utils: rework fix_stdio_permissions()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 07eb814c9a6a18d8c8b43b8bc1459dbf8ce49903..406b8ec74058ecc63bcac1fe524750a57fb5cc61 100644 (file)
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -875,9 +875,11 @@ static int attach_child_main(struct attach_clone_payload *payload)
 
        if (new_gid == ns_root_gid)
                new_gid = LXC_INVALID_GID;
-       
+
        /* Make sure that the processes STDIO is correctly owned by the user that we are switching to */
-       fix_stdio_permissions(new_uid);
+       ret = fix_stdio_permissions(new_uid);
+       if (ret)
+               WARN("Failed to ajust stdio permissions");
 
        if (!lxc_switch_uid_gid(new_uid, new_gid))
                goto on_error;

diff --git a/src/lxc/start.c b/src/lxc/start.c
index e4c8712e136358f950733832334c698dfc72902c..9d800e30bb4cc6ccb4c96cd6669be4cccaf6ac2e 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1363,9 +1363,11 @@ static int do_start(void *data)
 
        if (new_gid == nsgid)
                new_gid = LXC_INVALID_GID;
-       
+
        /* Make sure that the processes STDIO is correctly owned by the user that we are switching to */
-       fix_stdio_permissions(new_uid);
+       ret = fix_stdio_permissions(new_uid);
+       if (ret)
+               WARN("Failed to ajust stdio permissions");
 
        /* If we are in a new user namespace we already dropped all groups when
         * we switched to root in the new user namespace further above. Only

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 96c35e8084bd69f1f4eeeb27bffdf35789143a14..70414f812320e0a6bca6adf37505b81773849048 100644 (file)
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1861,47 +1861,46 @@ bool lxc_can_use_pidfd(int pidfd)
        return log_trace(true, "Kernel supports pidfds");
 }
 
-void fix_stdio_permissions(uid_t uid)
+int fix_stdio_permissions(uid_t uid)
 {
-       int std_fds[3] = {STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO};
-       int devnull_fd = -1;
+       __do_close int devnull_fd = -EBADF;
+       int fret = 0;
+       int std_fds[] = {STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO};
        int ret;
-       int i = 0;
-       struct stat st;
-       struct stat null_st;
+       struct stat st, st_null;
 
        devnull_fd = open_devnull();
-       if (devnull_fd < 0) {
-               ERROR("Open /dev/null failed");
-               goto out;
-       }
-       
-       ret = fstat(devnull_fd, &null_st);
+       if (devnull_fd < 0)
+               return log_warn_errno(-1, errno, "Failed to open \"/dev/null\"");
+
+       ret = fstat(devnull_fd, &st_null);
+       if (ret)
+               return log_warn_errno(-errno, errno, "Failed to stat \"/dev/null\"");
 
-       for (; i < 3; i++) {
+       for (int i = 0; i < ARRAY_SIZE(std_fds); i++) {
                ret = fstat(std_fds[i], &st);
-               if (ret != 0) {
-                       ERROR("Failed to get fd %d stat", std_fds[i]);
+               if (ret) {
+                       SYSWARN("Failed to stat standard I/O file descriptor %d", std_fds[i]);
+                       fret = -1;
                        continue;
                }
 
-               if (st.st_rdev == null_st.st_rdev) {
+               if (st.st_rdev == st_null.st_rdev)
                        continue;
-               }
 
                ret = fchown(std_fds[i], uid, st.st_gid);
-               if (ret != 0) {
-                       ERROR("Failed to change fd %d owner", std_fds[i]);
+               if (ret) {
+                       SYSWARN("Failed to chown standard I/O file descriptor %d to uid %d and gid %d",
+                               std_fds[i], uid, st.st_gid);
+                       fret = -1;
                }
 
                ret = fchmod(std_fds[i], 0700);
-               if (ret != 0) {
-                       ERROR("Failed to change fd %d mode", std_fds[i]);
+               if (ret) {
+                       SYSWARN("Failed to chmod standard I/O file descriptor %d", std_fds[i]);
+                       fret = -1;
                }
        }
 
-out:
-       if (devnull_fd >= 0) {
-               close(devnull_fd);
-       }
+       return fret;
 }

diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index bd7a86136b7df8e0af32a0a929e579779fedfdab..339217c5069d4e2dcf359547f8d9a6ed3b453d38 100644 (file)
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -239,7 +239,6 @@ extern int lxc_rm_rf(const char *dirname);
 extern int lxc_setup_keyring(char *keyring_label);
 extern bool lxc_can_use_pidfd(int pidfd);
 
-/* Fix the permissions of init PID's STDIO within the container to the specified user */
-extern void fix_stdio_permissions(uid_t uid);
+extern int fix_stdio_permissions(uid_t uid);
 
 #endif /* __LXC_UTILS_H */