From 7b6c63b44795509d39f3af15fc9643cfc5c3c5ae Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 27 Apr 2023 21:43:07 +0200
Subject: [PATCH 1/5] ctrl: on EINTR retry accept4

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 src/ctrl.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ctrl.c b/src/ctrl.c
index 5f4d1ef8..56b7f397 100644
--- a/src/ctrl.c
+++ b/src/ctrl.c
@@ -26,7 +26,11 @@ gboolean terminal_accept_cb(int fd, G_GNUC_UNUSED GIOCondition condition, G_GNUC
 {
 
 	ndebugf("about to accept from console_socket_fd: %d", fd);
-	int connfd = accept4(fd, NULL, NULL, SOCK_CLOEXEC);
+
+	int connfd;
+	do {
+		connfd = accept4(fd, NULL, NULL, SOCK_CLOEXEC);
+	} while (connfd < 0 && errno == EINTR);
 	if (connfd < 0) {
 		nwarn("Failed to accept console-socket connection");
 		return G_SOURCE_CONTINUE;

From 76f10b44216069af5f2a7abe3bd9671abd039a6c Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 27 Apr 2023 21:43:46 +0200
Subject: [PATCH 2/5] cmsg: fix program name

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 src/cmsg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/cmsg.c b/src/cmsg.c
index f14a94fa..a8ff29a9 100644
--- a/src/cmsg.c
+++ b/src/cmsg.c
@@ -38,14 +38,14 @@
 
 #define error(s) \
 	do { \
-		fprintf(stderr, "nsenter: %s %s\n", s, strerror(errno)); \
+		fprintf(stderr, "conmon: %s %s\n", s, strerror(errno)); \
 		errno = ECOMM; \
 		goto err; /* return value */ \
 	} while (0)
 
 #define errorf(fmt, ...) \
 	do { \
-		fprintf(stderr, "nsenter: " fmt ": %s\n", ##__VA_ARGS__, strerror(errno)); \
+		fprintf(stderr, "conmon: " fmt ": %s\n", ##__VA_ARGS__, strerror(errno)); \
 		errno = ECOMM; \
 		goto err; /* return value */ \
 	} while (0)

From 9cdf27f123484cdf3b85be04fcceacb9e89839c5 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 27 Apr 2023 21:48:46 +0200
Subject: [PATCH 3/5] cmsg: recvfd returns an error on failures

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 src/cmsg.c           | 2 +-
 src/ctrl.c           | 4 ++++
 src/seccomp_notify.c | 4 ++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/cmsg.c b/src/cmsg.c
index a8ff29a9..72003530 100644
--- a/src/cmsg.c
+++ b/src/cmsg.c
@@ -162,5 +162,5 @@ struct file_t recvfd(int sockfd)
 	olderrno = errno;
 	free(file.name);
 	errno = olderrno;
-	return (struct file_t){0};
+	return (struct file_t){.name = NULL, .fd = -1};
 }
diff --git a/src/ctrl.c b/src/ctrl.c
index 56b7f397..18db83ed 100644
--- a/src/ctrl.c
+++ b/src/ctrl.c
@@ -47,6 +47,10 @@ gboolean terminal_accept_cb(int fd, G_GNUC_UNUSED GIOCondition condition, G_GNUC
 	ndebugf("about to recvfd from connfd: %d", connfd);
 	struct file_t console = recvfd(connfd);
 
+	if (console.fd < 0) {
+		pexit("Failed to receive console file descriptor");
+	}
+
 	ndebugf("console = {.name = '%s'; .fd = %d}", console.name, console.fd);
 	free(console.name);
 
diff --git a/src/seccomp_notify.c b/src/seccomp_notify.c
index bbc06ddb..d543e3a6 100644
--- a/src/seccomp_notify.c
+++ b/src/seccomp_notify.c
@@ -76,6 +76,10 @@ gboolean seccomp_accept_cb(int fd, G_GNUC_UNUSED GIOCondition condition, G_GNUC_
 	struct file_t listener = recvfd(connfd);
 	close(connfd);
 
+	if (listener.fd < 0) {
+		pexit("Failed to receive socket listener file descriptor");
+	}
+
 	_cleanup_free_ char *oci_config_path = g_strdup_printf("%s/config.json", opt_bundle_path);
 	if (oci_config_path == NULL) {
 		nwarn("Failed to allocate memory");

From 8efe8f0afda9fd1979e62565d04d4c0e3a8606b9 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 27 Apr 2023 22:01:33 +0200
Subject: [PATCH 4/5] ctrl: make accept4 failures fatal

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 src/ctrl.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/ctrl.c b/src/ctrl.c
index 18db83ed..08f82246 100644
--- a/src/ctrl.c
+++ b/src/ctrl.c
@@ -32,8 +32,7 @@ gboolean terminal_accept_cb(int fd, G_GNUC_UNUSED GIOCondition condition, G_GNUC
 		connfd = accept4(fd, NULL, NULL, SOCK_CLOEXEC);
 	} while (connfd < 0 && errno == EINTR);
 	if (connfd < 0) {
-		nwarn("Failed to accept console-socket connection");
-		return G_SOURCE_CONTINUE;
+		pexit("Failed to accept console-socket connection");
 	}
 
 	/* Not accepting anything else. */

From fb37f8096a00332402134cf97fad339d90988760 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 28 Apr 2023 10:42:21 +0200
Subject: [PATCH 5/5] conmon: drop return after pexit()

pexit terminates the current process, no need to return from the function.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 src/seccomp_notify.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/seccomp_notify.c b/src/seccomp_notify.c
index d543e3a6..8d34d9d3 100644
--- a/src/seccomp_notify.c
+++ b/src/seccomp_notify.c
@@ -114,7 +114,6 @@ int seccomp_notify_plugins_load(struct seccomp_notify_context_s **out, const cha
 
 	if (seccomp_syscall(SECCOMP_GET_NOTIF_SIZES, 0, &ctx->sizes) < 0) {
 		pexit("Failed to get notifications size");
-		return -1;
 	}
 
 	ctx->sreq = xmalloc0(ctx->sizes.seccomp_notif);
@@ -129,7 +128,6 @@ int seccomp_notify_plugins_load(struct seccomp_notify_context_s **out, const cha
 	b = strdup(plugins);
 	if (b == NULL) {
 		pexit("Failed to strdup");
-		return -1;
 	}
 	for (s = 0, it = strtok_r(b, ":", &saveptr); it; s++, it = strtok_r(NULL, ":", &saveptr)) {
 		run_oci_seccomp_notify_plugin_version_cb version_cb;
@@ -139,7 +137,6 @@ int seccomp_notify_plugins_load(struct seccomp_notify_context_s **out, const cha
 		ctx->plugins[s].handle = dlopen(it, RTLD_NOW);
 		if (ctx->plugins[s].handle == NULL) {
 			pexitf("cannot load `%s`: %s", it, dlerror());
-			return -1;
 		}
 
 		version_cb = (run_oci_seccomp_notify_plugin_version_cb)dlsym(ctx->plugins[s].handle, "run_oci_seccomp_notify_version");
@@ -149,7 +146,6 @@ int seccomp_notify_plugins_load(struct seccomp_notify_context_s **out, const cha
 			version = version_cb();
 			if (version != 1) {
 				pexitf("invalid version supported by the plugin `%s`", it);
-				return -1;
 			}
 		}
 
@@ -157,7 +153,6 @@ int seccomp_notify_plugins_load(struct seccomp_notify_context_s **out, const cha
 			(run_oci_seccomp_notify_handle_request_cb)dlsym(ctx->plugins[s].handle, "run_oci_seccomp_notify_handle_request");
 		if (ctx->plugins[s].handle_request_cb == NULL) {
 			pexitf("plugin `%s` doesn't export `run_oci_seccomp_notify_handle_request`", it);
-			return -1;
 		}
 
 		start_cb = (run_oci_seccomp_notify_start_cb)dlsym(ctx->plugins[s].handle, "run_oci_seccomp_notify_start");
@@ -167,7 +162,6 @@ int seccomp_notify_plugins_load(struct seccomp_notify_context_s **out, const cha
 			ret = start_cb(&opq, conf, sizeof(*conf));
 			if (ret != 0) {
 				pexitf("error loading `%s`", it);
-				return -1;
 			}
 		}
 		ctx->plugins[s].opaque = opq;
@@ -227,7 +221,6 @@ int seccomp_notify_plugins_event(struct seccomp_notify_context_s *ctx, int secco
 
 			default:
 				pexitf("Unknown handler action specified %d", handled);
-				return -1;
 			}
 		}
 	}