libct/system: use securejoin for /proc/$pid/stat

Signed-off-by: Aleksa Sarai <[email protected]>

Author: cyphar

libcontainer/system/proc.go

@@ -2,10 +2,12 @@ package system
 
 import (
 	"fmt"
+	"io"
 	"os"
-	"path/filepath"
 	"strconv"
 	"strings"
+
+	"github.com/opencontainers/runc/internal/pathrs"
 )
 
 // State is the status of a process.
@@ -66,8 +68,16 @@ type Stat_t struct {
 }
 
 // Stat returns a Stat_t instance for the specified process.
-func Stat(pid int) (stat Stat_t, err error) {
-	bytes, err := os.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat"))
+func Stat(pid int) (Stat_t, error) {
+	var stat Stat_t
+
+	statFile, err := pathrs.ProcPidOpen(pid, "stat", os.O_RDONLY)
+	if err != nil {
+		return stat, err
+	}
+	defer statFile.Close()
+
+	bytes, err := io.ReadAll(statFile)
 	if err != nil {
 		return stat, err
 	}