Merge pull request #3608 from brauner/2020-12-27/no_rootfs

bugfixes

Merge pull request #3608 from brauner/2020-12-27/no_rootfs
bfcd663f · Stéphane Graber · GitHub · 708e0653 · 31b84c7a · bfcd663f
Unverified Commit bfcd663f authored Dec 28, 2020 by Stéphane Graber Committed by GitHub Dec 28, 2020
7 changed files
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1027,7 +1027,7 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
 	}
 #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
-	ret = bpf_program_cgroup_detach(handler->conf->cgroup2_devices);
+	ret = bpf_program_cgroup_detach(handler->cgroup_ops->cgroup2_devices);
 	if (ret < 0)
 		WARN("Failed to detach bpf program from cgroup");
 #endif
@@ -3028,8 +3028,8 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct 
 		return log_error_errno(false, ENOMEM, "Failed to attach bpf program");
 	/* Replace old bpf program. */
-	devices_old = move_ptr(conf->cgroup2_devices);
+	devices_old = move_ptr(ops->cgroup2_devices);
-	conf->cgroup2_devices = move_ptr(devices);
+	ops->cgroup2_devices = move_ptr(devices);
 	devices = move_ptr(devices_old);
 #endif
 	return true;

--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -439,17 +439,18 @@ int bpf_program_cgroup_detach(struct bpf_program *prog)
 					       prog->attached_path);
 	}
-	free(prog->attached_path);
+        TRACE("Detached bpf program from cgroup %s", prog->attached_path);
-	prog->attached_path = NULL;
+        free_disarm(prog->attached_path);
-	return 0;
+        return 0;
 }
-void lxc_clear_cgroup2_devices(struct lxc_conf *conf)
+void bpf_device_program_free(struct cgroup_ops *ops)
 {
-	if (conf->cgroup2_devices) {
+	if (ops->cgroup2_devices) {
-		(void)bpf_program_cgroup_detach(conf->cgroup2_devices);
+		(void)bpf_program_cgroup_detach(ops->cgroup2_devices);
-		(void)bpf_program_free(conf->cgroup2_devices);
+		(void)bpf_program_free(ops->cgroup2_devices);
+		ops->cgroup2_devices = NULL;
 	}
 }

--- a/src/lxc/cgroups/cgroup2_devices.h
+++ b/src/lxc/cgroups/cgroup2_devices.h
@@ -15,6 +15,7 @@
 #include <sys/types.h>
 #include <unistd.h>
+#include "cgroup.h"
 #include "compiler.h"
 #include "conf.h"
 #include "config.h"
@@ -61,7 +62,7 @@ __hidden extern int bpf_program_cgroup_attach(struct bpf_program *prog, int type
 					      uint32_t flags);
 __hidden extern int bpf_program_cgroup_detach(struct bpf_program *prog);
 __hidden extern void bpf_program_free(struct bpf_program *prog);
-__hidden extern void lxc_clear_cgroup2_devices(struct lxc_conf *conf);
+__hidden extern void bpf_device_program_free(struct cgroup_ops *ops);
 __hidden extern bool bpf_devices_cgroup_supported(void);
 static inline void __auto_bpf_program_free__(struct bpf_program **prog)
@@ -119,7 +120,7 @@ static inline void bpf_program_free(struct bpf_program *prog)
 {
 }
-static inline void lxc_clear_cgroup2_devices(struct lxc_conf *conf)
+static inline void bpf_device_program_free(struct cgroup_ops *ops)
 {
 }

--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -1198,7 +1198,8 @@ static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *re
 	__do_bpf_program_free struct bpf_program *devices = NULL;
 	struct lxc_cmd_rsp rsp = {0};
 	struct lxc_conf *conf = handler->conf;
-	struct hierarchy *unified = handler->cgroup_ops->unified;
+	struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
+	struct hierarchy *unified = cgroup_ops->unified;
 	int ret;
 	struct lxc_list *it;
 	struct device_item *device;
@@ -1249,8 +1250,8 @@ static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *re
 		goto respond;
 	/* Replace old bpf program. */
-	devices_old = move_ptr(conf->cgroup2_devices);
+	devices_old = move_ptr(cgroup_ops->cgroup2_devices);
-	conf->cgroup2_devices = move_ptr(devices);
+	cgroup_ops->cgroup2_devices = move_ptr(devices);
 	devices = move_ptr(devices_old);
 	rsp.ret = 0;

--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -36,7 +36,6 @@
 #include "af_unix.h"
 #include "caps.h"
 #include "cgroup.h"
-#include "cgroup2_devices.h"
 #include "conf.h"
 #include "config.h"
 #include "confile.h"
@@ -3842,7 +3841,6 @@ void lxc_conf_free(struct lxc_conf *conf)
 	lxc_clear_cgroups(conf, "lxc.cgroup", CGROUP_SUPER_MAGIC);
 	lxc_clear_cgroups(conf, "lxc.cgroup2", CGROUP2_SUPER_MAGIC);
 	lxc_clear_devices(conf);
-	lxc_clear_cgroup2_devices(conf);
 	lxc_clear_hooks(conf, "lxc.hook");
 	lxc_clear_mount_entries(conf);
 	lxc_clear_idmaps(conf);

--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -299,7 +299,6 @@ struct lxc_conf {
 	struct {
 		struct lxc_list cgroup;
 		struct lxc_list cgroup2;
-		struct bpf_program *cgroup2_devices;
 		/* This should be reimplemented as a hashmap. */
 		struct lxc_list devices;
 	};

--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1082,7 +1082,7 @@ int __safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, co
 	__do_close int source_fd = -EBADF, target_fd = -EBADF;
 	struct lxc_open_how how = {
 		.flags		= O_RDONLY | O_CLOEXEC | O_PATH,
-		.resolve	= RESOLVE_NO_XDEV | RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS | RESOLVE_BENEATH,
+		.resolve	= RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS | RESOLVE_BENEATH,
 	};
 	int ret;
 	char src_buf[LXC_PROC_PID_FD_LEN], tgt_buf[LXC_PROC_PID_FD_LEN];