struct lxc_list *mount, const char *lxc_name,
const char *lxc_path)
{
- int ret;
- FILE *f;
+ __do_fclose FILE *f = NULL;
f = make_anonymous_mount_file(mount, conf->lsm_aa_allow_nesting);
if (!f)
return -1;
- ret = mount_file_entries(conf, rootfs, f, lxc_name, lxc_path);
- fclose(f);
-
- return ret;
+ return mount_file_entries(conf, rootfs, f, lxc_name, lxc_path);
}
static int parse_cap(const char *cap)
int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
size_t buf_size)
{
- int fd, ret;
+ __do_close_prot_errno int fd;
+ int ret;
char path[PATH_MAX];
if (geteuid() != 0 && idtype == ID_TYPE_GID) {
- size_t buflen;
+ __do_close_prot_errno int setgroups_fd = -EBADF;
ret = snprintf(path, PATH_MAX, "/proc/%d/setgroups", pid);
if (ret < 0 || ret >= PATH_MAX)
return -E2BIG;
- fd = open(path, O_WRONLY);
- if (fd < 0 && errno != ENOENT) {
+ setgroups_fd = open(path, O_WRONLY);
+ if (setgroups_fd < 0 && errno != ENOENT) {
SYSERROR("Failed to open \"%s\"", path);
return -1;
}
- if (fd >= 0) {
- buflen = STRLITERALLEN("deny\n");
- errno = 0;
- ret = lxc_write_nointr(fd, "deny\n", buflen);
- close(fd);
- if (ret != buflen) {
- SYSERROR("Failed to write \"deny\" to "
- "\"/proc/%d/setgroups\"", pid);
+ if (setgroups_fd >= 0) {
+ ret = lxc_write_nointr(setgroups_fd, "deny\n",
+ STRLITERALLEN("deny\n"));
+ if (ret != STRLITERALLEN("deny\n")) {
+ SYSERROR("Failed to write \"deny\" to \"/proc/%d/setgroups\"", pid);
return -1;
}
TRACE("Wrote \"deny\" to \"/proc/%d/setgroups\"", pid);
return -1;
}
- errno = 0;
ret = lxc_write_nointr(fd, buf, buf_size);
- close(fd);
if (ret != buf_size) {
SYSERROR("Failed to write %cid mapping to \"%s\"",
idtype == ID_TYPE_UID ? 'u' : 'g', path);
void suggest_default_idmap(void)
{
__do_free char *gname = NULL, *line = NULL, *uname = NULL;
- FILE *f;
+ __do_fclose FILE *subuid_f = NULL, *subgid_f = NULL;
unsigned int uid = 0, urange = 0, gid = 0, grange = 0;
size_t len = 0;
if (!gname)
return;
- f = fopen(subuidfile, "r");
- if (!f) {
+ subuid_f = fopen(subuidfile, "r");
+ if (!subuid_f) {
ERROR("Your system is not configured with subuids");
return;
}
- while (getline(&line, &len, f) != -1) {
+ while (getline(&line, &len, subuid_f) != -1) {
char *p, *p2;
size_t no_newline = 0;
if (lxc_safe_uint(p2, &urange) < 0)
WARN("Could not parse UID range");
}
- fclose(f);
- f = fopen(subgidfile, "r");
- if (!f) {
+ subgid_f = fopen(subgidfile, "r");
+ if (!subgid_f) {
ERROR("Your system is not configured with subgids");
return;
}
- while (getline(&line, &len, f) != -1) {
+ while (getline(&line, &len, subgid_f) != -1) {
char *p, *p2;
size_t no_newline = 0;
if (lxc_safe_uint(p2, &grange) < 0)
WARN("Could not parse GID range");
}
- fclose(f);
if (!urange || !grange) {
ERROR("You do not have subuids or subgids allocated");