Merge pull request #2906 from brauner/2019-03-12/namespace_switching

utils: improve switch_to_ns()

Merge pull request #2906 from brauner/2019-03-12/namespace_switching
af1893bf · Stéphane Graber · GitHub · c6494c4b · b280bc38 · af1893bf
Unverified Commit af1893bf authored May 09, 2019 by Stéphane Graber Committed by GitHub May 09, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 8 deletions

macro.h src/lxc/macro.h +1 -0

utils.c src/lxc/utils.c +10 -8

No files found.
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -149,6 +149,7 @@
 #define LXC_LINELEN 4096
 #define LXC_IDMAPLEN 4096
 #define LXC_MAX_BUFFER 4096
+#define LXC_NAMESPACE_NAME_MAX 256
 /* /proc/       =    6
 *                +

--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -693,15 +693,18 @@ int detect_shared_rootfs(void)
 bool switch_to_ns(pid_t pid, const char *ns)
 {
-	int fd, ret;
+	__do_close_prot_errno int fd = -EBADF;
-	char nspath[PATH_MAX];
+	int ret;
+	char nspath[STRLITERALLEN("/proc//ns/")
+		    + INTTYPE_TO_STRLEN(pid_t)
+		    + LXC_NAMESPACE_NAME_MAX];
 	/* Switch to new ns */
-	ret = snprintf(nspath, PATH_MAX, "/proc/%d/ns/%s", pid, ns);
+	ret = snprintf(nspath, sizeof(nspath), "/proc/%d/ns/%s", pid, ns);
-	if (ret < 0 || ret >= PATH_MAX)
+	if (ret < 0 || ret >= sizeof(nspath))
 		return false;
-	fd = open(nspath, O_RDONLY);
+	fd = open(nspath, O_RDONLY | O_CLOEXEC);
 	if (fd < 0) {
 		SYSERROR("Failed to open \"%s\"", nspath);
 		return false;
@@ -709,12 +712,11 @@ bool switch_to_ns(pid_t pid, const char *ns)
 	ret = setns(fd, 0);
 	if (ret) {
-		SYSERROR("Failed to set process %d to \"%s\" of %d.", pid, ns, fd);
+		SYSERROR("Failed to set process %d to \"%s\" of %d.", pid, ns,
-		close(fd);
+			 fd);
 		return false;
 	}
-	close(fd);
 	return true;
 }