]> git.proxmox.com Git - mirror_lxc.git/commitdiff
projects / mirror_lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7fde74f)
seccomp: make seccomp notifier fd non-blocking
authorChristian Brauner <christian.brauner@ubuntu.com>
Mon, 2 Nov 2020 15:44:05 +0000 (16:44 +0100)
committerChristian Brauner <christian.brauner@ubuntu.com>
Mon, 2 Nov 2020 15:48:52 +0000 (16:48 +0100)
Suggested-by: Jann Horn <jann@thejh.net>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/file_utils.c patch | blob | blame | history
src/lxc/file_utils.h patch | blob | blame | history
src/lxc/seccomp.c patch | blob | blame | history

diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index 4a8c7a8d9903480e34d37a099ec87395b94ca17e..fafaba354c176dddbe43a2f60ad5d9d258eb7289 100644 (file)
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -577,3 +577,15 @@ int open_beneath(int dir_fd, const char *path, unsigned int flags)
 
        return openat(dir_fd, path, O_NOFOLLOW | flags);
 }
+
+int fd_make_nonblocking(int fd)
+{
+       int flags;
+
+       flags = fcntl(fd, F_GETFL);
+       if (flags < 0)
+               return -1;
+
+       flags &= ~O_NONBLOCK;
+       return fcntl(fd, F_SETFL, flags);
+}
diff --git a/src/lxc/file_utils.h b/src/lxc/file_utils.h
index df3a00d4dc2d9c73e772704373e7d5268c5ed354..ea9570dd18b78f7498a36dce652c51b06d2c6abe 100644 (file)
--- a/src/lxc/file_utils.h
+++ b/src/lxc/file_utils.h
@@ -76,5 +76,6 @@ __hidden extern int timens_offset_write(clockid_t clk_id, int64_t s_offset, int6
 __hidden extern bool exists_dir_at(int dir_fd, const char *path);
 __hidden extern bool exists_file_at(int dir_fd, const char *path);
 __hidden extern int open_beneath(int dir_fd, const char *path, unsigned int flags);
+__hidden int fd_make_nonblocking(int fd);
 
 #endif /* __LXC_FILE_UTILS_H */
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 4faf693f6c97b3e8c35c125214a675f946ff8739..e303561bf96944c64736222cc7f5c743610c6a43 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1280,6 +1280,9 @@ int lxc_seccomp_load(struct lxc_conf *conf)
                        return -1;
                }
 
+               if (fd_make_nonblocking(ret))
+                       return log_error_errno(-1, errno, "Failed to make seccomp listener fd non-blocking");;
+
                conf->seccomp.notifier.notify_fd = ret;
                TRACE("Retrieved new seccomp listener fd %d", ret);
        }
LXC mirror