utils: remove unneeded EnsureProcHandle

cyphar · cyphar · commit b3dd1bc562ed · 2025-11-01T21:24:05.000+11:00
All of the callers of EnsureProcHandle now use filepath-securejoin's
ProcThreadSelf to get a file handle, which has much stricter
verification to avoid procfs attacks than EnsureProcHandle's very
simplistic filesystem type check.

Signed-off-by: Aleksa Sarai &lt;cyphar@cyphar.com&gt;
diff --git a/libcontainer/apparmor/apparmor_linux.go b/libcontainer/apparmor/apparmor_linux.go
@@ -46,12 +46,6 @@ func setProcAttr(attr, value string) error {
 	defer closer()
 	defer f.Close()
 
-	// NOTE: This is not really necessary since securejoin.ProcThreadSelf
-	// verifies this in a far stricter sense than EnsureProcHandle.
-	if err := utils.EnsureProcHandle(f); err != nil {
-		return err
-	}
-
 	_, err = f.WriteString(value)
 	return err
 }
diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go
@@ -19,18 +19,6 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-// EnsureProcHandle returns whether or not the given file handle is on procfs.
-func EnsureProcHandle(fh *os.File) error {
-	var buf unix.Statfs_t
-	if err := unix.Fstatfs(int(fh.Fd()), &buf); err != nil {
-		return fmt.Errorf("ensure %s is on procfs: %w", fh.Name(), err)
-	}
-	if buf.Type != unix.PROC_SUPER_MAGIC {
-		return fmt.Errorf("%s is not on procfs", fh.Name())
-	}
-	return nil
-}
-
 var (
 	haveCloseRangeCloexecBool bool
 	haveCloseRangeCloexecOnce sync.Once
@@ -67,12 +55,6 @@ func fdRangeFrom(minFd int, fn fdFunc) error {
 	defer closer()
 	defer fdDir.Close()
 
-	// NOTE: This is not really necessary since securejoin.ProcThreadSelf
-	// verifies this in a far stricter sense than EnsureProcHandle.
-	if err := EnsureProcHandle(fdDir); err != nil {
-		return err
-	}
-
 	fdList, err := fdDir.Readdirnames(-1)
 	if err != nil {
 		return err
