linux: safe_openat reopens root

If an empty path is used, reopens directly the rootfs so that it can
grab a reference to the topmost mount, not the previously open file
descriptor.

Signed-off-by: Giuseppe Scrivano <[email protected]>

Author: giuseppe

src/libcrun/utils.c

@@ -298,6 +298,25 @@ crun_ensure_directory_at (int dirfd, const char *path, int mode, bool nofollow,
   return 0;
 }
 
+static int
+check_fd_is_path (const char *path, int fd, const char *fdname, libcrun_error_t *err)
+{
+  proc_fd_path_t fdpath;
+  size_t path_len = strlen (path);
+  char link[PATH_MAX];
+  int ret;
+
+  get_proc_self_fd_path (fdpath, fd);
+  ret = TEMP_FAILURE_RETRY (readlink (fdpath, link, sizeof (link)));
+  if (UNLIKELY (ret < 0))
+    return crun_make_error (err, errno, "readlink `%s`", fdname);
+
+  if (((size_t) ret) != path_len || memcmp (link, path, path_len))
+    return crun_make_error (err, 0, "target `%s` does not point to the directory `%s`", fdname, path);
+
+  return 0;
+}
+
 static int
 check_fd_under_path (const char *rootfs, size_t rootfslen, int fd, const char *fdname, libcrun_error_t *err)
 {
@@ -377,6 +396,23 @@ safe_openat (int dirfd, const char *rootfs, const char *path, int flags, int mod
   static bool openat2_supported = true;
   int ret;
 
+  if (is_empty_string (path))
+    {
+      cleanup_close int fd = -1;
+
+      fd = open (rootfs, flags, mode);
+      if (UNLIKELY (fd < 0))
+        return crun_make_error (err, errno, "open `%s`", rootfs);
+
+      ret = check_fd_is_path (rootfs, fd, path, err);
+      if (UNLIKELY (ret < 0))
+        return ret;
+
+      ret = fd;
+      fd = -1;
+      return ret;
+    }
+
   if (openat2_supported)
     {
     repeat: