Skip to content

L
lxc
Commit 69aeabac by Tycho Andersen Committed by Serge Hallyn
Options

uniformly nullify std fds

In various places throughout the code, we want to "nullify" the std fds, opening them to /dev/null or zero or so. Instead, let's unify this code and do it in such a way that Coverity (probably) won't complain. v2: use /dev/null for stdin as well v3: add a comment about use of C's short circuiting v4: axe comment, check errors on dup2, s/quiet/need_null_stdfds Reported-by: Coverity Signed-off-by: 's avatarTycho Andersen <tycho.andersen@canonical.com> Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
parent 5b72de5f
Showing with 35 additions and 34 deletions
src/lxc/bdev.c
...@@ -224,12 +224,8 @@ static int do_mkfs(const char *path, const char *fstype) ...@@ -224,12 +224,8 @@ static int do_mkfs(const char *path, const char *fstype)
// If the file is not a block device, we don't want mkfs to ask // If the file is not a block device, we don't want mkfs to ask
// us about whether to proceed. // us about whether to proceed.
close(0); if (null_stdfds() < 0)
close(1); exit(1);
close(2);
open("/dev/zero", O_RDONLY);
open("/dev/null", O_RDWR);
open("/dev/null", O_RDWR);
execlp("mkfs", "mkfs", "-t", fstype, path, NULL); execlp("mkfs", "mkfs", "-t", fstype, path, NULL);
exit(1); exit(1);
} }
......
src/lxc/lxccontainer.c
...@@ -722,12 +722,10 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a ...@@ -722,12 +722,10 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
return false; return false;
} }
lxc_check_inherited(conf, true, -1); lxc_check_inherited(conf, true, -1);
close(0); if (null_stdfds() < 0) {
close(1); ERROR("failed to close fds");
close(2); return false;
open("/dev/zero", O_RDONLY); }
open("/dev/null", O_RDWR);
open("/dev/null", O_RDWR);
setsid(); setsid();
} else { } else {
if (!am_single_threaded()) { if (!am_single_threaded()) {
...@@ -956,7 +954,7 @@ static char *lxcbasename(char *path) ...@@ -956,7 +954,7 @@ static char *lxcbasename(char *path)
return p; return p;
} }
static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet, static bool create_run_template(struct lxc_container *c, char *tpath, bool need_null_stdfds,
char *const argv[]) char *const argv[])
{ {
pid_t pid; pid_t pid;
...@@ -978,13 +976,8 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet ...@@ -978,13 +976,8 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet
char **newargv; char **newargv;
struct lxc_conf *conf = c->lxc_conf; struct lxc_conf *conf = c->lxc_conf;
if (quiet) { if (need_null_stdfds && null_stdfds() < 0) {
close(0); exit(1);
close(1);
close(2);
open("/dev/zero", O_RDONLY);
open("/dev/null", O_RDWR);
open("/dev/null", O_RDWR);
} }
src = c->lxc_conf->rootfs.path; src = c->lxc_conf->rootfs.path;
......
src/lxc/monitor.c
...@@ -329,12 +329,8 @@ int lxc_monitord_spawn(const char *lxcpath) ...@@ -329,12 +329,8 @@ int lxc_monitord_spawn(const char *lxcpath)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
lxc_check_inherited(NULL, true, pipefd[1]); lxc_check_inherited(NULL, true, pipefd[1]);
close(0); if (null_stdfds() < 0)
close(1); exit(EXIT_FAILURE);
close(2);
open("/dev/null", O_RDONLY);
open("/dev/null", O_RDWR);
open("/dev/null", O_RDWR);
close(pipefd[0]); close(pipefd[0]);
sprintf(pipefd_str, "%d", pipefd[1]); sprintf(pipefd_str, "%d", pipefd[1]);
execvp(args[0], args); execvp(args[0], args);
......
src/lxc/start.c
...@@ -762,14 +762,8 @@ static int do_start(void *data) ...@@ -762,14 +762,8 @@ static int do_start(void *data)
close(handler->sigfd); close(handler->sigfd);
if (handler->backgrounded) { if (handler->backgrounded && null_stdfds() < 0)
close(0); goto out_warn_father;
close(1);
close(2);
open("/dev/zero", O_RDONLY);
open("/dev/null", O_RDWR);
open("/dev/null", O_RDWR);
}
/* after this call, we are in error because this /* after this call, we are in error because this
* ops should not return as it execs */ * ops should not return as it execs */
......
src/lxc/utils.c
...@@ -1445,3 +1445,24 @@ domount: ...@@ -1445,3 +1445,24 @@ domount:
INFO("Mounted /proc in container for security transition"); INFO("Mounted /proc in container for security transition");
return 1; return 1;
} }
int null_stdfds(void)
{
int fd, ret = -1;
fd = open("/dev/null", O_RDWR);
if (fd < 0)
return -1;
if (dup2(fd, 0) < 0)
goto err;
if (dup2(fd, 1) < 0)
goto err;
if (dup2(fd, 2) < 0)
goto err;
ret = 0;
err:
close(fd);
return ret;
}
src/lxc/utils.h
...@@ -280,4 +280,5 @@ int is_dir(const char *path); ...@@ -280,4 +280,5 @@ int is_dir(const char *path);
char *get_template_path(const char *t); char *get_template_path(const char *t);
int setproctitle(char *title); int setproctitle(char *title);
int mount_proc_if_needed(const char *rootfs); int mount_proc_if_needed(const char *rootfs);
int null_stdfds(void);
#endif /* __LXC_UTILS_H */ #endif /* __LXC_UTILS_H */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment