Merge pull request #2297 from brauner/2018-04-29/bugfixes

src/lxc/cgroups/cgfsng.c

@@ -622,7 +622,7 @@ copy_parent:
 	*lastslash = oldv;
 	free(fpath);
 	fpath = must_make_path(path, "cpuset.cpus", NULL);
-	ret = lxc_write_to_file(fpath, cpulist, strlen(cpulist), false);
+	ret = lxc_write_to_file(fpath, cpulist, strlen(cpulist), false, 0666);
 	if (ret < 0) {
 		SYSERROR("Failed to write cpu list to \"%s\"", fpath);
 		goto on_error;
@@ -673,7 +673,7 @@ static bool copy_parent_file(char *path, char *file)
 
 	*lastslash = oldv;
 	fpath = must_make_path(path, file, NULL);
-	ret = lxc_write_to_file(fpath, value, len, false);
+	ret = lxc_write_to_file(fpath, value, len, false, 0666);
 	if (ret < 0)
 		SYSERROR("Failed to write \"%s\" to file \"%s\"", value, fpath);
 	free(fpath);
@@ -762,7 +762,7 @@ static bool cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h, char *cgname)
 	}
 	free(cgpath);
 
-	ret = lxc_write_to_file(clonechildrenpath, "1", 1, false);
+	ret = lxc_write_to_file(clonechildrenpath, "1", 1, false, 0666);
 	if (ret < 0) {
 		/* Set clone_children so children inherit our settings */
 		SYSERROR("Failed to write 1 to \"%s\"", clonechildrenpath);
@@ -1712,7 +1712,7 @@ static bool cg_unified_create_cgroup(struct hierarchy *h, char *cgname)
 
 		cgroup = must_append_path(cgroup, parts[i], NULL);
 		target = must_make_path(cgroup, "cgroup.subtree_control", NULL);
-		ret = lxc_write_to_file(target, add_controllers, full_len, false);
+		ret = lxc_write_to_file(target, add_controllers, full_len, false, 0666);
 		free(target);
 		if (ret < 0) {
 			SYSERROR("Could not enable \"%s\" controllers in the "
@@ -1858,7 +1858,7 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
 
 		fullpath = must_make_path(hierarchies[i]->fullcgpath,
 					  "cgroup.procs", NULL);
-		ret = lxc_write_to_file(fullpath, pidstr, len, false);
+		ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666);
 		if (ret != 0) {
 			SYSERROR("Failed to enter cgroup \"%s\"", fullpath);
 			free(fullpath);
@@ -2027,7 +2027,8 @@ static int cg_legacy_mount_controllers(int type, struct hierarchy *h,
 							   controllerpath,
 							   flags | MS_REMOUNT);
 		ret = mount(controllerpath, controllerpath, "cgroup",
-			    MS_REMOUNT | MS_BIND | MS_RDONLY, NULL);
+			    remount_flags | MS_REMOUNT | MS_BIND | MS_RDONLY,
+			    NULL);
 		if (ret < 0) {
 			SYSERROR("Failed to remount \"%s\" ro", controllerpath);
 			return -1;
@@ -2305,7 +2306,7 @@ static bool cgfsng_escape()
 		fullpath = must_make_path(hierarchies[i]->mountpoint,
 					  hierarchies[i]->base_cgroup,
 					  "cgroup.procs", NULL);
-		ret = lxc_write_to_file(fullpath, "0", 2, false);
+		ret = lxc_write_to_file(fullpath, "0", 2, false, 0666);
 		if (ret != 0) {
 			SYSERROR("Failed to escape to cgroup \"%s\"", fullpath);
 			free(fullpath);
@@ -2358,7 +2359,7 @@ static bool cgfsng_unfreeze(void *hdata)
 		return false;
 
 	fullpath = must_make_path(h->fullcgpath, "freezer.state", NULL);
-	ret = lxc_write_to_file(fullpath, THAWED, THAWED_LEN, false);
+	ret = lxc_write_to_file(fullpath, THAWED, THAWED_LEN, false, 0666);
 	free(fullpath);
 	if (ret < 0)
 		return false;
@@ -2416,7 +2417,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
 	base_path = must_make_path(h->mountpoint, container_cgroup, NULL);
 	full_path = must_make_path(base_path, "cgroup.procs", NULL);
 	/* cgroup is populated */
-	ret = lxc_write_to_file(full_path, pidstr, pidstr_len, false);
+	ret = lxc_write_to_file(full_path, pidstr, pidstr_len, false, 0666);
 	if (ret < 0 && errno != EBUSY)
 		goto on_error;
 
@@ -2442,7 +2443,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
 			goto on_error;
 
 		strcat(full_path, "/cgroup.procs");
-		ret = lxc_write_to_file(full_path, pidstr, len, false);
+		ret = lxc_write_to_file(full_path, pidstr, len, false, 0666);
 		if (ret == 0)
 			goto on_success;
 
@@ -2494,7 +2495,7 @@ static bool cgfsng_attach(const char *name, const char *lxcpath, pid_t pid)
 
 		fullpath = build_full_cgpath_from_monitorpath(h, path, "cgroup.procs");
 		free(path);
-		ret = lxc_write_to_file(fullpath, pidstr, len, false);
+		ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666);
 		if (ret < 0) {
 			SYSERROR("Failed to attach %d to %s", (int)pid, fullpath);
 			free(fullpath);
@@ -2572,7 +2573,7 @@ static int cgfsng_set(const char *filename, const char *value, const char *name,
 		char *fullpath;
 
 		fullpath = build_full_cgpath_from_monitorpath(h, path, filename);
-		ret = lxc_write_to_file(fullpath, value, strlen(value), false);
+		ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
 		free(fullpath);
 	}
 	free(path);
@@ -2697,7 +2698,7 @@ static int cg_legacy_set_data(const char *filename, const char *value,
 	}
 
 	fullpath = must_make_path(h->fullcgpath, filename, NULL);
-	ret = lxc_write_to_file(fullpath, value, strlen(value), false);
+	ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
 	free(fullpath);
 	return ret;
 }
@@ -2766,7 +2767,7 @@ static bool __cg_unified_setup_limits(void *hdata,
 		struct lxc_cgroup *cg = iterator->elem;
 
 		fullpath = must_make_path(h->fullcgpath, cg->subsystem, NULL);
-		ret = lxc_write_to_file(fullpath, cg->value, strlen(cg->value), false);
+		ret = lxc_write_to_file(fullpath, cg->value, strlen(cg->value), false, 0666);
 		free(fullpath);
 		if (ret < 0) {
 			SYSERROR("Failed to set \"%s\" to \"%s\"",

src/lxc/conf.c

@@ -562,10 +562,6 @@ int pin_rootfs(const char *rootfs)
 	if (!realpath(rootfs, absrootfs))
 		return -2;
 
-	ret = access(absrootfs, F_OK);
-	if (ret != 0)
-		return -1;
-
 	ret = stat(absrootfs, &s);
 	if (ret < 0)
 		return -1;
@@ -581,12 +577,12 @@ int pin_rootfs(const char *rootfs)
 	if (fd < 0)
 		return fd;
 
-	if (fstatfs (fd, &sfs)) {
-		return -1;
-	}
+	ret = fstatfs (fd, &sfs);
+	if (ret < 0)
+		return fd;
 
 	if (sfs.f_type == NFS_SUPER_MAGIC) {
-		DEBUG("rootfs on NFS, not unlinking pin file \"%s\".", absrootfspin);
+		DEBUG("Rootfs on NFS, not unlinking pin file \"%s\"", absrootfspin);
 		return fd;
 	}
 
@@ -2564,7 +2560,7 @@ int setup_sysctl_parameters(struct lxc_list *sysctls)
 		}
 
 		ret = lxc_write_to_file(filename, elem->value,
-					strlen(elem->value), false);
+					strlen(elem->value), false, 0666);
 		if (ret < 0) {
 			ERROR("Failed to setup sysctl parameters %s to %s",
 			      elem->key, elem->value);
@@ -2599,7 +2595,7 @@ int setup_proc_filesystem(struct lxc_list *procs, pid_t pid)
 		}
 
 		ret = lxc_write_to_file(filename, elem->value,
-					strlen(elem->value), false);
+					strlen(elem->value), false, 0666);
 		if (ret < 0) {
 			ERROR("Failed to setup proc filesystem %s to %s",
 			      elem->filename, elem->value);

src/lxc/lxccontainer.c

@@ -19,6 +19,7 @@
  */
 
 #define _GNU_SOURCE
+#include <arpa/inet.h>
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -29,22 +30,22 @@
 #include <stdarg.h>
 #include <stdint.h>
 #include <stdio.h>
-#include <unistd.h>
-#include <arpa/inet.h>
-#include <sys/sysmacros.h>
+#include <sys/file.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
 #include <sys/syscall.h>
+#include <sys/sysmacros.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <unistd.h>
 
 #include "af_unix.h"
 #include "attach.h"
 #include "cgroup.h"
-#include "conf.h"
-#include "config.h"
 #include "commands.h"
 #include "commands_utils.h"
+#include "conf.h"
+#include "config.h"
 #include "confile.h"
 #include "confile_utils.h"
 #include "criu.h"
@@ -61,9 +62,9 @@
 #include "start.h"
 #include "state.h"
 #include "storage.h"
-#include "storage_utils.h"
 #include "storage/btrfs.h"
 #include "storage/overlay.h"
+#include "storage_utils.h"
 #include "sync.h"
 #include "terminal.h"
 #include "utils.h"
@@ -140,7 +141,7 @@ static int ongoing_create(struct lxc_container *c)
 	int fd, ret;
 	size_t len;
 	char *path;
-	struct flock lk;
+	struct flock lk = {0};
 
 	len = strlen(c->config_path) + strlen(c->name) + 10;
 	path = alloca(len);
@@ -157,11 +158,11 @@ static int ongoing_create(struct lxc_container *c)
 
 	lk.l_type = F_WRLCK;
 	lk.l_whence = SEEK_SET;
-	lk.l_start = 0;
-	lk.l_len = 0;
 	lk.l_pid = -1;
 
-	ret = fcntl(fd, F_GETLK, &lk);
+	ret = fcntl(fd, F_OFD_GETLK, &lk);
+	if (ret < 0 && errno == EINVAL)
+		ret = flock(fd, LOCK_EX | LOCK_NB);
 	close(fd);
 	if (ret == 0 && lk.l_pid != -1) {
 		/* create is still ongoing */
@@ -177,7 +178,7 @@ static int create_partial(struct lxc_container *c)
 	int fd, ret;
 	size_t len;
 	char *path;
-	struct flock lk;
+	struct flock lk = {0};
 
 	/* $lxcpath + '/' + $name + '/partial' + \0 */
 	len = strlen(c->config_path) + strlen(c->name) + 10;
@@ -192,11 +193,15 @@ static int create_partial(struct lxc_container *c)
 
 	lk.l_type = F_WRLCK;
 	lk.l_whence = SEEK_SET;
-	lk.l_start = 0;
-	lk.l_len = 0;
 
-	ret = fcntl(fd, F_SETLKW, &lk);
+	ret = fcntl(fd, F_OFD_SETLKW, &lk);
 	if (ret < 0) {
+		if (errno == EINVAL) {
+			ret = flock(fd, LOCK_EX);
+			if (ret == 0)
+				return fd;
+		}
+
 		SYSERROR("Failed to lock partial file %s", path);
 		close(fd);
 		return -1;
@@ -340,7 +345,9 @@ int lxc_container_put(struct lxc_container *c)
 	if (container_mem_lock(c))
 		return -1;
 
-	if (--c->numthreads < 1) {
+	c->numthreads--;
+
+	if (c->numthreads < 1) {
 		container_mem_unlock(c);
 		lxc_container_free(c);
 		return 1;
@@ -475,16 +482,10 @@ static bool is_stopped(struct lxc_container *c)
 
 static bool do_lxcapi_is_running(struct lxc_container *c)
 {
-	const char *s;
-
 	if (!c)
 		return false;
 
-	s = do_lxcapi_state(c);
-	if (!s || strcmp(s, "STOPPED") == 0)
-		return false;
-
-	return true;
+	return !is_stopped(c);
 }
 
 WRAP_API(bool, lxcapi_is_running)
@@ -497,7 +498,7 @@ static bool do_lxcapi_freeze(struct lxc_container *c)
 		return false;
 
 	ret = lxc_freeze(c->name, c->config_path);
-	if (ret)
+	if (ret < 0)
 		return false;
 
 	return true;
@@ -513,7 +514,7 @@ static bool do_lxcapi_unfreeze(struct lxc_container *c)
 		return false;
 
 	ret = lxc_unfreeze(c->name, c->config_path);
-	if (ret)
+	if (ret < 0)
 		return false;
 
 	return true;
@@ -643,6 +644,7 @@ static bool do_lxcapi_want_daemonize(struct lxc_container *c, bool state)
 		return false;
 
 	c->daemonize = state;
+
 	container_mem_unlock(c);
 
 	return true;
@@ -659,6 +661,7 @@ static bool do_lxcapi_want_close_all_fds(struct lxc_container *c, bool state)
 		return false;
 
 	c->lxc_conf->close_all_fds = state;
+
 	container_mem_unlock(c);
 
 	return true;
@@ -682,8 +685,8 @@ WRAP_API_2(bool, lxcapi_wait, const char *, int)
 
 static bool am_single_threaded(void)
 {
-	struct dirent *direntp;
 	DIR *dir;
+	struct dirent *direntp;
 	int count = 0;
 
 	dir = opendir("/proc/self/task");
@@ -691,13 +694,14 @@ static bool am_single_threaded(void)
 		return false;
 
 	while ((direntp = readdir(dir))) {
-		if (!strcmp(direntp->d_name, "."))
+		if (strcmp(direntp->d_name, ".") == 0)
 			continue;
 
-		if (!strcmp(direntp->d_name, ".."))
+		if (strcmp(direntp->d_name, "..") == 0)
 			continue;
 
-		if (++count > 1)
+		count++;
+		if (count > 1)
 			break;
 	}
 	closedir(dir);
@@ -710,9 +714,7 @@ static void push_arg(char ***argp, char *arg, int *nargs)
 	char *copy;
 	char **argv;
 
-	do {
-		copy = strdup(arg);
-	} while (!copy);
+	copy = must_copy_string(arg);
 
 	do {
 		argv = realloc(*argp, (*nargs + 2) * sizeof(char *));
@@ -834,8 +836,6 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 	int ret;
 	struct lxc_handler *handler;
 	struct lxc_conf *conf;
-	bool daemonize = false;
-	FILE *pid_fp = NULL;
 	char *default_args[] = {
 		"/sbin/init",
 		NULL,
@@ -870,11 +870,12 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 
 	if (container_mem_lock(c))
 		return false;
+
 	conf = c->lxc_conf;
-	daemonize = c->daemonize;
 
 	/* initialize handler */
-	handler = lxc_init_handler(c->name, conf, c->config_path, daemonize);
+	handler = lxc_init_handler(c->name, conf, c->config_path, c->daemonize);
+
 	container_mem_unlock(c);
 	if (!handler)
 		return false;
@@ -900,7 +901,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 	 * here to protect the on disk container?  We don't want to exclude
 	 * things like lxc_info while the container is running.
 	 */
-	if (daemonize) {
+	if (c->daemonize) {
 		bool started;
 		char title[2048];
 		pid_t pid;
@@ -935,9 +936,9 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 		 * characters. All that it means is that the proctitle will be
 		 * ugly. Similarly, we also don't care if setproctitle() fails.
 		 * */
-		snprintf(title, sizeof(title), "[lxc monitor] %s %s", c->config_path, c->name);
+		(void)snprintf(title, sizeof(title), "[lxc monitor] %s %s", c->config_path, c->name);
 		INFO("Attempting to set proc title to %s", title);
-		setproctitle(title);
+		(void)setproctitle(title);
 
 		/* We fork() a second time to be reparented to init. Like
 		 * POSIX's daemon() function we change to "/" and redirect
@@ -997,30 +998,34 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 	 * write the right PID.
 	 */
 	if (c->pidfile) {
-		pid_fp = fopen(c->pidfile, "w");
-		if (pid_fp == NULL) {
-			SYSERROR("Failed to create pidfile '%s' for '%s'",
-				 c->pidfile, c->name);
+		int ret, w;
+		char pidstr[LXC_NUMSTRLEN64];
+
+		w = snprintf(pidstr, LXC_NUMSTRLEN64, "%d", (int)lxc_raw_getpid());
+		if (w < 0 || (size_t)w >= LXC_NUMSTRLEN64) {
 			free_init_cmd(init_cmd);
 			lxc_free_handler(handler);
-			if (daemonize)
+
+			SYSERROR("Failed to write monitor pid to \"%s\"", c->pidfile);
+
+			if (c->daemonize)
 				_exit(EXIT_FAILURE);
+
 			return false;
 		}
 
-		if (fprintf(pid_fp, "%d\n", lxc_raw_getpid()) < 0) {
-			SYSERROR("Failed to write '%s'", c->pidfile);
-			fclose(pid_fp);
-			pid_fp = NULL;
+		ret = lxc_write_to_file(c->pidfile, pidstr, w, false, 0600);
+		if (ret < 0) {
 			free_init_cmd(init_cmd);
 			lxc_free_handler(handler);
-			if (daemonize)
+
+			SYSERROR("Failed to write '%s'", c->pidfile);
+
+			if (c->daemonize)
 				_exit(EXIT_FAILURE);
+
 			return false;
 		}
-
-		fclose(pid_fp);
-		pid_fp = NULL;
 	}
 
 	conf->reboot = 0;
@@ -1047,7 +1052,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 reboot:
 	if (conf->reboot == 2) {
 		/* initialize handler */
-		handler = lxc_init_handler(c->name, conf, c->config_path, daemonize);
+		handler = lxc_init_handler(c->name, conf, c->config_path, c->daemonize);
 		if (!handler) {
 			ret = 1;
 			goto on_error;
@@ -1057,7 +1062,7 @@ reboot:
 	keepfds[0] = handler->conf->maincmd_fd;
 	keepfds[1] = handler->state_socket_pair[0];
 	keepfds[2] = handler->state_socket_pair[1];
-	ret = lxc_check_inherited(conf, daemonize, keepfds,
+	ret = lxc_check_inherited(conf, c->daemonize, keepfds,
 				  sizeof(keepfds) / sizeof(keepfds[0]));
 	if (ret < 0) {
 		lxc_free_handler(handler);
@@ -1066,9 +1071,11 @@ reboot:
 	}
 
 	if (useinit)
-		ret = lxc_execute(c->name, argv, 1, handler, c->config_path, daemonize, &c->error_num);
+		ret = lxc_execute(c->name, argv, 1, handler, c->config_path,
+				  c->daemonize, &c->error_num);
 	else
-		ret = lxc_start(c->name, argv, handler, c->config_path, daemonize, &c->error_num);
+		ret = lxc_start(c->name, argv, handler, c->config_path,
+				c->daemonize, &c->error_num);
 
 	if (conf->reboot == 1) {
 		INFO("Container requested reboot");
@@ -1084,9 +1091,9 @@ on_error:
 	}
 	free_init_cmd(init_cmd);
 
-	if (daemonize && ret != 0)
+	if (c->daemonize && ret != 0)
 		_exit(EXIT_FAILURE);
-	else if (daemonize)
+	else if (c->daemonize)
 		_exit(EXIT_SUCCESS);
 
 	if (ret != 0)
@@ -1573,6 +1580,7 @@ static bool create_run_template(struct lxc_container *c, char *tpath,
 static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
 {
 	long flen;
+	size_t len;
 	char *contents;
 	FILE *f;
 	int ret = -1;
@@ -1586,15 +1594,30 @@ static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
 	if (f == NULL)
 		return false;
 
-	if (fseek(f, 0, SEEK_END) < 0)
+	ret = fseek(f, 0, SEEK_END);
+	if (ret < 0)
 		goto out_error;
-	if ((flen = ftell(f)) < 0)
+
+	ret = -1;
+	flen = ftell(f);
+	if (flen < 0)
 		goto out_error;
-	if (fseek(f, 0, SEEK_SET) < 0)
+
+	ret = fseek(f, 0, SEEK_SET);
+	if (ret < 0)
+		goto out_error;
+
+	ret = fseek(f, 0, SEEK_SET);
+	if (ret < 0)
 		goto out_error;
-	if ((contents = malloc(flen + 1)) == NULL)
+
+	ret = -1;
+	contents = malloc(flen + 1);
+	if (!contents)
 		goto out_error;
-	if (fread(contents, 1, flen, f) != flen)
+
+	len = fread(contents, 1, flen, f);
+	if (len != flen)
 		goto out_free_contents;
 
 	contents[flen] = '\0';
@@ -1606,25 +1629,25 @@ static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
 #if HAVE_LIBGNUTLS
 	tpath = get_template_path(t);
 	if (!tpath) {
-		ERROR("bad template: %s", t);
+		ERROR("Invalid template \"%s\" specified", t);
 		goto out_free_contents;
 	}
 
 	ret = sha1sum_file(tpath, md_value);
-	if (ret < 0) {
-		ERROR("Error getting sha1sum of %s", tpath);
 	free(tpath);
+	if (ret < 0) {
+		ERROR("Failed to get sha1sum of %s", tpath);
 		goto out_free_contents;
 	}
-	free(tpath);
 #endif
 
 	f = fopen(path, "w");
 	if (f == NULL) {
-		SYSERROR("reopening config for writing");
+		SYSERROR("Reopening config for writing");
 		free(contents);
 		return false;
 	}
+
 	fprintf(f, "# Template used to create this container: %s\n", t);
 	if (argv) {
 		fprintf(f, "# Parameters passed to the template:");
@@ -1650,9 +1673,12 @@ static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
 		fclose(f);
 		return false;
 	}
+
 	ret = 0;
+
 out_free_contents:
 	free(contents);
+
 out_error:
 	if (f) {
 		int newret;
@@ -1660,21 +1686,22 @@ out_error:
 		if (ret == 0)
 			ret = newret;
 	}
+
 	if (ret < 0) {
 		SYSERROR("Error prepending header");
 		return false;
 	}
+
 	return true;
 }
 
 static void lxcapi_clear_config(struct lxc_container *c)
 {
-	if (c) {
-		if (c->lxc_conf) {
+	if (!c || !c->lxc_conf)
+		return;
+
 	lxc_conf_free(c->lxc_conf);
 	c->lxc_conf = NULL;
-		}
-	}
 }
 
 #define do_lxcapi_clear_config(c) lxcapi_clear_config(c)

src/lxc/lxclock.c

@@ -19,13 +19,14 @@
  */
 
 #define _GNU_SOURCE
-#include <malloc.h>
-#include <stdio.h>
 #include <errno.h>
-#include <unistd.h>
 #include <fcntl.h>
-#include <stdlib.h>
+#include <malloc.h>
 #include <pthread.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/file.h>
+#include <unistd.h>
 
 #include <lxc/lxccontainer.h>
 

src/lxc/parse.c

@@ -83,8 +83,10 @@ int lxc_file_for_each_line_mmap(const char *file, lxc_file_cb callback,
 		return -1;
 	}
 
-	if (st.st_size == 0)
+	if (st.st_size == 0) {
+		close(fd);
 		return 0;
+	}
 
 	buf = lxc_strmmap(NULL, st.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
 	if (buf == MAP_FAILED) {

src/lxc/terminal.c

@@ -667,33 +667,23 @@ void lxc_terminal_free(struct lxc_conf *conf, int fd)
 static int lxc_terminal_peer_default(struct lxc_terminal *terminal)
 {
 	struct lxc_terminal_state *ts;
-	const char *path = terminal->path;
-	int fd;
+	const char *path;
 	int ret = 0;
 
-	if (!path) {
-		ret = access("/dev/tty", F_OK);
-		if (ret == 0) {
-			/* If no terminal was given, try current controlling
-			 * terminal, there won't be one if we were started as a
-			 * daemon (-d).
-			 */
-			fd = open("/dev/tty", O_RDWR);
-			if (fd >= 0) {
-				close(fd);
+	if (terminal->path)
+		path = terminal->path;
+	else
 		path = "/dev/tty";
-			}
-		}
-	}
 
-	if (!path) {
-		errno = ENOTTY;
-		DEBUG("The process does not have a controlling terminal");
+	terminal->peer = lxc_unpriv(open(path, O_RDWR | O_CLOEXEC));
+	if (terminal->peer < 0) {
+		if (!terminal->path) {
+			errno = ENODEV;
+			DEBUG("%s - The process does not have a controlling "
+			      "terminal", strerror(errno));
 			goto on_succes;
 		}
 
-	terminal->peer = lxc_unpriv(open(path, O_RDWR | O_CLOEXEC));
-	if (terminal->peer < 0) {
 		ERROR("%s - Failed to open proxy terminal \"%s\"",
 		      strerror(errno), path);
 		return -ENOTTY;

src/lxc/tools/lxc_create.c

@@ -109,7 +109,7 @@ static void create_helpfn(const struct lxc_arguments *args)
 
 	pid = fork();
 	if (pid) {
-		wait_for_pid(pid);
+		(void)wait_for_pid(pid);
 		return;
 	}
 

src/lxc/tools/lxc_monitor.c

@@ -337,7 +337,6 @@ static int lxc_monitor_open(const char *lxcpath)
 	int fd;
 	size_t retry;
 	size_t len;
-	int ret = -1;
 	int backoff_ms[] = {10, 50, 100};
 
 	if (lxc_monitor_sock_name(lxcpath, &addr) < 0)
@@ -352,9 +351,9 @@ static int lxc_monitor_open(const char *lxcpath)
 	len = strlen(&addr.sun_path[1]);
 	if (len >= sizeof(addr.sun_path) - 1) {
 		errno = ENAMETOOLONG;
-		ret = -errno;
+		close(fd);
 		fprintf(stderr, "name of monitor socket too long (%zu bytes): %s\n", len, strerror(errno));
-		goto on_error;
+		return -errno;
 	}
 
 	for (retry = 0; retry < sizeof(backoff_ms) / sizeof(backoff_ms[0]); retry++) {
@@ -366,16 +365,11 @@ static int lxc_monitor_open(const char *lxcpath)
 	}
 
 	if (fd < 0) {
-		ret = -errno;
 		fprintf(stderr, "Failed to connect to monitor socket: %s\n", strerror(errno));
-		goto on_error;
+		return -errno;
 	}
 
 	return fd;
-
-on_error:
-	close(fd);
-	return ret;
 }
 
 static int lxc_monitor_read_fdset(struct pollfd *fds, nfds_t nfds,

src/lxc/tools/tool_utils.c

@@ -1093,9 +1093,6 @@ int rm_r(char *dirname)
 		char *pathname;
 		struct stat mystat;
 
-		if (!direntp)
-			break;
-
 		if (!strcmp(direntp->d_name, ".") ||
 		    !strcmp(direntp->d_name, ".."))
 			continue;

src/lxc/utils.c

@@ -971,12 +971,13 @@ size_t lxc_array_len(void **array)
 	return result;
 }
 
-int lxc_write_to_file(const char *filename, const void* buf, size_t count, bool add_newline)
+int lxc_write_to_file(const char *filename, const void *buf, size_t count,
+		      bool add_newline, mode_t mode)
 {
 	int fd, saved_errno;
 	ssize_t ret;
 
-	fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
+	fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, mode);
 	if (fd < 0)
 		return -1;
 	ret = lxc_write_nointr(fd, buf, count);

src/lxc/utils.h

@@ -392,7 +392,7 @@ extern int sha1sum_file(char *fnam, unsigned char *md_value);
 
 /* read and write whole files */
 extern int lxc_write_to_file(const char *filename, const void *buf,
-			     size_t count, bool add_newline);
+			     size_t count, bool add_newline, mode_t mode);
 extern int lxc_read_from_file(const char *filename, void* buf, size_t count);
 
 /* convert variadic argument lists to arrays (for execl type argument lists) */

src/tests/aa.c

@@ -94,7 +94,7 @@ static int do_test_file_open(struct lxc_container *c, char *fnam)
 		fret = 0;
 
 err2:
-	wait_for_pid(pid);
+	(void)wait_for_pid(pid);
 err1:
 	close(pipefd[0]);
 	close(pipefd[1]);

src/tests/attach.c

@@ -124,7 +124,7 @@ static int test_attach_lsm_func(struct lxc_container *ct)
 	ret = 0;
 
 err2:
-	wait_for_pid(pid);
+	(void)wait_for_pid(pid);
 err1:
 	close(pipefd[0]);
 	close(pipefd[1]);
@@ -178,7 +178,7 @@ static int test_attach_lsm_cmd(struct lxc_container *ct)
 	ret = 0;
 
 err2:
-	wait_for_pid(pid);
+	(void)wait_for_pid(pid);
 err1:
 	close(pipefd[0]);
 	close(pipefd[1]);
@@ -240,7 +240,7 @@ static int test_attach_func(struct lxc_container *ct)
 	ret = 0;
 
 err2:
-	wait_for_pid(pid);
+	(void)wait_for_pid(pid);
 err1:
 	close(pipefd[0]);
 	close(pipefd[1]);