new(scap): don't hardcode scap_get_host_root() in scap_cgroup.c

This has two benefits: - we can control the host root (so we can e.g. set it to empty and inspect the container's view of cgroups without trying to bypass cgroupns) - we don't need to include scap.h and couple the implementation to the public API Signed-off-by: Grzegorz Nosek <[email protected]>
stackrox · Jun 29, 2023 · 741672d · 741672d
1 parent 6fe373d
commit 741672d
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 7 deletions.
diff --git a/userspace/libscap/linux/scap_cgroup.c b/userspace/libscap/linux/scap_cgroup.c
@@ -18,7 +18,7 @@ limitations under the License.
 #include "scap_cgroup.h"
 
 #include "scap_assert.h"
-#include "scap.h"
+#include "scap_const.h"
 #include "strerror.h"
 #include "uthash.h"
 
@@ -619,9 +619,8 @@ static bool scap_in_cgroupns(const char* host_root)
 	return true;
 }
 
-int32_t scap_cgroup_interface_init(struct scap_cgroup_interface* cgi, char* error, bool with_self_cg)
+int32_t scap_cgroup_interface_init(struct scap_cgroup_interface* cgi, const char* host_root, char* error, bool with_self_cg)
 {
-	const char* host_root = scap_get_host_root();
 	char filename[SCAP_MAX_PATH_SIZE];
 	bool in_cgroupns = false;
 	char pid_str[40];

diff --git a/userspace/libscap/linux/scap_cgroup.h b/userspace/libscap/linux/scap_cgroup.h
@@ -56,7 +56,7 @@ extern "C"
 		char m_self_v2[SCAP_MAX_PATH_SIZE];
 	};
 
-	int32_t scap_cgroup_interface_init(struct scap_cgroup_interface* cgi, char* error, bool with_self_cg);
+	int32_t scap_cgroup_interface_init(struct scap_cgroup_interface* cgi, const char* host_root, char* error, bool with_self_cg);
 
 	int32_t scap_cgroup_get_thread(struct scap_cgroup_interface* cgi, const char* procdirname, struct scap_cgroup_set* cg, char* error);
 

diff --git a/userspace/libscap/scap.c b/userspace/libscap/scap.c
@@ -99,7 +99,7 @@ int32_t scap_init_live_int(scap_t* handle, scap_open_args* oargs, const struct s
 	scap_retrieve_agent_info(&handle->m_agent_info);
 
 #ifdef __linux__
-	if((rc = scap_cgroup_interface_init(&handle->m_cgroups, handle->m_lasterr, true)) != SCAP_SUCCESS)
+	if((rc = scap_cgroup_interface_init(&handle->m_cgroups, scap_get_host_root(), handle->m_lasterr, true)) != SCAP_SUCCESS)
 	{
 		scap_close(handle);
 		return SCAP_FAILURE;
@@ -232,7 +232,7 @@ int32_t scap_init_udig_int(scap_t* handle, scap_open_args* oargs, struct scap_pl
 	scap_retrieve_agent_info(&handle->m_agent_info);
 
 #ifdef __linux__
-	if((rc = scap_cgroup_interface_init(&handle->m_cgroups, handle->m_lasterr, true)) != SCAP_SUCCESS)
+	if((rc = scap_cgroup_interface_init(&handle->m_cgroups, scap_get_host_root(), handle->m_lasterr, true)) != SCAP_SUCCESS)
 	{
 		scap_close(handle);
 		return SCAP_FAILURE;
@@ -530,7 +530,7 @@ int32_t scap_init_nodriver_int(scap_t* handle, scap_open_args* oargs, struct sca
 	}
 
 #ifdef __linux__
-	if((rc = scap_cgroup_interface_init(&handle->m_cgroups, handle->m_lasterr, true)) != SCAP_SUCCESS)
+	if((rc = scap_cgroup_interface_init(&handle->m_cgroups, scap_get_host_root(), handle->m_lasterr, true)) != SCAP_SUCCESS)
 	{
 		scap_close(handle);
 		return SCAP_FAILURE;