|
|
695357 |
From 1e84cb90b63bce841376140a7a80107e5ec1e1a8 Mon Sep 17 00:00:00 2001
|
|
|
695357 |
From: Adrian Reber <areber@redhat.com>
|
|
|
695357 |
Date: Fri, 3 May 2019 06:27:51 +0000
|
|
|
695357 |
Subject: [PATCH] lsm: fix compiler error 'unused-result'
|
|
|
695357 |
|
|
|
695357 |
Reading out the xattr 'security.selinux' of checkpointed sockets with
|
|
|
695357 |
fscanf() works (at least in theory) without checking the result of
|
|
|
695357 |
fscanf(). There are, however, multiple CI failures when ignoring the
|
|
|
695357 |
return value of fscanf().
|
|
|
695357 |
|
|
|
695357 |
This adds ferror() to check if the stream has an actual error or if '-1'
|
|
|
695357 |
just mean EOF.
|
|
|
695357 |
|
|
|
695357 |
Handle all errors of fscanf() // Andrei
|
|
|
695357 |
|
|
|
695357 |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|
|
695357 |
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
|
695357 |
---
|
|
|
695357 |
criu/lsm.c | 22 +++++++++++++---------
|
|
|
695357 |
1 file changed, 13 insertions(+), 9 deletions(-)
|
|
|
695357 |
|
|
|
695357 |
diff --git a/criu/lsm.c b/criu/lsm.c
|
|
|
695357 |
index ef6ba112b3..9c9ac7f80e 100644
|
|
|
695357 |
--- a/criu/lsm.c
|
|
|
695357 |
+++ b/criu/lsm.c
|
|
|
695357 |
@@ -33,8 +33,8 @@ static int apparmor_get_label(pid_t pid, char **profile_name)
|
|
|
695357 |
return -1;
|
|
|
695357 |
|
|
|
695357 |
if (fscanf(f, "%ms", profile_name) != 1) {
|
|
|
695357 |
- fclose(f);
|
|
|
695357 |
pr_perror("err scanfing");
|
|
|
695357 |
+ fclose(f);
|
|
|
695357 |
return -1;
|
|
|
695357 |
}
|
|
|
695357 |
|
|
|
695357 |
@@ -111,19 +111,23 @@ static int selinux_get_label(pid_t pid, char **output)
|
|
|
695357 |
static int selinux_get_sockcreate_label(pid_t pid, char **output)
|
|
|
695357 |
{
|
|
|
695357 |
FILE *f;
|
|
|
695357 |
+ int ret;
|
|
|
695357 |
|
|
|
695357 |
f = fopen_proc(pid, "attr/sockcreate");
|
|
|
695357 |
if (!f)
|
|
|
695357 |
return -1;
|
|
|
695357 |
|
|
|
695357 |
- fscanf(f, "%ms", output);
|
|
|
695357 |
- /*
|
|
|
695357 |
- * No need to check the result of fscanf(). If there is something
|
|
|
695357 |
- * in /proc/PID/attr/sockcreate it will be copied to *output. If
|
|
|
695357 |
- * there is nothing it will stay NULL. So whatever fscanf() does
|
|
|
695357 |
- * it should be correct.
|
|
|
695357 |
- */
|
|
|
695357 |
-
|
|
|
695357 |
+ ret = fscanf(f, "%ms", output);
|
|
|
695357 |
+ if (ret == -1 && errno != 0) {
|
|
|
695357 |
+ pr_perror("Unable to parse /proc/%d/attr/sockcreate", pid);
|
|
|
695357 |
+ /*
|
|
|
695357 |
+ * Only if the error indicator is set it is a real error.
|
|
|
695357 |
+ * -1 could also be EOF, which would mean that sockcreate
|
|
|
695357 |
+ * was just empty, which is the most common case.
|
|
|
695357 |
+ */
|
|
|
695357 |
+ fclose(f);
|
|
|
695357 |
+ return -1;
|
|
|
695357 |
+ }
|
|
|
695357 |
fclose(f);
|
|
|
695357 |
return 0;
|
|
|
695357 |
}
|