10:20 a.m.
The patch described above introduced two problems caught by the compiler
and thus breaking the build.
One of the problems was comparison of unsigned with < 0 and the second
one jumped a variable init.
---
src/lxc/lxc_cgroup.c | 2 +-
src/lxc/lxc_container.c | 74 ++++++++++++++++++++++++-------------------------
2 files changed, 38 insertions(+), 38 deletions(-)
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 572caca..1e96d72 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -337,6 +337,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev
ATTRIBUTE_UNUSED,
static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def,
virCgroupPtr cgroup)
{
+ int capMknod = def->caps_features[VIR_DOMAIN_CAPS_FEATURE_MKNOD];
int ret = -1;
size_t i;
static virLXCCgroupDevicePolicy devices[] = {
@@ -354,7 +355,6 @@ static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def,
goto cleanup;
/* white list mknod if CAP_MKNOD has to be kept */
- int capMknod = def->caps_features[VIR_DOMAIN_CAPS_FEATURE_MKNOD];
if (capMknod == VIR_DOMAIN_FEATURE_STATE_ON) {
if (virCgroupAllowAllDevices(cgroup,
VIR_CGROUP_DEVICE_MKNOD) < 0)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 49028be..81ef961 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1899,43 +1899,43 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def,
int policy = def->features[VIR_DOMAIN_FEATURE_CAPABILITIES];
/* Maps virDomainCapsFeature to CAPS_* */
- static unsigned int capsMapping[] = {CAP_AUDIT_CONTROL,
- CAP_AUDIT_WRITE,
- CAP_BLOCK_SUSPEND,
- CAP_CHOWN,
- CAP_DAC_OVERRIDE,
- CAP_DAC_READ_SEARCH,
- CAP_FOWNER,
- CAP_FSETID,
- CAP_IPC_LOCK,
- CAP_IPC_OWNER,
- CAP_KILL,
- CAP_LEASE,
- CAP_LINUX_IMMUTABLE,
- CAP_MAC_ADMIN,
- CAP_MAC_OVERRIDE,
- CAP_MKNOD,
- CAP_NET_ADMIN,
- CAP_NET_BIND_SERVICE,
- CAP_NET_BROADCAST,
- CAP_NET_RAW,
- CAP_SETGID,
- CAP_SETFCAP,
- CAP_SETPCAP,
- CAP_SETUID,
- CAP_SYS_ADMIN,
- CAP_SYS_BOOT,
- CAP_SYS_CHROOT,
- CAP_SYS_MODULE,
- CAP_SYS_NICE,
- CAP_SYS_PACCT,
- CAP_SYS_PTRACE,
- CAP_SYS_RAWIO,
- CAP_SYS_RESOURCE,
- CAP_SYS_TIME,
- CAP_SYS_TTY_CONFIG,
- CAP_SYSLOG,
- CAP_WAKE_ALARM};
+ static int capsMapping[] = {CAP_AUDIT_CONTROL,
+ CAP_AUDIT_WRITE,
+ CAP_BLOCK_SUSPEND,
+ CAP_CHOWN,
+ CAP_DAC_OVERRIDE,
+ CAP_DAC_READ_SEARCH,
+ CAP_FOWNER,
+ CAP_FSETID,
+ CAP_IPC_LOCK,
+ CAP_IPC_OWNER,
+ CAP_KILL,
+ CAP_LEASE,
+ CAP_LINUX_IMMUTABLE,
+ CAP_MAC_ADMIN,
+ CAP_MAC_OVERRIDE,
+ CAP_MKNOD,
+ CAP_NET_ADMIN,
+ CAP_NET_BIND_SERVICE,
+ CAP_NET_BROADCAST,
+ CAP_NET_RAW,
+ CAP_SETGID,
+ CAP_SETFCAP,
+ CAP_SETPCAP,
+ CAP_SETUID,
+ CAP_SYS_ADMIN,
+ CAP_SYS_BOOT,
+ CAP_SYS_CHROOT,
+ CAP_SYS_MODULE,
+ CAP_SYS_NICE,
+ CAP_SYS_PACCT,
+ CAP_SYS_PTRACE,
+ CAP_SYS_RAWIO,
+ CAP_SYS_RESOURCE,
+ CAP_SYS_TIME,
+ CAP_SYS_TTY_CONFIG,
+ CAP_SYSLOG,
+ CAP_WAKE_ALARM};
capng_get_caps_process();
--
2.0.0
3715
days inactive
3715
days old
0 comments
1 participants
participants (1)
-
Peter Krempa