Unless you have a valid reason to accept truncation you must check whether
truncation has occurred, treat it as an error, and handle the error
appropriately.
+
+## 25) Use `__fallthrough__` in switch statements
+
+If LXC detects that the compiler is new enough it will tell it to check
+`switch` statements for non-documented fallthroughs. Please always place
+a `__fallthrough__` after a `case` which falls through the next one.
+
+```c
+int lxc_attach_run_command(void *payload)
+{
+ int ret = -1;
+ lxc_attach_command_t *cmd = payload;
+
+ ret = execvp(cmd->program, cmd->argv);
+ if (ret < 0) {
+ switch (errno) {
+ case ENOEXEC:
+ ret = 126;
+ break;
+ case ENOENT:
+ ret = 127;
+ break;
+ }
+ }
+
+ SYSERROR("Failed to exec \"%s\"", cmd->program);
+ return ret;
+}
+```
+
+## 24) Never use `fgets()`
+
+LXC does not allow the use of `fgets()`. Use `getline()` or other methods
+instead.
+
+## 25) Never allocate memory on the stack
+
+This specifically forbids any usage of `alloca()` in the codebase.
+
+## 26) Use cleanup macros supported by `gcc` and `clang`
+
+LXC has switched from manually cleaning up resources to using cleanup macros
+supported by `gcc` and `clang`:
+```c
+__attribute__((__cleanup__(<my-cleanup-function-wrapper>)))
+```
+We do not allow manually cleanups anymore if there are appropriate macros.
+Currently the following macros are supported:
+```c
+/* close file descriptor */
+__do_close_prot_errno
+
+/* free allocated memory */
+__do_free __attribute__((__cleanup__(__auto_free__)))
+
+/* close FILEs */
+__do_fclose __attribute__((__cleanup__(__auto_fclose__)))
+
+/* close DIRs */
+__do_closedir __attribute__((__cleanup__(__auto_closedir__)))
+```
+For example:
+```c
+void remount_all_slave(void)
+{
+ __do_free char *line = NULL;
+ __do_fclose FILE *f = NULL;
+ __do_close_prot_errno int memfd = -EBADF, mntinfo_fd = -EBADF;
+ int ret;
+ ssize_t copied;
+ size_t len = 0;
+
+ mntinfo_fd = open("/proc/self/mountinfo", O_RDONLY | O_CLOEXEC);
+ if (mntinfo_fd < 0) {
+ SYSERROR("Failed to open \"/proc/self/mountinfo\"");
+ return;
+ }
+
+ memfd = memfd_create(".lxc_mountinfo", MFD_CLOEXEC);
+ if (memfd < 0) {
+ char template[] = P_tmpdir "/.lxc_mountinfo_XXXXXX";
+
+ if (errno != ENOSYS) {
+ SYSERROR("Failed to create temporary in-memory file");
+ return;
+ }
+
+ memfd = lxc_make_tmpfile(template, true);
+ if (memfd < 0) {
+ WARN("Failed to create temporary file");
+ return;
+ }
+ }
+
+again:
+ copied = lxc_sendfile_nointr(memfd, mntinfo_fd, NULL, LXC_SENDFILE_MAX);
+ if (copied < 0) {
+ if (errno == EINTR)
+ goto again;
+
+ SYSERROR("Failed to copy \"/proc/self/mountinfo\"");
+ return;
+ }
+
+ ret = lseek(memfd, 0, SEEK_SET);
+ if (ret < 0) {
+ SYSERROR("Failed to reset file descriptor offset");
+ return;
+ }
+
+ f = fdopen(memfd, "r");
+ if (!f) {
+ SYSERROR("Failed to open copy of \"/proc/self/mountinfo\" to mark all shared. Continuing");
+ return;
+ }
+
+ /*
+ * After a successful fdopen() memfd will be closed when calling
+ * fclose(f). Calling close(memfd) afterwards is undefined.
+ */
+ move_fd(memfd);
+
+ while (getline(&line, &len, f) != -1) {
+ char *opts, *target;
+
+ target = get_field(line, 4);
+ if (!target)
+ continue;
+
+ opts = get_field(target, 2);
+ if (!opts)
+ continue;
+
+ null_endofword(opts);
+ if (!strstr(opts, "shared"))
+ continue;
+
+ null_endofword(target);
+ ret = mount(NULL, target, NULL, MS_SLAVE, NULL);
+ if (ret < 0) {
+ SYSERROR("Failed to make \"%s\" MS_SLAVE", target);
+ ERROR("Continuing...");
+ continue;
+ }
+ TRACE("Remounted \"%s\" as MS_SLAVE", target);
+ }
+ TRACE("Remounted all mount table entries as MS_SLAVE");
+}
+```
projects / mirror_lxc.git / blobdiff