lxc_af_unix_rcv_credential to report rcvd length

to have better error reporting done by caller.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <normand@fr.ibm.com>

2 files changed, 22 insertions, 5 deletions

diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 79f64ae..ad3e94c 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -23,11 +23,15 @@
 #include <string.h>
 #include <unistd.h>
 #include <fcntl.h>
+#include <errno.h>
 #define __USE_GNU
 #include <sys/socket.h>
 #undef __USE_GNU
 #include <sys/un.h>
 
+#include "log.h"
+
+lxc_log_define(lxc_af_unix, lxc);
 
 int lxc_af_unix_open(const char *path, int type, int flags)
 {
@@ -229,14 +233,14 @@ int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
 
         cmsg = CMSG_FIRSTHDR(&msg);
 
-	ret = -1;
-
         if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
             cmsg->cmsg_level == SOL_SOCKET &&
             cmsg->cmsg_type == SCM_CREDENTIALS) {
                 cred = *((struct ucred *) CMSG_DATA(cmsg));
-		if (cred.uid == getuid() && cred.gid == getgid())
-			ret = 0;
+		if (cred.uid != getuid() || cred.gid != getgid()) {
+			INFO("message denied for '%d/%d'", cred.uid, cred.gid);
+			return -EPERM;
+		}
         }
 out:
         return ret;
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 055d381..28ce88c 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -200,8 +200,21 @@ static int ttyservice_handler(int fd, void *data,
 		goto out_close;
 	}
 
-	if (lxc_af_unix_rcv_credential(conn, &ttynum, sizeof(ttynum)))
+	ret = lxc_af_unix_rcv_credential(conn, &ttynum, sizeof(ttynum));
+	if (ret < 0) {
+		SYSERROR("failed to receive data on tty socket");
 		goto out_close;
+	}
+
+	if (!ret) {
+		DEBUG("peer has disconnected");
+		goto out_close;
+	}
+
+	if (ret != sizeof(ttynum)) {
+		WARN("partial request, ignored");
+		goto out_close;
+	}
 
 	if (ttynum > 0) {
 		if (ttynum > tty_info->nbtty)