restore: open the pidfile with O_EXCL

There is a potential attack here where if someone is restoring something and
criu write the pid to a file the attacker controls, the attacker can then
re-write that to whatever pid they want. ciru should instead open the file with
O_EXCL so that the restore fails if the file exists.

We don't need O_TRUNC here since we're O_EXCL-ing the file.

Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

log.c

@@ -185,7 +185,7 @@ int write_pidfile(int pid)
 {
 	int fd;
 
-	fd = open(opts.pidfile, O_WRONLY | O_TRUNC | O_CREAT, 0600);
+	fd = open(opts.pidfile, O_WRONLY | O_EXCL | O_CREAT, 0600);
 	if (fd == -1) {
 		pr_perror("Can't open %s", opts.pidfile);
 		return -1;

test/zdtm.sh

@@ -638,6 +638,9 @@ EOF
 				"${test}.hook" --pre-restore || return 2
 			fi
 
+			# Restore fails if --pidfile exists, so remove it.
+			rm -f $TPID || true
+
 			echo Restore
 			setsid $CRIU restore -D $ddump -o restore.log -v4 -d $gen_args || return 2