seccomp: make seccomp notifier fd non-blocking

Suggested-by: Jann Horn <jann@thejh.net> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: make seccomp notifier fd non-blocking
a60c98aa · Christian Brauner · 7fde74f3 · a60c98aa · a60c98aa · a60c98aa
Unverified Commit a60c98aa authored Nov 02, 2020 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 0 deletions

file_utils.c src/lxc/file_utils.c +12 -0

file_utils.h src/lxc/file_utils.h +1 -0

seccomp.c src/lxc/seccomp.c +3 -0

No files found.
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -577,3 +577,15 @@ int open_beneath(int dir_fd, const char *path, unsigned int flags)
 	return openat(dir_fd, path, O_NOFOLLOW | flags);
 }
+int fd_make_nonblocking(int fd)
+{
+	int flags;
+	flags = fcntl(fd, F_GETFL);
+	if (flags < 0)
+		return -1;
+	flags &= ~O_NONBLOCK;
+	return fcntl(fd, F_SETFL, flags);
+}
--- a/src/lxc/file_utils.h
+++ b/src/lxc/file_utils.h
@@ -76,5 +76,6 @@ __hidden extern int timens_offset_write(clockid_t clk_id, int64_t s_offset, int6
 __hidden extern bool exists_dir_at(int dir_fd, const char *path);
 __hidden extern bool exists_file_at(int dir_fd, const char *path);
 __hidden extern int open_beneath(int dir_fd, const char *path, unsigned int flags);
+__hidden int fd_make_nonblocking(int fd);
 #endif /* __LXC_FILE_UTILS_H */
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1280,6 +1280,9 @@ int lxc_seccomp_load(struct lxc_conf *conf)
 			return -1;
 		}
+		if (fd_make_nonblocking(ret))
+			return log_error_errno(-1, errno, "Failed to make seccomp listener fd non-blocking");;
 		conf->seccomp.notifier.notify_fd = ret;
 		TRACE("Retrieved new seccomp listener fd %d", ret);
 	}