Merge pull request #2150 from brauner/2018-02-10/cgfsng_fix_unpriv_de…

…vices

conf: fix clearing cgroup settings

src/lxc/cgroups/cgfsng.c

@@ -2537,23 +2537,25 @@ static int cg_legacy_set_data(const char *filename, const char *value,
 			      struct cgfsng_handler_data *d)
 {
 	char *fullpath, *p;
+	size_t len;
 	/* "b|c <2^64-1>:<2^64-1> r|w|m" = 47 chars max */
 	char converted_value[50];
 	struct hierarchy *h;
 	int ret = 0;
 	char *controller = NULL;
 
-	controller = alloca(strlen(filename) + 1);
+	len = strlen(filename);
+	controller = alloca(len + 1);
 	strcpy(controller, filename);
-	if ((p = strchr(controller, '.')) != NULL)
+	p = strchr(controller, '.');
+	if (p)
 		*p = '\0';
 
 	if (strcmp("devices.allow", filename) == 0 && value[0] == '/') {
 		ret = convert_devpath(value, converted_value);
 		if (ret < 0)
 			return ret;
 		value = converted_value;
-
 	}
 
 	h = get_hierarchy(controller);
@@ -2563,7 +2565,7 @@ static int cg_legacy_set_data(const char *filename, const char *value,
 		      "driver or not enabled on the cgroup hierarchy",
 		      controller);
 		errno = ENOENT;
-		return -1;
+		return -ENOENT;
 	}
 
 	fullpath = must_make_path(h->fullcgpath, filename, NULL);

src/lxc/conf.c

@@ -3450,28 +3450,31 @@ int lxc_clear_config_keepcaps(struct lxc_conf *c)
 int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
 {
 	char *global_token, *namespaced_token;
+	size_t namespaced_token_len;
 	struct lxc_list *it, *next, *list;
-	const char *k = NULL;
+	const char *k = key;
 	bool all = false;
 
 	if (version == CGROUP2_SUPER_MAGIC) {
 		global_token = "lxc.cgroup2";
 		namespaced_token = "lxc.cgroup2.";
+		namespaced_token_len = sizeof("lxc.cgroup2.") - 1;;
 		list = &c->cgroup2;
 	} else if (version == CGROUP_SUPER_MAGIC) {
 		global_token = "lxc.cgroup";
 		namespaced_token = "lxc.cgroup.";
+		namespaced_token_len = sizeof("lxc.cgroup.") - 1;;
 		list = &c->cgroup;
 	} else {
-		return -1;
+		return -EINVAL;
 	}
 
 	if (strcmp(key, global_token) == 0)
 		all = true;
 	else if (strncmp(key, namespaced_token, sizeof(namespaced_token) - 1) == 0)
-		k = key + sizeof(namespaced_token) - 1;
+		k += namespaced_token_len;
 	else
-		return -1;
+		return -EINVAL;
 
 	lxc_list_for_each_safe(it, list, next) {
 		struct lxc_cgroup *cg = it->elem;