pie: use the /proc fd for last pid

Instead of keeping around multiple fds that point to various places in
/proc, let's just use /proc and openat() things relative to it.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

cr-restore.c

@@ -2810,6 +2810,12 @@ static int sigreturn_restore(pid_t pid, CoreEntry *core)
 	task_args	= mem;
 	thread_args	= (struct thread_restore_args *)(task_args + 1);
 
+	task_args->proc_fd = dup(get_service_fd(PROC_FD_OFF));
+	if (task_args->proc_fd < 0) {
+		pr_perror("can't dup proc fd");
+		goto err;
+	}
+
 	ret = prepare_creds(pid, task_args, &lsm);
 	if (ret < 0)
 		goto err;
@@ -2835,13 +2841,6 @@ static int sigreturn_restore(pid_t pid, CoreEntry *core)
 		strncpy(lsm, rendered, lsm_profile_len);
 		xfree(rendered);
 
-		task_args->proc_fd = dup(get_service_fd(PROC_FD_OFF));
-		if (task_args->proc_fd < 0) {
-			pr_perror("can't dup proc fd");
-			goto err;
-		}
-	} else {
-		task_args->proc_fd = -1;
 	}
 
 	/*
@@ -2998,16 +2997,6 @@ static int sigreturn_restore(pid_t pid, CoreEntry *core)
 	core_entry__free_unpacked(core, NULL);
 	xfree(current->core);
 
-	/*
-	 * Open the last_pid syscl early, since restorer (maybe) lives
-	 * in chroot and has no access to "/proc/..." paths.
-	 */
-	task_args->fd_last_pid = open_proc_rw(PROC_GEN, LAST_PID_PATH);
-	if (task_args->fd_last_pid < 0) {
-		pr_perror("Can't open sys.ns_last_pid");
-		goto err;
-	}
-
 	/*
 	 * Now prepare run-time data for threads restore.
 	 */

include/restorer.h

@@ -158,8 +158,6 @@ struct task_restore_args {
 	u32				mm_saved_auxv_size;
 	char				comm[TASK_COMM_LEN];
 
-	int				fd_last_pid; /* sys.ns_last_pid for threads rst */
-
 	/*
 	 * proc_fd is a handle to /proc that the restorer blob can use to open
 	 * files there, because some of them can't be opened before the

pie/restorer.c

@@ -108,7 +108,6 @@ static int lsm_set_label(char *label, int procfd)
 	simple_sprintf(path, "self/task/%ld/attr/current", sys_gettid());
 
 	lsmfd = sys_openat(procfd, path, O_WRONLY, 0);
-	sys_close(procfd);
 	if (lsmfd < 0) {
 		pr_err("failed openat %d\n", lsmfd);
 		return -1;
@@ -1092,10 +1091,16 @@ long __export_restore_task(struct task_restore_args *args)
 		long parent_tid;
 		int i, fd;
 
-		fd = args->fd_last_pid;
+		fd = sys_openat(args->proc_fd, LAST_PID_PATH, O_RDWR, 0);
+		if (fd < 0) {
+			pr_err("can't open last pid fd %d\n", fd);
+			goto core_restore_end;
+		}
+
 		ret = sys_flock(fd, LOCK_EX);
 		if (ret) {
 			pr_err("Can't lock last_pid %d\n", fd);
+			sys_close(fd);
 			goto core_restore_end;
 		}
 
@@ -1112,6 +1117,7 @@ long __export_restore_task(struct task_restore_args *args)
 			ret = sys_write(fd, s, last_pid_len);
 			if (ret < 0) {
 				pr_err("Can't set last_pid %ld/%s\n", ret, last_pid_buf);
+				sys_close(fd);
 				goto core_restore_end;
 			}
 
@@ -1128,13 +1134,13 @@ long __export_restore_task(struct task_restore_args *args)
 		ret = sys_flock(fd, LOCK_UN);
 		if (ret) {
 			pr_err("Can't unlock last_pid %ld\n", ret);
+			sys_close(fd);
 			goto core_restore_end;
 		}
 
+		sys_close(fd);
 	}
 
-	sys_close(args->fd_last_pid);
-
 	restore_rlims(args);
 
 	ret = create_posix_timers(args);
@@ -1201,6 +1207,7 @@ long __export_restore_task(struct task_restore_args *args)
 	/* Wait until children stop to use args->task_entries */
 	futex_wait_while_gt(&thread_inprogress, 1);
 
+	sys_close(args->proc_fd);
 	log_set_fd(-1);
 
 	/*