tree-wide: extend read_file_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: extend read_file_at()
46bf13b7 · Christian Brauner · 5129b2d3 · 46bf13b7 · 46bf13b7 · 46bf13b7
Unverified Commit 46bf13b7 authored Feb 01, 2021 by Christian Brauner
Showing with 19 additions and 14 deletions

cgfsng.c src/lxc/cgroups/cgfsng.c +9 -9

file_utils.c src/lxc/file_utils.c +3 -2

file_utils.h src/lxc/file_utils.h +3 -1

apparmor.c src/lxc/lsm/apparmor.c +2 -1

selinux.c src/lxc/lsm/selinux.c +2 -1

No files found.
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -324,7 +324,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
 	bool flipped_bit = false;
 	fpath = must_make_path(parent_cgroup, "cpuset.cpus", NULL);
-	posscpus = read_file_at(-EBADF, fpath);
+	posscpus = read_file_at(-EBADF, fpath, PROTECT_OPEN, 0);
 	if (!posscpus)
 		return log_error_errno(false, errno, "Failed to read file \"%s\"", fpath);
@@ -334,7 +334,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
 		return false;
 	if (file_exists(__ISOL_CPUS)) {
-		isolcpus = read_file_at(-EBADF, __ISOL_CPUS);
+		isolcpus = read_file_at(-EBADF, __ISOL_CPUS, PROTECT_OPEN, 0);
 		if (!isolcpus)
 			return log_error_errno(false, errno, "Failed to read file \"%s\"", __ISOL_CPUS);
@@ -353,7 +353,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
 	}
 	if (file_exists(__OFFLINE_CPUS)) {
-		offlinecpus = read_file_at(-EBADF, __OFFLINE_CPUS);
+		offlinecpus = read_file_at(-EBADF, __OFFLINE_CPUS, PROTECT_OPEN, 0);
 		if (!offlinecpus)
 			return log_error_errno(false, errno, "Failed to read file \"%s\"", __OFFLINE_CPUS);
@@ -672,7 +672,7 @@ static char **cg_unified_get_controllers(int dfd, const char *file)
 	char *sep = " \t\n";
 	char *tok;
-	buf = read_file_at(dfd, file);
+	buf = read_file_at(dfd, file, PROTECT_OPEN, 0);
 	if (!buf)
 		return NULL;
@@ -3145,7 +3145,7 @@ static void cg_unified_delegate(char ***delegate)
 	char *token;
 	int idx;
-	buf = read_file_at(-EBADF, "/sys/kernel/cgroup/delegate");
+	buf = read_file_at(-EBADF, "/sys/kernel/cgroup/delegate", PROTECT_OPEN, 0);
 	if (!buf) {
 		for (char **p = standard; p && *p; p++) {
 			idx = append_null_to_list((void ***)delegate);
@@ -3183,9 +3183,9 @@ static int cg_hybrid_init(struct cgroup_ops *ops, bool relative, bool unprivileg
 	 * cgroups as our base in that case.
 	 */
 	if (!relative && (geteuid() == 0))
-		basecginfo = read_file_at(-EBADF, "/proc/1/cgroup");
+		basecginfo = read_file_at(-EBADF, "/proc/1/cgroup", PROTECT_OPEN, 0);
 	else
-		basecginfo = read_file_at(-EBADF, "/proc/self/cgroup");
+		basecginfo = read_file_at(-EBADF, "/proc/self/cgroup", PROTECT_OPEN, 0);
 	if (!basecginfo)
 		return ret_set_errno(-1, ENOMEM);
@@ -3314,9 +3314,9 @@ static char *cg_unified_get_current_cgroup(bool relative)
 	char *base_cgroup;
 	if (!relative && (geteuid() == 0))
-		basecginfo = read_file_at(-EBADF, "/proc/1/cgroup");
+		basecginfo = read_file_at(-EBADF, "/proc/1/cgroup", PROTECT_OPEN, 0);
 	else
-		basecginfo = read_file_at(-EBADF, "/proc/self/cgroup");
+		basecginfo = read_file_at(-EBADF, "/proc/self/cgroup", PROTECT_OPEN, 0);
 	if (!basecginfo)
 		return NULL;

--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -674,7 +674,8 @@ static void append_line(char **dest, size_t oldlen, char *new, size_t newlen)
 }
 /* Slurp in a whole file */
-char *read_file_at(int dfd, const char *fnam)
+char *read_file_at(int dfd, const char *fnam,
+		   unsigned int o_flags, unsigned resolve_flags)
 {
 	__do_close int fd = -EBADF;
 	__do_free char *buf = NULL, *line = NULL;
@@ -682,7 +683,7 @@ char *read_file_at(int dfd, const char *fnam)
 	size_t len = 0, fulllen = 0;
 	int linelen;
-	fd = openat(dfd, fnam, O_NOCTTY | O_CLOEXEC | O_NOFOLLOW | O_RDONLY);
+	fd = open_at(dfd, fnam, o_flags, resolve_flags, 0);
 	if (fd < 0)
 		return NULL;

--- a/src/lxc/file_utils.h
+++ b/src/lxc/file_utils.h
@@ -91,6 +91,8 @@ static inline int open_beneath(int dfd, const char *path, unsigned int flags)
 	return open_at(dfd, path, flags, PROTECT_LOOKUP_BENEATH, 0);
 }
 __hidden int fd_make_nonblocking(int fd);
-__hidden extern char *read_file_at(int dfd, const char *fnam);
+__hidden extern char *read_file_at(int dfd, const char *fnam,
+                                   unsigned int o_flags,
+                                   unsigned resolve_flags);
 #endif /* __LXC_FILE_UTILS_H */
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -16,6 +16,7 @@
 #include "conf.h"
 #include "config.h"
 #include "initutils.h"
+#include "file_utils.h"
 #include "log.h"
 #include "lsm.h"
 #include "parse.h"
@@ -446,7 +447,7 @@ static char *apparmor_process_label_get_at(struct lsm_ops *ops, int fd_pid)
 	__do_free char *label = NULL;
 	size_t len;
-	label = read_file_at(fd_pid, "attr/current");
+	label = read_file_at(fd_pid, "attr/current", PROTECT_OPEN, 0);
 	if (!label)
 		return log_error_errno(NULL, errno, "Failed to get AppArmor context");

--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -13,6 +13,7 @@
 #include "conf.h"
 #include "config.h"
+#include "file_utils.h"
 #include "log.h"
 #include "lsm.h"
 #include "memory_utils.h"
@@ -56,7 +57,7 @@ static char *selinux_process_label_get_at(struct lsm_ops *ops, int fd_pid)
 	__do_free char *label = NULL;
 	size_t len;
-	label = read_file_at(fd_pid, "attr/current");
+	label = read_file_at(fd_pid, "attr/current", PROTECT_OPEN, 0);
 	if (!label)
 		return log_error_errno(NULL, errno, "Failed to get SELinux context");