@@ -15,39 +15,11 @@
#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-
#include "private.h"
static int all_restrict_cb(Xentoolcore__Active_Handle *ah, uint32_t domid) {
xencall_handle *xcall = CONTAINER_OF(ah, *xcall, tc_ah);
- int nullfd = -1, r;
-
- if (xcall->fd < 0)
- /* just in case */
- return 0;
-
- /*
- * We don't implement a restrict function. We neuter the fd by
- * dup'ing /dev/null onto it. This is better than closing it,
- * because it does not involve locking against concurrent uses
- * of xencall in other threads.
- */
- nullfd = open("/dev/null", O_RDONLY);
- if (nullfd < 0) goto err;
-
- r = dup2(nullfd, xcall->fd);
- if (r < 0) goto err;
-
- close(nullfd);
- return 0;
-
-err:
- if (nullfd >= 0) close(nullfd);
- return -1;
+ return xentoolcore__restrict_by_dup2_null(xcall->fd);
}
xencall_handle *xencall_open(xentoollog_logger *logger, unsigned open_flags)
@@ -22,6 +22,11 @@
#include "xentoolcore_internal.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
#include <pthread.h>
#include <assert.h>
@@ -66,6 +71,27 @@ int xentoolcore_restrict_all(uint32_t domid) {
return r;
}
+int xentoolcore__restrict_by_dup2_null(int fd) {
+ int nullfd = -1, r;
+
+ if (fd < 0)
+ /* just in case */
+ return 0;
+
+ nullfd = open("/dev/null", O_RDONLY);
+ if (nullfd < 0) goto err;
+
+ r = dup2(nullfd, fd);
+ if (r < 0) goto err;
+
+ close(nullfd);
+ return 0;
+
+err:
+ if (nullfd >= 0) close(nullfd);
+ return -1;
+}
+
/*
* Local variables:
* mode: C
@@ -91,6 +91,18 @@ struct Xentoolcore__Active_Handle {
void xentoolcore__register_active_handle(Xentoolcore__Active_Handle*);
void xentoolcore__deregister_active_handle(Xentoolcore__Active_Handle*);
+/*
+ * Utility function for use in restrict_callback in libraries whose
+ * handles don't have a useful restrict function. We neuter the fd by
+ * dup'ing /dev/null onto it. This is better than closing it, because
+ * it does not involve locking against concurrent uses of in other
+ * threads.
+ *
+ * Returns the value that restrict_callback should return.
+ * fd may be < 0.
+ */
+int xentoolcore__restrict_by_dup2_null(int fd);
+
/* ---------- convenient stuff ---------- */
/*
@@ -3,5 +3,6 @@ VERS_1.0 {
xentoolcore_restrict_all;
xentoolcore__register_active_handle;
xentoolcore__deregister_active_handle;
+ xentoolcore__restrict_by_dup2_null;
local: *; /* Do not expose anything by default */
};