filecopy: really do not use O_TMPFILE when use_tmpfile==0

When file opened with O_TMPFILE but use_tmpfile==0, the file will not be
linked to the directory (the code at the end of process_one_file_reg).
Additionally it is waste of time trying using O_TMPFILE when it's
already known it shouldn't be.
Also use_tmpfile==0 can mean we don't have access to /proc
(set_procfs_fd wasn't called), so even if linking the file to its
directory would be attempted, it would fail. This is the case for
dom0-updates copy.
This commit is contained in:
Marek Marczykowski-Górecki 2015-01-21 15:23:04 +01:00
parent b0fe4d5868
commit 7607b45eae

View File

@ -104,15 +104,19 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
const char *untrusted_name)
{
int ret;
int fdout;
int fdout = -1;
/* make the file inaccessible until fully written */
fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
if (fdout < 0 && errno==ENOENT) {
/* if it fails, do not attempt further use - most likely kernel too old */
use_tmpfile = 0;
fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000); /* safe because of chroot */
if (use_tmpfile) {
fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
if (fdout < 0 && errno==ENOENT) {
/* if it fails, do not attempt further use - most likely kernel too old */
use_tmpfile = 0;
} else
do_exit(errno, untrusted_name);
}
if (fdout < 0)
fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000); /* safe because of chroot */
if (fdout < 0)
do_exit(errno, untrusted_name);
/* sizes are signed elsewhere */