#include <grp.h>
#include <inttypes.h>
#include <libgen.h>
+#include <pthread.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include "parse.h"
#include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
#ifndef O_PATH
#define O_PATH 010000000
#endif
struct stat mystat;
int rc;
- if (!direntp)
- break;
-
if (!strcmp(direntp->d_name, ".") ||
!strcmp(direntp->d_name, ".."))
continue;
{
char *rundir;
const char *homedir;
+ struct stat sb;
+
+ if (stat(RUNTIME_PATH, &sb) < 0) {
+ return NULL;
+ }
- if (geteuid() == 0) {
+ if (geteuid() == sb.st_uid || getegid() == sb.st_gid) {
rundir = strdup(RUNTIME_PATH);
return rundir;
}
ret = fcntl(pipe_fds[1], F_SETFD, 0);
if (ret < 0) {
close(pipe_fds[1]);
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
}
/* duplicate stderr */
ret = fcntl(pipe_fds[1], F_SETFD, 0);
close(pipe_fds[1]);
if (ret < 0)
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
/* unblock all signals */
ret = sigfillset(&mask);
if (ret < 0)
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
- ret = sigprocmask(SIG_UNBLOCK, &mask, NULL);
+ ret = pthread_sigmask(SIG_UNBLOCK, &mask, NULL);
if (ret < 0)
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
execl("/bin/sh", "sh", "-c", command, (char *)NULL);
- exit(127);
+ _exit(127);
}
close(pipe_fds[1]);
fp = malloc(sizeof(*fp));
if (!fp)
goto on_error;
+ memset(fp, 0, sizeof(*fp));
fp->child_pid = child_pid;
fp->pipe = pipe_fds[0];
+ /* From now on, closing fp->f will also close fp->pipe. So only ever
+ * call fclose(fp->f).
+ */
fp->f = fdopen(pipe_fds[0], "r");
if (!fp->f)
goto on_error;
return fp;
on_error:
- if (fp)
- free(fp);
-
- if (pipe_fds[0] >= 0)
+ /* We can only close pipe_fds[0] if fdopen() didn't succeed or wasn't
+ * called yet. Otherwise the fd belongs to the file opened by fdopen()
+ * since it isn't dup()ed.
+ */
+ if (fp && !fp->f && pipe_fds[0] >= 0)
close(pipe_fds[0]);
if (pipe_fds[1] >= 0)
close(pipe_fds[1]);
+ if (fp && fp->f)
+ fclose(fp->f);
+
+ if (fp)
+ free(fp);
+
return NULL;
}
wait_pid = waitpid(fp->child_pid, &wstatus, 0);
} while (wait_pid < 0 && errno == EINTR);
- close(fp->pipe);
fclose(fp->f);
free(fp);
return NULL;
if (use_as_prefix)
- strcpy(result, sep);
+ (void)strlcpy(result, sep, result_len + 1);
+
for (p = (char **)parts; *p; p++) {
if (p > (char **)parts)
strcat(result, sep);
{
char *token, *str, *saveptr = NULL;
char sep[2] = { _sep, '\0' };
+ size_t len;
if (!haystack || !needle)
return 0;
- str = alloca(strlen(haystack)+1);
- strcpy(str, haystack);
+ len = strlen(haystack);
+ str = alloca(len + 1);
+ (void)strlcpy(str, haystack, len + 1);
+
for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
if (strcmp(needle, token) == 0)
return 1;
size_t result_capacity = 0;
size_t result_count = 0;
int r, saved_errno;
+ size_t len;
if (!string)
return calloc(1, sizeof(char *));
- str = alloca(strlen(string) + 1);
- strcpy(str, string);
+ len = strlen(string);
+ str = alloca(len + 1);
+ (void)strlcpy(str, string, len + 1);
+
for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
r = lxc_grow_array((void ***)&result, &result_capacity, result_count + 1, 16);
if (r < 0)
size_t result_count = 0;
int r, saved_errno;
size_t i = 0;
+ size_t len;
if (!string)
return calloc(1, sizeof(char *));
- str = alloca(strlen(string)+1);
- strcpy(str, string);
+ len = strlen(string);
+ str = alloca(len + 1);
+ (void)strlcpy(str, string, len + 1);
+
for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
while (token[0] == ' ' || token[0] == '\t')
token++;
return result;
}
-int lxc_write_to_file(const char *filename, const void* buf, size_t count, bool add_newline)
+int lxc_write_to_file(const char *filename, const void *buf, size_t count,
+ bool add_newline, mode_t mode)
{
int fd, saved_errno;
ssize_t ret;
- fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
+ fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, mode);
if (fd < 0)
return -1;
ret = lxc_write_nointr(fd, buf, count);
return -1;
}
- mypid = getpid();
+ mypid = lxc_raw_getpid();
INFO("I am %d, /proc/self points to \"%s\"", mypid, link);
if (lxc_safe_int(link, &link_to_pid) < 0)
return n;
}
-void *lxc_strmmap(void *addr, size_t length, int prot, int flags, int fd,
- off_t offset)
-{
- void *tmp = NULL, *overlap = NULL;
-
- /* We establish an anonymous mapping that is one byte larger than the
- * underlying file. The pages handed to us are zero filled. */
- tmp = mmap(addr, length + 1, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
- if (tmp == MAP_FAILED)
- return tmp;
-
- /* Now we establish a fixed-address mapping starting at the address we
- * received from our anonymous mapping and replace all bytes excluding
- * the additional \0-byte with the file. This allows us to use normal
- * string-handling functions. */
- overlap = mmap(tmp, length, prot, MAP_FIXED | flags, fd, offset);
- if (overlap == MAP_FAILED)
- munmap(tmp, length + 1);
-
- return overlap;
-}
-
-int lxc_strmunmap(void *addr, size_t length)
-{
- return munmap(addr, length + 1);
-}
-
/* Check whether a signal is blocked by a process. */
/* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */
-#define __PROC_STATUS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
-bool task_blocking_signal(pid_t pid, int signal)
+#define __PROC_STATUS_LEN (6 + (LXC_NUMSTRLEN64) + 7 + 1)
+bool task_blocks_signal(pid_t pid, int signal)
{
- bool bret = false;
- char *line = NULL;
- long unsigned int sigblk = 0;
- size_t n = 0;
int ret;
- FILE *f;
-
char status[__PROC_STATUS_LEN];
+ FILE *f;
+ uint64_t sigblk = 0, one = 1;
+ size_t n = 0;
+ bool bret = false;
+ char *line = NULL;
ret = snprintf(status, __PROC_STATUS_LEN, "/proc/%d/status", pid);
if (ret < 0 || ret >= __PROC_STATUS_LEN)
return bret;
while (getline(&line, &n, f) != -1) {
- if (strncmp(line, "SigBlk:\t", 8))
+ char *numstr;
+
+ if (strncmp(line, "SigBlk:", 7))
continue;
- if (sscanf(line + 8, "%lx", &sigblk) != 1)
+ numstr = lxc_trim_whitespace_in_place(line + 7);
+ ret = lxc_safe_uint64(numstr, &sigblk, 16);
+ if (ret < 0)
goto out;
+
+ break;
}
- if (sigblk & (1LU << (signal - 1)))
+ if (sigblk & (one << (signal - 1)))
bret = true;
out:
return 0;
}
+int lxc_safe_uint64(const char *numstr, uint64_t *converted, int base)
+{
+ char *err = NULL;
+ uint64_t u;
+
+ while (isspace(*numstr))
+ numstr++;
+
+ if (*numstr == '-')
+ return -EINVAL;
+
+ errno = 0;
+ u = strtoull(numstr, &err, base);
+ if (errno == ERANGE && u == ULLONG_MAX)
+ return -ERANGE;
+
+ if (err == numstr || *err != '\0')
+ return -EINVAL;
+
+ *converted = u;
+ return 0;
+}
+
int lxc_safe_int(const char *numstr, int *converted)
{
char *err = NULL;
return -1;
while ((dp = readdir(dir))) {
- if (!dp)
- break;
-
if (strncmp(dp->d_name, "loop", 4) != 0)
continue;
int ret, fret, pipefd[2];
ssize_t bytes;
- /* Make sure our callers do not receive unitialized memory. */
+ /* Make sure our callers do not receive uninitialized memory. */
if (buf_size > 0 && buf)
buf[0] = '\0';
return -1;
}
- child = fork();
+ child = lxc_raw_clone(0);
if (child < 0) {
close(pipefd[0]);
close(pipefd[1]);
if (ret < 0) {
SYSERROR("failed to duplicate std{err,out} file descriptor");
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
}
/* Does not return. */
child_fn(args);
ERROR("failed to exec command");
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
}
/* close the write-end of the pipe */
return dest;
}
+char *must_append_path(char *first, ...)
+{
+ char *cur;
+ size_t full_len;
+ va_list args;
+ char *dest = first;
+
+ full_len = strlen(first);
+ va_start(args, first);
+ while ((cur = va_arg(args, char *)) != NULL) {
+ full_len += strlen(cur);
+
+ if (cur[0] != '/')
+ full_len++;
+
+ dest = must_realloc(dest, full_len + 1);
+
+ if (cur[0] != '/')
+ strcat(dest, "/");
+
+ strcat(dest, cur);
+ }
+ va_end(args);
+
+ return dest;
+}
+
char *must_copy_string(const char *entry)
{
char *ret;
int lxc_make_tmpfile(char *template, bool rm)
{
int fd, ret;
+ mode_t msk;
+ msk = umask(0022);
fd = mkstemp(template);
+ umask(msk);
if (fd < 0)
return -1;
return fd;
}
-uint64_t lxc_getpagesize(void)
-{
- int64_t pgsz;
-
- pgsz = sysconf(_SC_PAGESIZE);
- if (pgsz <= 0)
- pgsz = 1 << 12;
-
- return pgsz;
-}
-
int parse_byte_size_string(const char *s, int64_t *converted)
{
int ret, suffix_len;
int64_t mltpl, overflow;
char *end;
char dup[LXC_NUMSTRLEN64 + 2];
- char suffix[3];
+ char suffix[3] = {0};
if (!s || !strcmp(s, ""))
return -EINVAL;
- end = stpncpy(dup, s, sizeof(dup));
+ end = stpncpy(dup, s, sizeof(dup) - 1);
if (*end != '\0')
return -EINVAL;
else
return -EINVAL;
- if ((end - 2) == dup && !isdigit(*(end - 2)))
+ if (suffix_len > 0 && (end - 2) == dup && !isdigit(*(end - 2)))
return -EINVAL;
- if (isalpha(*(end - 2))) {
- if (suffix_len == 1)
- suffix_len++;
- else
- return -EINVAL;
- }
+ if (suffix_len > 0 && isalpha(*(end - 2)))
+ suffix_len++;
if (suffix_len > 0) {
memcpy(suffix, end - suffix_len, suffix_len);
return 0;
}
- if (!strcmp(suffix, "kB"))
+ if (strcasecmp(suffix, "KB") == 0)
mltpl = 1024;
- else if (!strcmp(suffix, "MB"))
+ else if (strcasecmp(suffix, "MB") == 0)
mltpl = 1024 * 1024;
- else if (!strcmp(suffix, "GB"))
+ else if (strcasecmp(suffix, "GB") == 0)
mltpl = 1024 * 1024 * 1024;
else
return -EINVAL;
n = n << 1;
return n;
}
+
+int lxc_set_death_signal(int signal)
+{
+ int ret;
+ pid_t ppid;
+
+ ret = prctl(PR_SET_PDEATHSIG, signal, 0, 0, 0);
+
+ /* Check whether we have been orphaned. */
+ ppid = (pid_t)syscall(SYS_getppid);
+ if (ppid == 1) {
+ pid_t self;
+
+ self = lxc_raw_getpid();
+ ret = kill(self, SIGKILL);
+ if (ret < 0)
+ return -1;
+ }
+
+ if (ret < 0) {
+ SYSERROR("Failed to set PR_SET_PDEATHSIG to %d", signal);
+ return -1;
+ }
+
+ return 0;
+}
+
+void remove_trailing_newlines(char *l)
+{
+ char *p = l;
+
+ while (*p)
+ p++;
+
+ while (--p >= l && *p == '\n')
+ *p = '\0';
+}