io/linux/UserNamespace: pass /proc/PID FileDescriptor to all functions

This allows merging redundant OpenProcPid() calls.

Author: MaxKellermann

src/io/linux/UserNamespace.cxx

@@ -3,7 +3,6 @@
 // author: Max Kellermann <max.kellermann@ionos.com>
 
 #include "UserNamespace.hxx"
-#include "ProcPid.hxx"
 #include "lib/fmt/SystemError.hxx"
 #include "io/FileAt.hxx"
 #include "io/WriteFile.hxx"
@@ -17,9 +16,9 @@
 using std::string_view_literals::operator""sv;
 
 void
-DenySetGroups(unsigned pid) noexcept
+DenySetGroups(FileDescriptor proc_pid) noexcept
 try {
-	TryWriteExistingFile({OpenProcPid(pid), "setgroups"}, "deny");
+	TryWriteExistingFile({proc_pid, "setgroups"}, "deny");
 } catch (...) {
 	// silently ignore errors
 }
@@ -69,39 +68,39 @@ WriteFileOrThrow(FileDescriptor directory, const char *path, std::string_view da
 }
 
 void
-SetupUidMap(unsigned pid, const IdMap &map)
+SetupUidMap(FileDescriptor proc_pid, const IdMap &map)
 {
 	char buffer[256];
 	char *end = FormatIdMap(buffer, map);
 
-	WriteFileOrThrow(OpenProcPid(pid), "uid_map", {buffer, end});
+	WriteFileOrThrow(proc_pid, "uid_map", {buffer, end});
 }
 
 void
-SetupUidMap(unsigned pid, unsigned uid)
+SetupUidMap(FileDescriptor proc_pid, unsigned uid)
 {
 	char buffer[256];
 	char *end = FormatIdMap(buffer, uid);
 
-	WriteFileOrThrow(OpenProcPid(pid), "uid_map", {buffer, end});
+	WriteFileOrThrow(proc_pid, "uid_map", {buffer, end});
 }
 
 void
-SetupGidMap(unsigned pid, unsigned gid)
+SetupGidMap(FileDescriptor proc_pid, unsigned gid)
 {
 	char buffer[256];
 	char *end = FormatIdMap(buffer, gid);
 
-	WriteFileOrThrow(OpenProcPid(pid), "gid_map", {buffer, end});
+	WriteFileOrThrow(proc_pid, "gid_map", {buffer, end});
 }
 
 void
-SetupGidMap(unsigned pid, const std::set<unsigned> &gids)
+SetupGidMap(FileDescriptor proc_pid, const std::set<unsigned> &gids)
 {
 	assert(!gids.empty());
 
 	char buffer[1024];
 	char *end = FormatIdMap(buffer, gids);
 
-	WriteFileOrThrow(OpenProcPid(pid), "gid_map", {buffer, end});
+	WriteFileOrThrow(proc_pid, "gid_map", {buffer, end});
 }

src/io/linux/UserNamespace.hxx

@@ -6,6 +6,8 @@
 
 #include <set>
 
+class FileDescriptor;
+
 /**
  * Write "deny" to /proc/self/setgroups which is necessary for
  * unprivileged processes to set up a gid_map.  See Linux commits
@@ -14,7 +16,7 @@
  * Errors are ignored silently.
  */
 void
-DenySetGroups(unsigned pid) noexcept;
+DenySetGroups(FileDescriptor proc_pid) noexcept;
 
 /**
  * Uid/gid mapping for Linux user namespaces.
@@ -65,35 +67,32 @@ FormatIdMap(char *dest, const std::set<unsigned> &ids) noexcept;
  *
  * Throws on error.
  *
- * @param pid the process id whose user namespace shall be modified; 0
- * for current process
+ * @param proc_pid a /proc/PID O_PATH file descriptor
  */
 void
-SetupUidMap(unsigned pid, const IdMap &map);
+SetupUidMap(FileDescriptor proc_pid, const IdMap &map);
 
 void
-SetupUidMap(unsigned pid, unsigned uid);
+SetupUidMap(FileDescriptor proc_pid, unsigned uid);
 
 /**
  * Set up a gid mapping for a user namespace.
  *
  * Throws on error.
  *
- * @param pid the process id whose user namespace shall be modified; 0
- * for current process
+ * @param proc_pid a /proc/PID O_PATH file descriptor
  * @param gid the group id to be mapped inside the user namespace
  */
 void
-SetupGidMap(unsigned pid, unsigned gid);
+SetupGidMap(FileDescriptor proc_pid, unsigned gid);
 
 /**
  * Set up a gid mapping for a user namespace.
  *
  * Throws on error.
  *
- * @param pid the process id whose user namespace shall be modified; 0
- * for current process
+ * @param proc_pid a /proc/PID O_PATH file descriptor
  * @param gids the group ids to be mapped inside the user namespace
  */
 void
-SetupGidMap(unsigned pid, const std::set<unsigned> &gids);
+SetupGidMap(FileDescriptor proc_pid, const std::set<unsigned> &gids);

src/spawn/Direct.cxx

@@ -17,6 +17,7 @@
 #include "io/Pipe.hxx"
 #include "io/ScopeUmask.hxx"
 #include "io/WriteFile.hxx"
+#include "io/linux/ProcPid.hxx"
 #include "io/linux/UserNamespace.hxx"
 #include "system/linux/clone3.h"
 #include "system/linux/CoreScheduling.hxx"
@@ -687,7 +688,7 @@ SpawnChildProcess(EventLoop &event_loop,
 			   it, we can't call setgroups() in the new
 			   child process because of this
 			   self-inflicted restriction */
-			DenySetGroups(pid);
+			DenySetGroups(OpenProcPid(pid));
 
 		params.ns.SetupUidGidMap(params.uid_gid, pid);
 

src/spawn/NamespaceOptions.cxx

@@ -8,6 +8,8 @@
 #include "UidGid.hxx"
 #include "AllocatorPtr.hxx"
 #include "system/Error.hxx"
+#include "io/UniqueFileDescriptor.hxx"
+#include "io/linux/ProcPid.hxx"
 #include "io/linux/UserNamespace.hxx"
 
 #include <fmt/core.h>
@@ -126,8 +128,10 @@ NamespaceOptions::SetupUidGidMap(const UidGid &uid_gid, unsigned _pid) const
 	for (unsigned i = 0; uid_gid.supplementary_groups[i] != UidGid::UNSET_GID; ++i)
 		gids.emplace(uid_gid.supplementary_groups[i]);
 
+	const auto proc_pid = OpenProcPid(_pid);
+
 	if (!gids.empty())
-		SetupGidMap(_pid, gids);
+		SetupGidMap(proc_pid, gids);
 
 	const IdMap map{
 		.first = {
@@ -140,7 +144,7 @@ NamespaceOptions::SetupUidGidMap(const UidGid &uid_gid, unsigned _pid) const
 		},
 	};
 
-	SetupUidMap(_pid, map);
+	SetupUidMap(proc_pid, map);
 }
 
 void
@@ -155,7 +159,8 @@ void
 NamespaceOptions::Apply(const UidGid &uid_gid) const
 {
 	if (enable_user || user_namespace.IsDefined())
-		DenySetGroups(0);
+		// TODO eliminate this OpenProcPid() call
+		DenySetGroups(OpenProcPid(0));
 
 	/* set up UID/GID mapping in the old /proc */
 	if (enable_user)