From e352189ce3e297a9cc1a6654dc9da1a660c9ea91 Mon Sep 17 00:00:00 2001
From: Snaipe <snaipe@arista.com>
Date: Tue, 23 Jan 2024 19:43:56 +0100
Subject: [PATCH] cgroup: avoid using pid for cgroup name (#91)

This commit eliminates all issues around pid reuse in the cgroup name.

Normally, the native cgroup cleaner (or systemd) would be responsible
for garbage-collecting the cgroup of a previous bst invocation, but if
we burn enough PIDs fast enough, it's also entirely possible for a new
bst to start while the cleaner of an older invocation is busy cleaning
up the old cgroup.

To fix the problem, we use a random 128-bit identifier instead of the
pid in the name of the cgroup.
---
 outer.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/outer.c b/outer.c
index d774e49..5dc402a 100644
--- a/outer.c
+++ b/outer.c
@@ -17,6 +17,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/mount.h>
+#include <sys/random.h>
 #include <unistd.h>
 
 #include "capable.h"
@@ -300,8 +301,18 @@ void outer_helper_spawn(struct outer_helper *helper)
 	}
 
 	if (cgroup_driver_rc >= 0 && helper->cgroup_path != NULL) {
+		uint64_t id[2];
+		switch (getrandom(id, sizeof (id), 0)) {
+		case -1:
+			err(1, "outer_helper: getrandom");
+		case sizeof (id):
+			break;
+		default:
+			errx(1, "outer_helper: getrandom: did not return enough bytes");
+		}
+
 		char cgroupstr[PATH_MAX];
-		makepath_r(cgroupstr, "bst-%" PRIi32, child_pid);
+		makepath_r(cgroupstr, "bst-%" PRIx64 "%" PRIx64, id[0], id[1]);
 
 		int cgroupfd = cgroup_join(helper->cgroup_path, cgroupstr);
 		if (cgroupfd == -1) {