Merge pull request #2459 from brauner/2018-07-11/cleanup_makefile

autotool fixes, attach cleanups

Merge pull request #2459 from brauner/2018-07-11/cleanup_makefile
99c42eaa · Stéphane Graber · GitHub · 4017e680 · ae026f55 · 99c42eaa
Unverified Commit 99c42eaa authored Jul 12, 2018 by Stéphane Graber Committed by GitHub Jul 12, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 340 additions and 328 deletions

Makefile.am src/lxc/Makefile.am +216 -182

attach.c src/lxc/attach.c +124 -146

No files found.
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
-pkginclude_HEADERS = \
+pkginclude_HEADERS = attach_options.h \
-	attach_options.h \
+		     lxccontainer.h \
-	lxccontainer.h \
+		     version.h
-	version.h
+noinst_HEADERS = attach.h \
-noinst_HEADERS = \
+		 caps.h \
-	attach.h \
+		 cgroups/cgroup.h \
-	storage/storage.h \
+		 cgroups/cgroup_utils.h \
-	storage/btrfs.h \
+		 conf.h \
-	storage/dir.h \
+		 confile.h \
-	storage/loop.h \
+		 confile_utils.h \
-	storage/lvm.h \
+		 criu.h \
-	storage/nbd.h \
+		 error.h \
-	storage/overlay.h \
+		 initutils.h \
-	storage/rbd.h \
+		 list.h \
-	storage/rsync.h \
+		 log.h \
-	storage/zfs.h \
+		 lxc.h \
-	storage/storage_utils.h \
+		 lxclock.h \
-	tools/arguments.h \
+		 monitor.h \
-	cgroups/cgroup.h \
+		 namespace.h \
-	cgroups/cgroup_utils.h \
+		 start.h \
-	caps.h \
+		 state.h \
-	conf.h \
+		 storage/btrfs.h \
-	confile.h \
+		 storage/dir.h \
-	confile_utils.h \
+		 storage/loop.h \
-	error.h \
+		 storage/lvm.h \
-	initutils.h \
+		 storage/nbd.h \
-	list.h \
+		 storage/overlay.h \
-	log.h \
+		 storage/rbd.h \
-	lxc.h \
+		 storage/rsync.h \
-	lxclock.h \
+		 storage/storage.h \
-	monitor.h \
+		 storage/storage_utils.h \
-	namespace.h \
+		 storage/zfs.h \
-	start.h \
+		 terminal.h \
-	state.h \
+		 ../tests/lxctest.h \
-	terminal.h \
+		 tools/arguments.h \
-	utils.h \
+		 utils.h
-	criu.h \
-	../tests/lxctest.h
 if IS_BIONIC
-noinst_HEADERS += \
+noinst_HEADERS += ../include/ifaddrs.h \
-	../include/ifaddrs.h \
+		  ../include/lxcmntent.h \
-	../include/openpty.h \
+		  ../include/openpty.h
-	../include/lxcmntent.h
 endif
 if !HAVE_PRLIMIT
@@ -67,9 +64,9 @@ endif
 sodir=$(libdir)
-LSM_SOURCES = \
+LSM_SOURCES = lsm/lsm.c \
-	lsm/nop.c \
+	      lsm/lsm.h \
-	lsm/lsm.h lsm/lsm.c
+	      lsm/nop.c
 if ENABLE_APPARMOR
 LSM_SOURCES += lsm/apparmor.c
@@ -80,65 +77,63 @@ LSM_SOURCES += lsm/selinux.c
 endif
 lib_LTLIBRARIES = liblxc.la
-liblxc_la_SOURCES = \
+liblxc_la_SOURCES = af_unix.c af_unix.h \
-	storage/storage.c storage/storage.h \
+		    attach.c attach.h \
-	storage/btrfs.c storage/btrfs.h \
+		    caps.c caps.h \
-	storage/dir.c storage/dir.h \
+		    cgroups/cgfsng.c \
-	storage/loop.c storage/loop.h \
+		    cgroups/cgroup.c cgroups/cgroup.h \
-	storage/lvm.c storage/lvm.h \
+		    cgroups/cgroup_utils.c cgroups/cgroup_utils.h \
-	storage/nbd.c storage/nbd.h \
+		    commands.c commands.h \
-	storage/overlay.c storage/overlay.h \
+		    commands_utils.c commands_utils.h \
-	storage/rbd.c storage/rbd.h \
+		    conf.c conf.h \
-	storage/rsync.c storage/rsync.h \
+		    confile.c confile.h \
-	storage/zfs.c storage/zfs.h \
+		    confile_utils.c confile_utils.h \
-	storage/storage_utils.c storage/storage_utils.h \
+		    criu.c criu.h \
-	cgroups/cgfsng.c \
+		    error.c error.h \
-	cgroups/cgroup_utils.c cgroups/cgroup_utils.h \
+		    execute.c \
-	cgroups/cgroup.c cgroups/cgroup.h \
+		    freezer.c \
-	commands.c commands.h \
+		    initutils.c initutils.h \
-	commands_utils.c commands_utils.h \
+		    list.h \
-	start.c start.h \
+		    log.c log.h \
-	execute.c \
+		    lxc.h \
-	monitor.c monitor.h \
+		    lxccontainer.c lxccontainer.h \
-	terminal.c \
+		    lxclock.c lxclock.h \
-	freezer.c \
+		    lxcseccomp.h \
-	error.h error.c \
+		    mainloop.c mainloop.h \
-	parse.c parse.h \
+		    namespace.c namespace.h \
-	lxc.h \
+		    nl.c nl.h \
-	initutils.c initutils.h \
+		    network.c network.h \
-	utils.c utils.h \
+		    monitor.c monitor.h \
-	sync.c sync.h \
+		    parse.c parse.h \
-	namespace.h namespace.c \
+		    ringbuf.c ringbuf.h \
-	conf.c conf.h \
+		    rtnl.c rtnl.h \
-	confile.c confile.h \
+		    state.c state.h \
-	confile_utils.c confile_utils.h \
+		    start.c start.h \
-	list.h \
+		    storage/btrfs.c storage/btrfs.h \
-	state.c state.h \
+		    storage/dir.c storage/dir.h \
-	log.c log.h \
+		    storage/loop.c storage/loop.h \
-	attach.c attach.h \
+		    storage/lvm.c storage/lvm.h \
-	criu.c criu.h \
+		    storage/nbd.c storage/nbd.h \
-	ringbuf.c ringbuf.h \
+		    storage/overlay.c storage/overlay.h \
-	\
+		    storage/rbd.c storage/rbd.h \
-	network.c network.h \
+		    storage/rsync.c storage/rsync.h \
-	nl.c nl.h \
+		    storage/storage.c storage/storage.h \
-	rtnl.c rtnl.h \
+		    storage/storage_utils.c storage/storage_utils.h \
-	\
+		    storage/zfs.c storage/zfs.h \
-	caps.c caps.h \
+		    sync.c sync.h \
-	lxcseccomp.h \
+		    terminal.c \
-	mainloop.c mainloop.h \
+		    utils.c utils.h \
-	af_unix.c af_unix.h \
+		    version.h \
-	\
+		    $(LSM_SOURCES)
-	lxclock.h lxclock.c \
-	lxccontainer.c lxccontainer.h \
-	version.h \
-	\
-	$(LSM_SOURCES)
 if IS_BIONIC
-liblxc_la_SOURCES += \
+liblxc_la_SOURCES += ../include/ifaddrs.c ../include/ifaddrs.h \
-	../include/ifaddrs.c ../include/ifaddrs.h \
+		     ../include/lxcmntent.c ../include/lxcmntent.h \
-	../include/openpty.c ../include/openpty.h \
+		     ../include/openpty.c ../include/openpty.h
-	../include/lxcmntent.c ../include/lxcmntent.h
+endif
+if !HAVE_GETGRGID_R
+liblxc_la_SOURCES += ../include/getgrgid_r.c ../include/getgrgid_r.h
 endif
 if !HAVE_GETLINE
@@ -165,28 +160,24 @@ if !HAVE_STRLCAT
 liblxc_la_SOURCES += ../include/strlcat.c ../include/strlcat.h
 endif
-if !HAVE_GETGRGID_R
+AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
-liblxc_la_SOURCES += ../include/getgrgid_r.c ../include/getgrgid_r.h
+	    -DLXCPATH=\"$(LXCPATH)\" \
-endif
+	    -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \
+	    -DLXCINITDIR=\"$(LXCINITDIR)\" \
-AM_CFLAGS=-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
+	    -DLIBEXECDIR=\"$(LIBEXECDIR)\" \
-	-DLXCPATH=\"$(LXCPATH)\" \
+	    -DLXCTEMPLATEDIR=\"$(LXCTEMPLATEDIR)\" \
-	-DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \
+	    -DLXCTEMPLATECONFIG=\"$(LXCTEMPLATECONFIG)\" \
-	-DLXCINITDIR=\"$(LXCINITDIR)\" \
+	    -DLOGPATH=\"$(LOGPATH)\" \
-	-DLIBEXECDIR=\"$(LIBEXECDIR)\" \
+	    -DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \
-	-DLXCTEMPLATEDIR=\"$(LXCTEMPLATEDIR)\" \
+	    -DLXC_USERNIC_DB=\"$(LXC_USERNIC_DB)\" \
-	-DLXCTEMPLATECONFIG=\"$(LXCTEMPLATECONFIG)\" \
+	    -DLXC_USERNIC_CONF=\"$(LXC_USERNIC_CONF)\" \
-	-DLOGPATH=\"$(LOGPATH)\" \
+	    -DDEFAULT_CGROUP_PATTERN=\"$(DEFAULT_CGROUP_PATTERN)\" \
-	-DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \
+	    -DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \
-	-DLXC_USERNIC_DB=\"$(LXC_USERNIC_DB)\" \
+	    -DSBINDIR=\"$(SBINDIR)\" \
-	-DLXC_USERNIC_CONF=\"$(LXC_USERNIC_CONF)\" \
+	    -I $(top_srcdir)/src \
-	-DDEFAULT_CGROUP_PATTERN=\"$(DEFAULT_CGROUP_PATTERN)\" \
+	    -I $(top_srcdir)/src/lxc \
-	-DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \
+	    -I $(top_srcdir)/src/lxc/storage \
-	-DSBINDIR=\"$(SBINDIR)\" \
+	    -I $(top_srcdir)/src/lxc/cgroups
-	-I $(top_srcdir)/src \
-	-I $(top_srcdir)/src/lxc \
-	-I $(top_srcdir)/src/lxc/storage \
-	-I $(top_srcdir)/src/lxc/cgroups
 if ENABLE_APPARMOR
 AM_CFLAGS += -DHAVE_APPARMOR
@@ -197,7 +188,8 @@ AM_CFLAGS += -DHAVE_LIBGNUTLS
 endif
 if ENABLE_SECCOMP
-AM_CFLAGS += -DHAVE_SECCOMP $(SECCOMP_CFLAGS)
+AM_CFLAGS += -DHAVE_SECCOMP \
+	     $(SECCOMP_CFLAGS)
 endif
 if ENABLE_SELINUX
@@ -231,75 +223,105 @@ bin_SCRIPTS += cmd/lxc-checkconfig \
 endif
 if ENABLE_TOOLS
-bin_PROGRAMS = \
+bin_PROGRAMS = lxc-attach \
-	lxc-attach \
+	       lxc-autostart \
-	lxc-autostart \
+	       lxc-cgroup \
-	lxc-cgroup \
+	       lxc-checkpoint \
-	lxc-checkpoint \
+	       lxc-copy \
-	lxc-copy \
+	       lxc-config \
-	lxc-config \
+	       lxc-console \
-	lxc-console \
+	       lxc-create \
-	lxc-create \
+	       lxc-destroy \
-	lxc-destroy \
+	       lxc-device \
-	lxc-device \
+	       lxc-execute \
-	lxc-execute \
+	       lxc-freeze \
-	lxc-freeze \
+	       lxc-info \
-	lxc-info \
+	       lxc-ls \
-	lxc-ls \
+	       lxc-monitor \
-	lxc-monitor \
+	       lxc-snapshot \
-	lxc-snapshot \
+	       lxc-start \
-	lxc-start \
+	       lxc-stop \
-	lxc-stop \
+	       lxc-top \
-	lxc-top \
+	       lxc-unfreeze \
-	lxc-unfreeze \
+	       lxc-unshare \
-	lxc-unshare \
+	       lxc-usernsexec \
-	lxc-usernsexec \
+	       lxc-wait
-	lxc-wait
 endif
 if ENABLE_COMMANDS
 sbin_PROGRAMS = init.lxc
-pkglibexec_PROGRAMS = \
-	lxc-monitord \
+pkglibexec_PROGRAMS = lxc-monitord \
-	lxc-user-nic
+		      lxc-user-nic
 endif
 AM_LDFLAGS = -Wl,-E
 if ENABLE_RPATH
 AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir)
 endif
-LDADD=liblxc.la @CAP_LIBS@ @GNUTLS_LIBS@ @SELINUX_LIBS@ @SECCOMP_LIBS@
+LDADD = liblxc.la \
+	@CAP_LIBS@ \
+	@GNUTLS_LIBS@ \
+	@SECCOMP_LIBS@ \
+	@SELINUX_LIBS@
 if ENABLE_TOOLS
-lxc_attach_SOURCES = tools/lxc_attach.c tools/arguments.c
+lxc_attach_SOURCES = tools/lxc_attach.c \
-lxc_autostart_SOURCES = tools/lxc_autostart.c tools/arguments.c
+		     tools/arguments.c tools/arguments.h
-lxc_cgroup_SOURCES = tools/lxc_cgroup.c tools/arguments.c
+lxc_autostart_SOURCES = tools/lxc_autostart.c \
-lxc_config_SOURCES = tools/lxc_config.c tools/arguments.c
+			tools/arguments.c tools/arguments.h
-lxc_console_SOURCES = tools/lxc_console.c tools/arguments.c
+lxc_cgroup_SOURCES = tools/lxc_cgroup.c \
-lxc_destroy_SOURCES = tools/lxc_destroy.c tools/arguments.c
+		     tools/arguments.c tools/arguments.h
-lxc_device_SOURCES = tools/lxc_device.c tools/arguments.c
+lxc_config_SOURCES = tools/lxc_config.c \
-lxc_execute_SOURCES = tools/lxc_execute.c tools/arguments.c
+		     tools/arguments.c tools/arguments.h
-lxc_freeze_SOURCES = tools/lxc_freeze.c tools/arguments.c
+lxc_console_SOURCES = tools/lxc_console.c \
-lxc_info_SOURCES = tools/lxc_info.c tools/arguments.c
+		      tools/arguments.c tools/arguments.h
-lxc_monitor_SOURCES = tools/lxc_monitor.c tools/arguments.c
+lxc_destroy_SOURCES = tools/lxc_destroy.c \
-lxc_ls_SOURCES = tools/lxc_ls.c tools/arguments.c
+		      tools/arguments.c tools/arguments.h
-lxc_copy_SOURCES = tools/lxc_copy.c tools/arguments.c
+lxc_device_SOURCES = tools/lxc_device.c \
-lxc_start_SOURCES = tools/lxc_start.c tools/arguments.c
+		     tools/arguments.c tools/arguments.h
-lxc_stop_SOURCES = tools/lxc_stop.c tools/arguments.c
+lxc_execute_SOURCES = tools/lxc_execute.c \
-lxc_top_SOURCES = tools/lxc_top.c tools/arguments.c
+		      tools/arguments.c tools/arguments.h
-lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c tools/arguments.c
+lxc_freeze_SOURCES = tools/lxc_freeze.c \
-lxc_unshare_SOURCES = tools/lxc_unshare.c tools/arguments.c
+		     tools/arguments.c tools/arguments.h
-lxc_wait_SOURCES = tools/lxc_wait.c tools/arguments.c
+lxc_info_SOURCES = tools/lxc_info.c \
-lxc_create_SOURCES = tools/lxc_create.c tools/arguments.c
+		   tools/arguments.c tools/arguments.h
-lxc_snapshot_SOURCES = tools/lxc_snapshot.c tools/arguments.c
+lxc_monitor_SOURCES = tools/lxc_monitor.c \
-lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c tools/arguments.c
+		      tools/arguments.c tools/arguments.h
+lxc_ls_SOURCES = tools/lxc_ls.c \
+		 tools/arguments.c tools/arguments.h
+lxc_copy_SOURCES = tools/lxc_copy.c \
+		   tools/arguments.c tools/arguments.h
+lxc_start_SOURCES = tools/lxc_start.c \
+		    tools/arguments.c tools/arguments.h
+lxc_stop_SOURCES = tools/lxc_stop.c \
+		   tools/arguments.c tools/arguments.h
+lxc_top_SOURCES = tools/lxc_top.c \
+		  tools/arguments.c tools/arguments.h
+lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \
+		       tools/arguments.c tools/arguments.h
+lxc_unshare_SOURCES = tools/lxc_unshare.c \
+		      tools/arguments.c tools/arguments.h
+lxc_wait_SOURCES = tools/lxc_wait.c \
+		   tools/arguments.c tools/arguments.h
+lxc_create_SOURCES = tools/lxc_create.c \
+		     tools/arguments.c tools/arguments.h
+lxc_snapshot_SOURCES = tools/lxc_snapshot.c \
+		       tools/arguments.c tools/arguments.h
+lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \
+			 tools/arguments.c tools/arguments.h
 endif
 if ENABLE_COMMANDS
 # Binaries shipping with liblxc
 init_lxc_SOURCES = cmd/lxc_init.c
 lxc_monitord_SOURCES = cmd/lxc_monitord.c
-lxc_user_nic_SOURCES = cmd/lxc_user_nic.c namespace.c network.c parse.c
+lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
+		       namespace.c namespace.h \
+		       network.c network.h \
+		       parse.c parse.h
 lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c
 endif
@@ -314,11 +336,17 @@ if ENABLE_COMMANDS
 if HAVE_STATIC_LIBCAP
 sbin_PROGRAMS += init.lxc.static
-init_lxc_static_SOURCES = cmd/lxc_init.c error.c log.c initutils.c caps.c parse.c namespace.c
+init_lxc_static_SOURCES = cmd/lxc_init.c \
+			  caps.c caps.h \
+			  error.c error.h \
+			  initutils.c initutils.h \
+			  log.c log.h \
+			  namespace.c namespace.h \
+			  parse.c parse.h
 if !HAVE_GETLINE
 if HAVE_FGETLN
-init_lxc_static_SOURCES += ../include/getline.c
+init_lxc_static_SOURCES += ../include/getline.c ../include/getline.h
 endif
 endif
@@ -339,10 +367,16 @@ endif
 if ENABLE_PAM
 if HAVE_PAM
 pam_LTLIBRARIES = pam_cgfs.la
-pam_cgfs_la_SOURCES = pam/pam_cgfs.c pam/utils.c pam/utils.h
+pam_cgfs_la_SOURCES = pam/pam_cgfs.c \
+		      pam/utils.c pam/utils.h
 pam_cgfs_la_CFLAGS = $(AM_CFLAGS)
-pam_cgfs_la_LIBADD = $(AM_LIBS) $(PAM_LIBS) -L$(top_srcdir)
+pam_cgfs_la_LIBADD = $(AM_LIBS) \
-pam_cgfs_la_LDFLAGS = $(AM_LDFLAGS) -module -avoid-version -shared
+		     $(PAM_LIBS) \
+		     -L$(top_srcdir)
+pam_cgfs_la_LDFLAGS = $(AM_LDFLAGS) \
+		      -avoid-version \
+		      -module \
+		      -shared
 endif
 endif

--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -448,12 +448,15 @@ static char *lxc_attach_getpwshell(uid_t uid)
 	int fd, ret;
 	pid_t pid;
 	int pipes[2];
-	char *result = NULL;
+	FILE *pipe_f;
+	bool found = false;
+	size_t line_bufsz = 0;
+	char *line = NULL, *result = NULL;
 	/* We need to fork off a process that runs the getent program, and we
 	 * need to capture its output, so we use a pipe for that purpose.
 	 */
-	ret = pipe(pipes);
+	ret = pipe2(pipes, O_CLOEXEC);
 	if (ret < 0)
 		return NULL;
@@ -464,100 +467,7 @@ static char *lxc_attach_getpwshell(uid_t uid)
 		return NULL;
 	}
-	if (pid) {
+	if (!pid) {
-		int status;
-		FILE *pipe_f;
-		int found = 0;
-		size_t line_bufsz = 0;
-		char *line = NULL;
-		close(pipes[1]);
-		pipe_f = fdopen(pipes[0], "r");
-		while (getline(&line, &line_bufsz, pipe_f) != -1) {
-			int i;
-			long value;
-			char *token;
-			char *endptr = NULL, *saveptr = NULL;
-			/* If we already found something, just continue to read
-			 * until the pipe doesn't deliver any more data, but
-			 * don't modify the existing data structure.
-			 */
-			if (found)
-				continue;
-			/* Trim line on the right hand side. */
-			for (i = strlen(line); i > 0 && (line[i - 1] == '\n' || line[i - 1] == '\r'); --i)
-				line[i - 1] = '\0';
-			/* Split into tokens: first: user name. */
-			token = strtok_r(line, ":", &saveptr);
-			if (!token)
-				continue;
-			/* next: dummy password field */
-			token = strtok_r(NULL, ":", &saveptr);
-			if (!token)
-				continue;
-			/* next: user id */
-			token = strtok_r(NULL, ":", &saveptr);
-			value = token ? strtol(token, &endptr, 10) : 0;
-			if (!token || !endptr || *endptr || value == LONG_MIN || value == LONG_MAX)
-				continue;
-			/* dummy sanity check: user id matches */
-			if ((uid_t) value != uid)
-				continue;
-			/* skip fields: gid, gecos, dir, go to next field 'shell' */
-			for (i = 0; i < 4; i++) {
-				token = strtok_r(NULL, ":", &saveptr);
-				if (!token)
-					break;
-			}
-			if (!token)
-				continue;
-			free(result);
-			result = strdup(token);
-			/* Sanity check that there are no fields after that. */
-			token = strtok_r(NULL, ":", &saveptr);
-			if (token)
-				continue;
-			found = 1;
-		}
-		free(line);
-		fclose(pipe_f);
-	again:
-		if (waitpid(pid, &status, 0) < 0) {
-			if (errno == EINTR)
-				goto again;
-			free(result);
-			return NULL;
-		}
-		/* Some sanity checks. If anything even hinted at going wrong,
-		 * we can't be sure we have a valid result, so we assume we
-		 * don't.
-		 */
-		if (!WIFEXITED(status)) {
-			free(result);
-			return NULL;
-		}
-		if (WEXITSTATUS(status) != 0) {
-			free(result);
-			return NULL;
-		}
-		if (!found) {
-			free(result);
-			return NULL;
-		}
-		return result;
-	} else {
 		char uid_buf[32];
 		char *arguments[] = {
 			"getent",
@@ -569,31 +479,108 @@ static char *lxc_attach_getpwshell(uid_t uid)
 		close(pipes[0]);
 		/* We want to capture stdout. */
-		dup2(pipes[1], 1);
+		ret = dup2(pipes[1], STDOUT_FILENO);
 		close(pipes[1]);
+		if (ret < 0)
+			exit(EXIT_FAILURE);
 		/* Get rid of stdin/stderr, so we try to associate it with
 		 * /dev/null.
 		 */
-		fd = open("/dev/null", O_RDWR);
+		fd = open_devnull();
 		if (fd < 0) {
-			close(0);
+			close(STDIN_FILENO);
-			close(2);
+			close(STDERR_FILENO);
 		} else {
-			dup2(fd, 0);
+			(void)dup3(fd, STDIN_FILENO, O_CLOEXEC);
-			dup2(fd, 2);
+			(void)dup3(fd, STDOUT_FILENO, O_CLOEXEC);
 			close(fd);
 		}
 		/* Finish argument list. */
-		ret = snprintf(uid_buf, sizeof(uid_buf), "%ld", (long) uid);
+		ret = snprintf(uid_buf, sizeof(uid_buf), "%ld", (long)uid);
-		if (ret <= 0)
+		if (ret <= 0 || ret >= sizeof(uid_buf))
-			exit(-1);
+			exit(EXIT_FAILURE);
 		/* Try to run getent program. */
-		(void) execvp("getent", arguments);
+		(void)execvp("getent", arguments);
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
+	close(pipes[1]);
+	pipe_f = fdopen(pipes[0], "r");
+	while (getline(&line, &line_bufsz, pipe_f) != -1) {
+		int i;
+		long value;
+		char *token;
+		char *endptr = NULL, *saveptr = NULL;
+		/* If we already found something, just continue to read
+		* until the pipe doesn't deliver any more data, but
+		* don't modify the existing data structure.
+		 */
+		if (found)
+			continue;
+		/* Trim line on the right hand side. */
+		for (i = strlen(line); i > 0 && (line[i - 1] == '\n' || line[i - 1] == '\r'); --i)
+			line[i - 1] = '\0';
+		/* Split into tokens: first: user name. */
+		token = strtok_r(line, ":", &saveptr);
+		if (!token)
+			continue;
+		/* next: dummy password field */
+		token = strtok_r(NULL, ":", &saveptr);
+		if (!token)
+			continue;
+		/* next: user id */
+		token = strtok_r(NULL, ":", &saveptr);
+		value = token ? strtol(token, &endptr, 10) : 0;
+		if (!token || !endptr || *endptr || value == LONG_MIN ||
+				value == LONG_MAX)
+			continue;
+		/* dummy sanity check: user id matches */
+		if ((uid_t)value != uid)
+			continue;
+		/* skip fields: gid, gecos, dir, go to next field 'shell' */
+		for (i = 0; i < 4; i++) {
+			token = strtok_r(NULL, ":", &saveptr);
+			if (!token)
+				continue;
+		}
+		if (!token)
+			continue;
+		free(result);
+		result = strdup(token);
+		/* Sanity check that there are no fields after that. */
+		token = strtok_r(NULL, ":", &saveptr);
+		if (token)
+			continue;
+		found = true;
+	}
+	free(line);
+	fclose(pipe_f);
+	ret = wait_for_pid(pid);
+	if (ret < 0) {
+		free(result);
+		return NULL;
+	}
+	if (!found) {
+		free(result);
+		return NULL;
+	}
+	return result;
 }
 static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
@@ -656,9 +643,10 @@ static void lxc_attach_get_init_uidgid(uid_t *init_uid, gid_t *init_gid)
 /* Define default options if no options are supplied by the user. */
 static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
-static bool fetch_seccomp(struct lxc_container *c,
+static bool fetch_seccomp(struct lxc_container *c, lxc_attach_options_t *options)
-			  lxc_attach_options_t *options)
 {
+	int ret;
+	bool bret;
 	char *path;
 	if (!(options->namespaces & CLONE_NEWNS) ||
@@ -669,62 +657,61 @@ static bool fetch_seccomp(struct lxc_container *c,
 	}
 	/* Remove current setting. */
-	if (!c->set_config_item(c, "lxc.seccomp", "") &&
+	if (!c->set_config_item(c, "lxc.seccomp.profile", "") &&
-	    !c->set_config_item(c, "lxc.seccomp.profile", "")) {
+	    !c->set_config_item(c, "lxc.seccomp", "")) {
 		return false;
 	}
 	/* Fetch the current profile path over the cmd interface. */
 	path = c->get_running_config_item(c, "lxc.seccomp.profile");
 	if (!path) {
-		INFO("Failed to get running config item for lxc.seccomp.profile");
+		INFO("Failed to retrieve lxc.seccomp.profile");
 		path = c->get_running_config_item(c, "lxc.seccomp");
-	}
+		if (!path) {
-	if (!path) {
+			INFO("Failed to retrieve lxc.seccomp");
-		INFO("Failed to get running config item for lxc.seccomp");
+			return true;
-		return true;
+		}
 	}
 	/* Copy the value into the new lxc_conf. */
-	if (!c->set_config_item(c, "lxc.seccomp.profile", path)) {
+	bret = c->set_config_item(c, "lxc.seccomp.profile", path);
-		free(path);
-		return false;
-	}
 	free(path);
+	if (!bret)
+		return false;
 	/* Attempt to parse the resulting config. */
-	if (lxc_read_seccomp_config(c->lxc_conf) < 0) {
+	ret = lxc_read_seccomp_config(c->lxc_conf);
-		ERROR("Error reading seccomp policy.");
+	if (ret < 0) {
+		ERROR("Failed to retrieve seccomp policy");
 		return false;
 	}
-	INFO("Retrieved seccomp policy.");
+	INFO("Retrieved seccomp policy");
 	return true;
 }
 static bool no_new_privs(struct lxc_container *c, lxc_attach_options_t *options)
 {
+	bool bret;
 	char *val;
 	/* Remove current setting. */
-	if (!c->set_config_item(c, "lxc.no_new_privs", ""))
+	if (!c->set_config_item(c, "lxc.no_new_privs", "")) {
+		INFO("Failed to unset lxc.no_new_privs");
 		return false;
+	}
 	/* Retrieve currently active setting. */
 	val = c->get_running_config_item(c, "lxc.no_new_privs");
 	if (!val) {
-		INFO("Failed to get running config item for lxc.no_new_privs.");
+		INFO("Failed to retrieve lxc.no_new_privs");
 		return false;
 	}
 	/* Set currently active setting. */
-	if (!c->set_config_item(c, "lxc.no_new_privs", val)) {
+	bret = c->set_config_item(c, "lxc.no_new_privs", val);
-		free(val);
-		return false;
-	}
 	free(val);
+	return bret;
-	return true;
 }
 static signed long get_personality(const char *name, const char *lxcpath)
@@ -943,16 +930,7 @@ static int attach_child_main(struct attach_clone_payload *payload)
 	 * here, ignore errors.
 	 */
 	for (fd = STDIN_FILENO; fd <= STDERR_FILENO; fd++) {
-		int flags;
+		ret = fd_cloexec(fd, false);
-		flags = fcntl(fd, F_GETFL);
-		if (flags < 0)
-			continue;
-		if ((flags & FD_CLOEXEC) == 0)
-			continue;
-		ret = fcntl(fd, F_SETFL, flags & ~FD_CLOEXEC);
 		if (ret < 0) {
 			SYSERROR("Failed to clear FD_CLOEXEC from file descriptor %d", fd);
 			goto on_error;
@@ -1086,7 +1064,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 	init_pid = lxc_cmd_get_init_pid(name, lxcpath);
 	if (init_pid < 0) {
-		ERROR("Failed to get init pid.");
+		ERROR("Failed to get init pid");
 		return -1;
 	}
@@ -1120,10 +1098,10 @@ int lxc_attach(const char *name, const char *lxcpath,
 	conf = init_ctx->container->lxc_conf;
 	if (!fetch_seccomp(init_ctx->container, options))
-		WARN("Failed to get seccomp policy.");
+		WARN("Failed to get seccomp policy");
 	if (!no_new_privs(init_ctx->container, options))
-		WARN("Could not determine whether PR_SET_NO_NEW_PRIVS is set.");
+		WARN("Could not determine whether PR_SET_NO_NEW_PRIVS is set");
 	cwd = getcwd(NULL, 0);
@@ -1239,7 +1217,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 	 */
 	ret = socketpair(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, ipc_sockets);
 	if (ret < 0) {
-		SYSERROR("Could not set up required IPC mechanism for attaching.");
+		SYSERROR("Could not set up required IPC mechanism for attaching");
 		free(cwd);
 		lxc_proc_put_context_info(init_ctx);
 		return -1;
@@ -1254,7 +1232,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 	 */
 	pid = fork();
 	if (pid < 0) {
-		SYSERROR("Failed to create first subprocess.");
+		SYSERROR("Failed to create first subprocess");
 		free(cwd);
 		lxc_proc_put_context_info(init_ctx);
 		return -1;