service: Ban subdirs in logfile name

There are two reasons to ban subdirs in logfile name.
First, process might be in different namespace, so it is right to give us fd
for work dir, just like we did with images dir. Second, as service might be ran
as root, it is unsafe to give an opportunity to fill any dir with trash.
If you wan't to put logs/stats somwhere else than images_dir, you could
set work_dir_fd.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

cr-service.c

@@ -188,9 +188,14 @@ static int setup_opts_from_req(int sk, CriuOpts *req)
 	}
 
 	/* initiate log file in work dir */
-	if (req->log_file)
+	if (req->log_file) {
+		if (strchr(req->log_file, '/')) {
+			pr_perror("No subdirs are allowed in log_file name");
+			return -1;
+		}
+
 		opts.output = req->log_file;
-	else
+	} else
 		opts.output = DEFAULT_LOG_FILENAME;
 
 	log_set_loglevel(req->log_level);

protobuf/rpc.proto

@@ -15,7 +15,7 @@ message criu_opts {
 	optional bool shell_job		= 7;
 	optional bool file_locks	= 8;
 	optional int32 log_level	= 9 [default = 2];
-	optional string log_file	= 10;
+	optional string log_file	= 10; // No subdirs are allowed. Consider using work-dir
 
 	optional criu_page_server_info ps = 11;