				lxc_cmd_str(LXC_CMD_GET_SECCOMP_NOTIFY_FD));
 
 	if (cmd.rsp.ret < 0)
-		return log_debug_errno(-EBADF, errno, "Failed to receive seccomp notify fd");
-
-	return PTR_TO_INT(cmd.rsp.data);
+		return sysdebug_set(cmd.rsp.ret, "Failed to receive file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_SECCOMP_NOTIFY_FD));
+
+	fd = PTR_TO_INT(cmd.rsp.data);
+	if (fd < 0)
+		return sysdebug_set(fd, "Received invalid file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_SECCOMP_NOTIFY_FD));
+	return fd;
 #else
-	return ret_errno(EOPNOTSUPP);
+	return ret_errno(ENOSYS);
 #endif
 }
 
@@ -720,13 +738,13 @@ static int lxc_cmd_get_seccomp_notify_fd_callback(int fd, struct lxc_cmd_req *re
 		.ret = -EBADF,
 	};
 
-	if (!handler->conf || handler->conf->seccomp.notifier.notify_fd < 0)
+	if (handler->conf->seccomp.notifier.notify_fd < 0)
 		return lxc_cmd_rsp_send_reap(fd, &rsp);
 
 	rsp.ret = 0;
-	return rsp_one_fd(fd, handler->conf->seccomp.notifier.notify_fd, &rsp);
+	return rsp_one_fd_reap(fd, handler->conf->seccomp.notifier.notify_fd, &rsp);
 #else
-	return syserrno_set(-EOPNOTSUPP, "Seccomp notifier not supported");
+	return syserror_set(-EOPNOTSUPP, "Seccomp notifier not supported");
 #endif
 }
 
@@ -742,10 +760,12 @@ int lxc_cmd_get_cgroup_ctx(const char *name, const char *lxcpath,
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return log_debug_errno(-1, errno, "Failed to process cgroup context command");
+		return sysdebug("Failed to process \"%s\"",
+				lxc_cmd_str(LXC_CMD_GET_CGROUP_CTX));
 
 	if (cmd.rsp.ret < 0)
-		return log_debug_errno(-EBADF, errno, "Failed to receive cgroup fds");
+		return sysdebug_set(cmd.rsp.ret, "Failed to receive file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_CGROUP_CTX));
 
 	return 0;
 }
@@ -775,7 +795,7 @@ static int lxc_cmd_get_cgroup_ctx_callback(int fd, struct lxc_cmd_req *req,
 	rsp.ret = 0;
 	rsp.data = &ctx_server;
 	rsp.datalen = min(sizeof(struct cgroup_ctx), (size_t)req->datalen);
-	return rsp_many_fds(fd, ctx_server.fd_len, ctx_server.fd, &rsp);
+	return rsp_many_fds_reap(fd, ctx_server.fd_len, ctx_server.fd, &rsp);
 }
 
 /*
@@ -1140,7 +1160,7 @@ static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
 					   struct lxc_epoll_descr *descr)
 {
 	/* should never be called */
-	return log_error_errno(-1, ENOSYS, "Called lxc_cmd_terminal_winch_callback()");
+	return syserror_set(-ENOSYS, "Called lxc_cmd_terminal_winch_callback()");
 }
 
 /*
@@ -1166,7 +1186,8 @@ int lxc_cmd_get_tty_fd(const char *name, int *ttynum, int *fd, const char *lxcpa
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return ret;
+		return sysdebug("Failed to process \"%s\"",
+				lxc_cmd_str(LXC_CMD_GET_TTY_FD));
 
 	rspdata = cmd.rsp.data;
 	if (cmd.rsp.ret < 0)
@@ -1182,7 +1203,8 @@ int lxc_cmd_get_tty_fd(const char *name, int *ttynum, int *fd, const char *lxcpa
 	*fd	= rspdata->ptxfd;
 	*ttynum = rspdata->ttynum;
 
-	return log_info(ret, "Alloced fd %d for tty %d via socket %zd", *fd, rspdata->ttynum, ret);
+	INFO("Alloced fd %d for tty %d via socket %zd", *fd, rspdata->ttynum, ret);
+	return ret;
 }
 
 static int lxc_cmd_get_tty_fd_callback(int fd, struct lxc_cmd_req *req,
@@ -1207,7 +1229,8 @@ static int lxc_cmd_get_tty_fd_callback(int fd, struct lxc_cmd_req *req,
 		return ret;
 	}
 
-	return log_debug(ret, "Send tty to client");
+	DEBUG("Send tty to client");
+	return ret;
 }
 
 /*
@@ -1365,17 +1388,17 @@ int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
 	struct lxc_cmd_rr cmd;
 
 	if (strlen(device->access) > STRLITERALLEN("rwm"))
-		return syserrno_set(-EINVAL, "Invalid access mode specified %s", device->access);
+		return syserror_set(-EINVAL, "Invalid access mode specified %s", device->access);
 
 	lxc_cmd_init(&cmd, LXC_CMD_ADD_BPF_DEVICE_CGROUP);
 	lxc_cmd_data(&cmd, sizeof(struct device_item), device);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return syserrno_set(ret, "Failed to process new bpf device cgroup command");
+		return syserror_set(ret, "Failed to process new bpf device cgroup command");
 
 	if (cmd.rsp.ret < 0)
-		return syserrno_set(cmd.rsp.ret, "Failed to add new bpf device cgroup rule");
+		return syserror_set(cmd.rsp.ret, "Failed to add new bpf device cgroup rule");
 
 	return 0;
 }
@@ -1658,10 +1681,12 @@ int lxc_cmd_get_cgroup_fd(const char *name, const char *lxcpath,
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return log_debug_errno(-1, errno, "Failed to process cgroup fd command");
+		return sysdebug("Failed to process \"%s\"",
+				lxc_cmd_str(LXC_CMD_GET_CGROUP_FD));
 
 	if (cmd.rsp.ret < 0)
-		return log_debug_errno(-EBADF, errno, "Failed to receive cgroup fd");
+		return sysdebug_set(cmd.rsp.ret, "Failed to receive file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_CGROUP_FD));
 
 	return 0;
 }
@@ -1678,10 +1703,12 @@ int lxc_cmd_get_limit_cgroup_fd(const char *name, const char *lxcpath,
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return log_debug_errno(-1, errno, "Failed to process limit cgroup fd command");
+		return sysdebug("Failed to process \"%s\"",
+				lxc_cmd_str(LXC_CMD_GET_CGROUP_FD));
 
 	if (cmd.rsp.ret < 0)
-		return log_debug_errno(-EBADF, errno, "Failed to receive limit cgroup fd");
+		return sysdebug_set(cmd.rsp.ret, "Failed to receive file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_CGROUP_FD));
 
 	return 0;
 }
@@ -1715,7 +1742,7 @@ static int __lxc_cmd_get_cgroup_fd_callback(int fd, struct lxc_cmd_req *req,
 	rsp.ret		= 0;
 	rsp.data	= &fd_server;
 	rsp.datalen	= min(sizeof(struct cgroup_fd), (size_t)req->datalen);
-	return rsp_one_fd(fd, fd_server.fd, &rsp);
+	return rsp_one_fd_reap(fd, fd_server.fd, &rsp);
 }
 
 static int lxc_cmd_get_cgroup_fd_callback(int fd, struct lxc_cmd_req *req,
@@ -1735,6 +1762,7 @@ static int lxc_cmd_get_limit_cgroup_fd_callback(int fd, struct lxc_cmd_req *req,
 int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath)
 {
 	bool stopped = false;
+	int fd;
 	ssize_t ret;
 	struct lxc_cmd_rr cmd;
 
@@ -1742,17 +1770,24 @@ int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath)
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return -1;
+		return sysdebug("Failed to process \"%s\"",
+				lxc_cmd_str(LXC_CMD_GET_CGROUP2_FD));
 
 	if (cmd.rsp.ret < 0)
-		return log_debug_errno(cmd.rsp.ret, -cmd.rsp.ret, "Failed to receive cgroup2 fd");
+		return sysdebug_set(cmd.rsp.ret, "Failed to receive file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_CGROUP2_FD));
 
-	return PTR_TO_INT(cmd.rsp.data);
+	fd = PTR_TO_INT(cmd.rsp.data);
+	if (fd < 0)
+		return sysdebug_set(fd, "Received invalid file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_CGROUP2_FD));
+	return fd;
 }
 
 int lxc_cmd_get_limit_cgroup2_fd(const char *name, const char *lxcpath)
 {
 	bool stopped = false;
+	int fd;
 	ssize_t ret;
 	struct lxc_cmd_rr cmd;
 
@@ -1760,12 +1795,18 @@ int lxc_cmd_get_limit_cgroup2_fd(const char *name, const char *lxcpath)
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return -1;
+		return sysdebug("Failed to process \"%s\"",
+				lxc_cmd_str(LXC_CMD_GET_CGROUP2_FD));
 
 	if (cmd.rsp.ret < 0)
-		return syswarn_set(cmd.rsp.ret, "Failed to receive cgroup2 limit fd");
+		return sysdebug_set(cmd.rsp.ret, "Failed to receive file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_CGROUP2_FD));
 
-	return PTR_TO_INT(cmd.rsp.data);
+	fd = PTR_TO_INT(cmd.rsp.data);
+	if (fd < 0)
+		return sysdebug_set(fd, "Received invalid file descriptor for \"%s\"",
+				    lxc_cmd_str(LXC_CMD_GET_CGROUP2_FD));
+	return fd;
 }
 
 static int __lxc_cmd_get_cgroup2_fd_callback(int fd, struct lxc_cmd_req *req,
@@ -1791,7 +1832,7 @@ static int __lxc_cmd_get_cgroup2_fd_callback(int fd, struct lxc_cmd_req *req,
 	}
 
 	rsp.ret = 0;
-	return rsp_one_fd(fd, send_fd, &rsp);
+	return rsp_one_fd_reap(fd, send_fd, &rsp);
 }
 
 static int lxc_cmd_get_cgroup2_fd_callback(int fd, struct lxc_cmd_req *req,
@@ -1815,7 +1856,7 @@ static int lxc_cmd_rsp_send_enosys(int fd, int id)
 	};
 
 	__lxc_cmd_rsp_send(fd, &rsp);
-	return syserrno_set(-ENOSYS, "Invalid command id %d", id);
+	return syserror_set(-ENOSYS, "Invalid command id %d", id);
 }
 
 static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,

src/lxc/conf.c

@@ -1842,7 +1842,7 @@ static int lxc_setup_console(const struct lxc_handler *handler,
 		else
 			ret = lxc_terminal_set_stdfds(fd_pty);
 		if (ret < 0)
-			return syserrno(-errno, "Failed to redirect std{in,out,err} to pty file descriptor %d", fd_pty);
+			return syserror("Failed to redirect std{in,out,err} to pty file descriptor %d", fd_pty);
 	}
 
 	return ret;

src/lxc/confile.c

@@ -1825,10 +1825,10 @@ static int set_config_cgroup_dir(const char *key, const char *value,
 		return clr_config_cgroup_dir(key, lxc_conf, NULL);
 
 	if (abspath(value))
-		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+		return syserror_set(-EINVAL, "%s paths may not be absolute", key);
 
 	if (dotdot(value))
-		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
+		return syserror_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
 
 	return set_config_path_item(&lxc_conf->cgroup_meta.dir, value);
 }
@@ -1840,10 +1840,10 @@ static int set_config_cgroup_monitor_dir(const char *key, const char *value,
 		return clr_config_cgroup_monitor_dir(key, lxc_conf, NULL);
 
 	if (abspath(value))
-		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+		return syserror_set(-EINVAL, "%s paths may not be absolute", key);
 
 	if (dotdot(value))
-		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
+		return syserror_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
 
 	return set_config_path_item(&lxc_conf->cgroup_meta.monitor_dir, value);
 }
@@ -1855,10 +1855,10 @@ static int set_config_cgroup_monitor_pivot_dir(const char *key, const char *valu
 		return clr_config_cgroup_monitor_pivot_dir(key, lxc_conf, NULL);
 
 	if (abspath(value))
-		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+		return syserror_set(-EINVAL, "%s paths may not be absolute", key);
 
 	if (dotdot(value))
-		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
+		return syserror_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
 
 	return set_config_path_item(&lxc_conf->cgroup_meta.monitor_pivot_dir, value);
 }
@@ -1871,10 +1871,10 @@ static int set_config_cgroup_container_dir(const char *key, const char *value,
 		return clr_config_cgroup_container_dir(key, lxc_conf, NULL);
 
 	if (abspath(value))
-		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+		return syserror_set(-EINVAL, "%s paths may not be absolute", key);
 
 	if (dotdot(value))
-		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
+		return syserror_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
 
 	return set_config_path_item(&lxc_conf->cgroup_meta.container_dir, value);
 }
@@ -1888,7 +1888,7 @@ static int set_config_cgroup_container_inner_dir(const char *key,
 		return clr_config_cgroup_container_inner_dir(key, lxc_conf, NULL);
 
 	if (abspath(value))
-		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+		return syserror_set(-EINVAL, "%s paths may not be absolute", key);
 
 	if (strchr(value, '/') || strequal(value, ".") || strequal(value, ".."))
 		return log_error_errno(-EINVAL, EINVAL, "lxc.cgroup.dir.container.inner must be a single directory name");

src/lxc/confile_utils.c

@@ -654,7 +654,7 @@ int set_config_path_item(char **conf_item, const char *value)
 
 	normalized = lxc_deslashify(value);
 	if (!normalized)
-		return syserrno(-errno, "Failed to normalize path config item");
+		return syserror_set(-ENOMEM, "Failed to normalize path config item");
 
 	return set_config_string_item_max(conf_item, normalized, PATH_MAX);
 }

src/lxc/log.h

@@ -494,50 +494,74 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
 		__internal_ret__;                             \
 	})
 
-#define syserrno(__ret__, format, ...)                        \
+#define log_error(__ret__, format, ...)                       \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		SYSERROR(format, ##__VA_ARGS__);              \
+		ERROR(format, ##__VA_ARGS__);                 \
+		__internal_ret__;                             \
+	})
+
+#define log_trace_errno(__ret__, __errno__, format, ...)      \
+	({                                                    \
+		typeof(__ret__) __internal_ret__ = (__ret__); \
+		errno = __errno__;                            \
+		SYSTRACE(format, ##__VA_ARGS__);              \
+		__internal_ret__;                             \
+	})
+
+#define log_trace(__ret__, format, ...)                       \
+	({                                                    \
+		typeof(__ret__) __internal_ret__ = (__ret__); \
+		TRACE(format, ##__VA_ARGS__);                 \
 		__internal_ret__;                             \
 	})
 
-#define syswarn(__ret__, format, ...)                         \
+#define log_warn_errno(__ret__, __errno__, format, ...)       \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
+		errno = __errno__;                            \
 		SYSWARN(format, ##__VA_ARGS__);               \
 		__internal_ret__;                             \
 	})
 
-#define systrace(__ret__, format, ...)                        \
+#define log_warn(__ret__, format, ...)                        \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		SYSTRACE(format, ##__VA_ARGS__);              \
+		WARN(format, ##__VA_ARGS__);                  \
 		__internal_ret__;                             \
 	})
 
-#define sysinfo(__ret__, format, ...)                         \
+#define log_debug_errno(__ret__, __errno__, format, ...)      \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		SYSINFO(format, ##__VA_ARGS__);               \
+		errno = __errno__;                            \
+		SYSDEBUG(format, ##__VA_ARGS__);              \
 		__internal_ret__;                             \
 	})
 
-#define syserrno_set(__ret__, format, ...)                    \
+#define log_debug(__ret__, format, ...)                       \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		errno = labs(__ret__);                        \
-		SYSERROR(format, ##__VA_ARGS__);              \
+		DEBUG(format, ##__VA_ARGS__);                 \
 		__internal_ret__;                             \
 	})
 
-#define syswarn_set(__ret__, format, ...)                     \
+#define log_info_errno(__ret__, __errno__, format, ...)       \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		errno = labs(__ret__);                        \
-		SYSWARN(format, ##__VA_ARGS__);               \
+		errno = __errno__;                            \
+		SYSINFO(format, ##__VA_ARGS__);               \
 		__internal_ret__;                             \
 	})
 
+#define log_info(__ret__, format, ...)                        \
+	({                                                    \
+		typeof(__ret__) __internal_ret__ = (__ret__); \
+		INFO(format, ##__VA_ARGS__);                  \
+		__internal_ret__;                             \
+	})
+
+/* These are the logging return helpers to be used. */
 #define syserror(format, ...)                    \
 	({                                       \
 		SYSERROR(format, ##__VA_ARGS__); \
@@ -552,84 +576,94 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
 		__internal_ret__;                             \
 	})
 
-#define sysdebug(format, ...)                    \
+#define syserror_ret(__ret__, format, ...)                    \
 	({                                                    \
-		SYSDEBUG(format, ##__VA_ARGS__); \
+		typeof(__ret__) __internal_ret__ = (__ret__); \
+		SYSERROR(format, ##__VA_ARGS__);              \
+		__internal_ret__;                             \
+	})
+
+#define syswarn(format, ...)                    \
+	({                                      \
+		SYSWARN(format, ##__VA_ARGS__); \
 		(-errno);                       \
 	})
 
-#define sysdebug_set(__ret__, format, ...)                    \
+#define syswarn_set(__ret__, format, ...)                     \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
 		errno = labs(__ret__);                        \
-		SYSDEBUG(format, ##__VA_ARGS__);              \
+		SYSWARN(format, ##__VA_ARGS__);               \
 		__internal_ret__;                             \
 	})
 
-#define log_error(__ret__, format, ...)                       \
+#define syswarn_ret(__ret__, format, ...)                     \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		ERROR(format, ##__VA_ARGS__);                 \
+		SYSWARN(format, ##__VA_ARGS__);               \
 		__internal_ret__;                             \
 	})
 
-#define log_trace_errno(__ret__, __errno__, format, ...)      \
+#define sysinfo(format, ...)                    \
 	({                                       \
-		typeof(__ret__) __internal_ret__ = (__ret__); \
-		errno = __errno__;                            \
-		SYSTRACE(format, ##__VA_ARGS__);              \
-		__internal_ret__;                             \
+		SYSINFO(format, ##__VA_ARGS__); \
+		(-errno);                        \
 	})
 
-#define log_trace(__ret__, format, ...)                       \
+#define sysinfo_set(__ret__, format, ...)                    \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		TRACE(format, ##__VA_ARGS__);                 \
+		errno = labs(__ret__);                        \
+		SYSINFO(format, ##__VA_ARGS__);              \
 		__internal_ret__;                             \
 	})
 
-#define log_warn_errno(__ret__, __errno__, format, ...)       \
+#define sysinfo_ret(__ret__, format, ...)                    \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		errno = __errno__;                            \
-		SYSWARN(format, ##__VA_ARGS__);               \
+		SYSINFO(format, ##__VA_ARGS__);              \
 		__internal_ret__;                             \
 	})
 
-#define log_warn(__ret__, format, ...)                        \
+#define sysdebug(format, ...)                    \
 	({                                       \
-		typeof(__ret__) __internal_ret__ = (__ret__); \
-		WARN(format, ##__VA_ARGS__);                  \
-		__internal_ret__;                             \
+		SYSDEBUG(format, ##__VA_ARGS__); \
+		(-errno);                        \
 	})
 
-#define log_debug_errno(__ret__, __errno__, format, ...)      \
+#define sysdebug_set(__ret__, format, ...)                    \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		errno = __errno__;                            \
+		errno = labs(__ret__);                        \
 		SYSDEBUG(format, ##__VA_ARGS__);              \
 		__internal_ret__;                             \
 	})
 
-#define log_debug(__ret__, format, ...)                       \
+#define sysdebug_ret(__ret__, format, ...)                    \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		DEBUG(format, ##__VA_ARGS__);                 \
+		SYSDEBUG(format, ##__VA_ARGS__);              \
 		__internal_ret__;                             \
 	})
 
-#define log_info_errno(__ret__, __errno__, format, ...)       \
+#define systrace(format, ...)                    \
+	({                                       \
+		SYSTRACE(format, ##__VA_ARGS__); \
+		(-errno);                        \
+	})
+
+#define systrace_set(__ret__, format, ...)                    \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		errno = __errno__;                            \
-		SYSINFO(format, ##__VA_ARGS__);               \
+		errno = labs(__ret__);                        \
+		SYSTRACE(format, ##__VA_ARGS__);              \
 		__internal_ret__;                             \
 	})
 
-#define log_info(__ret__, format, ...)                        \
+#define systrace_ret(__ret__, format, ...)                    \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		INFO(format, ##__VA_ARGS__);                  \
+		SYSTRACE(format, ##__VA_ARGS__);              \
 		__internal_ret__;                             \
 	})