The patch described above introduced two problems caught by the compiler and thus breaking the build. One of the problems was comparison of unsigned with < 0 and the second one jumped a variable init. --- src/lxc/lxc_cgroup.c | 2 +- src/lxc/lxc_container.c | 74 ++++++++++++++++++++++++------------------------- 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c index 572caca..1e96d72 100644 --- a/src/lxc/lxc_cgroup.c +++ b/src/lxc/lxc_cgroup.c @@ -337,6 +337,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED, static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def, virCgroupPtr cgroup) { + int capMknod = def->caps_features[VIR_DOMAIN_CAPS_FEATURE_MKNOD]; int ret = -1; size_t i; static virLXCCgroupDevicePolicy devices[] = { @@ -354,7 +355,6 @@ static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def, goto cleanup; /* white list mknod if CAP_MKNOD has to be kept */ - int capMknod = def->caps_features[VIR_DOMAIN_CAPS_FEATURE_MKNOD]; if (capMknod == VIR_DOMAIN_FEATURE_STATE_ON) { if (virCgroupAllowAllDevices(cgroup, VIR_CGROUP_DEVICE_MKNOD) < 0) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 49028be..81ef961 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1899,43 +1899,43 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def, int policy = def->features[VIR_DOMAIN_FEATURE_CAPABILITIES]; /* Maps virDomainCapsFeature to CAPS_* */ - static unsigned int capsMapping[] = {CAP_AUDIT_CONTROL, - CAP_AUDIT_WRITE, - CAP_BLOCK_SUSPEND, - CAP_CHOWN, - CAP_DAC_OVERRIDE, - CAP_DAC_READ_SEARCH, - CAP_FOWNER, - CAP_FSETID, - CAP_IPC_LOCK, - CAP_IPC_OWNER, - CAP_KILL, - CAP_LEASE, - CAP_LINUX_IMMUTABLE, - CAP_MAC_ADMIN, - CAP_MAC_OVERRIDE, - CAP_MKNOD, - CAP_NET_ADMIN, - CAP_NET_BIND_SERVICE, - CAP_NET_BROADCAST, - CAP_NET_RAW, - CAP_SETGID, - CAP_SETFCAP, - CAP_SETPCAP, - CAP_SETUID, - CAP_SYS_ADMIN, - CAP_SYS_BOOT, - CAP_SYS_CHROOT, - CAP_SYS_MODULE, - CAP_SYS_NICE, - CAP_SYS_PACCT, - CAP_SYS_PTRACE, - CAP_SYS_RAWIO, - CAP_SYS_RESOURCE, - CAP_SYS_TIME, - CAP_SYS_TTY_CONFIG, - CAP_SYSLOG, - CAP_WAKE_ALARM}; + static int capsMapping[] = {CAP_AUDIT_CONTROL, + CAP_AUDIT_WRITE, + CAP_BLOCK_SUSPEND, + CAP_CHOWN, + CAP_DAC_OVERRIDE, + CAP_DAC_READ_SEARCH, + CAP_FOWNER, + CAP_FSETID, + CAP_IPC_LOCK, + CAP_IPC_OWNER, + CAP_KILL, + CAP_LEASE, + CAP_LINUX_IMMUTABLE, + CAP_MAC_ADMIN, + CAP_MAC_OVERRIDE, + CAP_MKNOD, + CAP_NET_ADMIN, + CAP_NET_BIND_SERVICE, + CAP_NET_BROADCAST, + CAP_NET_RAW, + CAP_SETGID, + CAP_SETFCAP, + CAP_SETPCAP, + CAP_SETUID, + CAP_SYS_ADMIN, + CAP_SYS_BOOT, + CAP_SYS_CHROOT, + CAP_SYS_MODULE, + CAP_SYS_NICE, + CAP_SYS_PACCT, + CAP_SYS_PTRACE, + CAP_SYS_RAWIO, + CAP_SYS_RESOURCE, + CAP_SYS_TIME, + CAP_SYS_TTY_CONFIG, + CAP_SYSLOG, + CAP_WAKE_ALARM}; capng_get_caps_process(); -- 2.0.0