Merge pull request #2150 from brauner/2018-02-10/cgfsng_fix_unpriv_devices

conf: fix clearing cgroup settings

Merge pull request #2150 from brauner/2018-02-10/cgfsng_fix_unpriv_devices
a3533a49 · Stéphane Graber · GitHub · de0cd200 · ab1a6cac · a3533a49
Unverified Commit a3533a49 authored Feb 10, 2018 by Stéphane Graber Committed by GitHub Feb 10, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 8 deletions

cgfsng.c src/lxc/cgroups/cgfsng.c +6 -4

conf.c src/lxc/conf.c +7 -4

No files found.
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2537,15 +2537,18 @@ static int cg_legacy_set_data(const char *filename, const char *value,
 			      struct cgfsng_handler_data *d)
 {
 	char *fullpath, *p;
+	size_t len;
 	/* "b|c <2^64-1>:<2^64-1> r|w|m" = 47 chars max */
 	char converted_value[50];
 	struct hierarchy *h;
 	int ret = 0;
 	char *controller = NULL;

-	controller = alloca(strlen(filename) + 1);
+	len = strlen(filename);
+	controller = alloca(len + 1);
 	strcpy(controller, filename);
-	if ((p = strchr(controller, '.')) != NULL)
+	p = strchr(controller, '.');
+	if (p)
 		*p = '\0';

 	if (strcmp("devices.allow", filename) == 0 && value[0] == '/') {
@@ -2553,7 +2556,6 @@ static int cg_legacy_set_data(const char *filename, const char *value,
 		if (ret < 0)
 			return ret;
 		value = converted_value;
-
 	}

 	h = get_hierarchy(controller);
@@ -2563,7 +2565,7 @@ static int cg_legacy_set_data(const char *filename, const char *value,
 		      "driver or not enabled on the cgroup hierarchy",
 		      controller);
 		errno = ENOENT;
-		return -1;
+		return -ENOENT;
 	}

 	fullpath = must_make_path(h->fullcgpath, filename, NULL);

--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3450,28 +3450,31 @@ int lxc_clear_config_keepcaps(struct lxc_conf *c)
 int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
 {
 	char *global_token, *namespaced_token;
+	size_t namespaced_token_len;
 	struct lxc_list *it, *next, *list;
-	const char *k = NULL;
+	const char *k = key;
 	bool all = false;

 	if (version == CGROUP2_SUPER_MAGIC) {
 		global_token = "lxc.cgroup2";
 		namespaced_token = "lxc.cgroup2.";
+		namespaced_token_len = sizeof("lxc.cgroup2.") - 1;;
 		list = &c->cgroup2;
 	} else if (version == CGROUP_SUPER_MAGIC) {
 		global_token = "lxc.cgroup";
 		namespaced_token = "lxc.cgroup.";
+		namespaced_token_len = sizeof("lxc.cgroup.") - 1;;
 		list = &c->cgroup;
 	} else {
-		return -1;
+		return -EINVAL;
 	}

 	if (strcmp(key, global_token) == 0)
 		all = true;
 	else if (strncmp(key, namespaced_token, sizeof(namespaced_token) - 1) == 0)
-		k = key + sizeof(namespaced_token) - 1;
+		k += namespaced_token_len;
 	else
-		return -1;
+		return -EINVAL;

 	lxc_list_for_each_safe(it, list, next) {
 		struct lxc_cgroup *cg = it->elem;