utils: introduce safe_mount_beneath_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 5fcfb0afa3229bf93fc29739981f8339c0675f0b..2ab77babf4352ab45e77654bbe6dcb8fd28111e6 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1074,7 +1074,7 @@ static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs,
                goto reset_umask;
        }
 
-       ret = safe_mount_beneath(path, "none", "dev", "tmpfs", 0, mount_options);
+       ret = safe_mount_beneath_at(root_mntpt_fd, "none", "dev", "tmpfs", 0, mount_options);
        if (ret < 0) {
                __do_free char *fallback_path = NULL;
 

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 4efed645ff7552ca809e1e4bb272a9eb1d85d265..0649c02957f6965034d1a7f58358ec4f662e067e 100644 (file)
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1079,11 +1079,10 @@ out:
        return dirfd;
 }
 
-int safe_mount_beneath(const char *beneath, const char *src, const char *dst, const char *fstype,
-                      unsigned int flags, const void *data)
+int __safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, const char *fstype,
+                           unsigned int flags, const void *data)
 {
-       __do_close int beneath_fd = -EBADF, source_fd = -EBADF, target_fd = -EBADF;
-       const char *path = beneath ? beneath : "/";
+       __do_close int source_fd = -EBADF, target_fd = -EBADF;
        struct lxc_open_how how = {
                .flags          = O_RDONLY | O_CLOEXEC | O_PATH,
                .resolve        = RESOLVE_NO_XDEV | RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS | RESOLVE_BENEATH,
@@ -1091,9 +1090,8 @@ int safe_mount_beneath(const char *beneath, const char *src, const char *dst, co
        int ret;
        char src_buf[LXC_PROC_PID_FD_LEN], tgt_buf[LXC_PROC_PID_FD_LEN];
 
-       beneath_fd = openat(-1, beneath, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH);
        if (beneath_fd < 0)
-               return log_error_errno(-errno, errno, "Failed to open %s", path);
+               return -EINVAL;
 
        if ((flags & MS_BIND) && src && src[0] != '/') {
                source_fd = openat2(beneath_fd, src, &how, sizeof(how));
@@ -1117,6 +1115,25 @@ int safe_mount_beneath(const char *beneath, const char *src, const char *dst, co
        return ret;
 }
 
+int safe_mount_beneath(const char *beneath, const char *src, const char *dst, const char *fstype,
+                      unsigned int flags, const void *data)
+{
+       __do_close int beneath_fd = -EBADF;
+       const char *path = beneath ? beneath : "/";
+
+       beneath_fd = openat(-1, beneath, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH);
+       if (beneath_fd < 0)
+               return log_error_errno(-errno, errno, "Failed to open %s", path);
+
+       return __safe_mount_beneath_at(beneath_fd, src, dst, fstype, flags, data);
+}
+
+int safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, const char *fstype,
+                         unsigned int flags, const void *data)
+{
+       return __safe_mount_beneath_at(beneath_fd, src, dst, fstype, flags, data);
+}
+
 /*
  * Safely mount a path into a container, ensuring that the mount target
  * is under the container's @rootfs.  (If @rootfs is NULL, then the container

diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index b0de9d9abc08501c37821ee86e904ffdef7f24cf..dd34f1a2ffd682aff932cd6084c1974483589fee 100644 (file)
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -246,7 +246,9 @@ static inline bool gid_valid(gid_t gid)
 
 __hidden extern bool multiply_overflow(int64_t base, uint64_t mult, int64_t *res);
 
-extern int safe_mount_beneath(const char *beneath, const char *src, const char *dst,
-                             const char *fstype, unsigned int flags, const void *data);
+__hidden extern int safe_mount_beneath(const char *beneath, const char *src, const char *dst,
+                                      const char *fstype, unsigned int flags, const void *data);
+__hidden extern int safe_mount_beneath_at(int beneat_fd, const char *src, const char *dst,
+                                         const char *fstype, unsigned int flags, const void *data);
 
 #endif /* __LXC_UTILS_H */