utils: introduce safe_mount_beneath_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: introduce safe_mount_beneath_at()
3eda62ad · Christian Brauner · bf5f0d7b · 3eda62ad · 3eda62ad · 3eda62ad
Unverified Commit 3eda62ad authored Aug 09, 2020 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 9 deletions

conf.c src/lxc/conf.c +1 -1

utils.c src/lxc/utils.c +23 -6

utils.h src/lxc/utils.h +4 -2

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1074,7 +1074,7 @@ static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs,
 		goto reset_umask;
 	}

-	ret = safe_mount_beneath(path, "none", "dev", "tmpfs", 0, mount_options);
+	ret = safe_mount_beneath_at(root_mntpt_fd, "none", "dev", "tmpfs", 0, mount_options);
 	if (ret < 0) {
 		__do_free char *fallback_path = NULL;


--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1079,11 +1079,10 @@ out:
 	return dirfd;
 }

-int safe_mount_beneath(const char *beneath, const char *src, const char *dst, const char *fstype,
-		       unsigned int flags, const void *data)
+int __safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, const char *fstype,
+			    unsigned int flags, const void *data)
 {
-	__do_close int beneath_fd = -EBADF, source_fd = -EBADF, target_fd = -EBADF;
-	const char *path = beneath ? beneath : "/";
+	__do_close int source_fd = -EBADF, target_fd = -EBADF;
 	struct lxc_open_how how = {
 		.flags		= O_RDONLY | O_CLOEXEC | O_PATH,
 		.resolve	= RESOLVE_NO_XDEV | RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS | RESOLVE_BENEATH,
@@ -1091,9 +1090,8 @@ int safe_mount_beneath(const char *beneath, const char *src, const char *dst, co
 	int ret;
 	char src_buf[LXC_PROC_PID_FD_LEN], tgt_buf[LXC_PROC_PID_FD_LEN];

-	beneath_fd = openat(-1, beneath, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH);
 	if (beneath_fd < 0)
-		return log_error_errno(-errno, errno, "Failed to open %s", path);
+		return -EINVAL;

 	if ((flags & MS_BIND) && src && src[0] != '/') {
 		source_fd = openat2(beneath_fd, src, &how, sizeof(how));
@@ -1117,6 +1115,25 @@ int safe_mount_beneath(const char *beneath, const char *src, const char *dst, co
 	return ret;
 }

+int safe_mount_beneath(const char *beneath, const char *src, const char *dst, const char *fstype,
+		       unsigned int flags, const void *data)
+{
+	__do_close int beneath_fd = -EBADF;
+	const char *path = beneath ? beneath : "/";
+
+	beneath_fd = openat(-1, beneath, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH);
+	if (beneath_fd < 0)
+		return log_error_errno(-errno, errno, "Failed to open %s", path);
+
+	return __safe_mount_beneath_at(beneath_fd, src, dst, fstype, flags, data);
+}
+
+int safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, const char *fstype,
+			  unsigned int flags, const void *data)
+{
+	return __safe_mount_beneath_at(beneath_fd, src, dst, fstype, flags, data);
+}
+
 /*
 * Safely mount a path into a container, ensuring that the mount target
 * is under the container's @rootfs.  (If @rootfs is NULL, then the container

--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -244,7 +244,9 @@ static inline bool gid_valid(gid_t gid)
 	return gid != LXC_INVALID_GID;
 }

-extern int safe_mount_beneath(const char *beneath, const char *src, const char *dst,
-			      const char *fstype, unsigned int flags, const void *data);
+__hidden extern int safe_mount_beneath(const char *beneath, const char *src, const char *dst,
+				       const char *fstype, unsigned int flags, const void *data);
+__hidden extern int safe_mount_beneath_at(int beneat_fd, const char *src, const char *dst,
+					  const char *fstype, unsigned int flags, const void *data);

 #endif /* __LXC_UTILS_H */