From a57cba3c71811372056b3d2842462fa4d70fd1b4 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Mon, 7 Dec 2015 10:13:23 -0700 Subject: [PATCH] caller_may_see_dir: correctly handle tasks in / See comment for details. Signed-off-by: Tycho Andersen --- lxcfs.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lxcfs.c b/lxcfs.c index 83db57d2..90a0b7fd 100644 --- a/lxcfs.c +++ b/lxcfs.c @@ -430,6 +430,15 @@ static bool caller_may_see_dir(pid_t pid, const char *contrl, const char *cg) task_cg = c2 + 1; target_len = strlen(cg); task_len = strlen(task_cg); + if (task_len == 0) { + /* Task is in the root cg, it can see everything. This case is + * not handled by the strmcps below, since they test for the + * last /, but that is the first / that we've chopped off + * above. + */ + answer = true; + goto out; + } if (strcmp(cg, task_cg) == 0) { answer = true; goto out;