From 7d0eb87eef59385d5f64a21daa70e34af201e6f7 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Mon, 2 Dec 2013 13:17:34 -0600
Subject: [PATCH] confile.c: clear entries if no value
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For list configuration entries like capabilities and cgroups
entries, if there is a 'key =' value (i.e. "lxc.cap.drop =")
then clear any loaded entries.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---
 src/lxc/conf.h    |  1 +
 src/lxc/confile.c | 23 ++++++++++++++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 84ffb20db..f272c91c4 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -353,6 +353,7 @@ extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
 extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
 extern int lxc_clear_mount_entries(struct lxc_conf *c);
 extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
+extern int lxc_clear_idmaps(struct lxc_conf *c);
 
 /*
  * Configure the container from inside
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index bbb92dd5a..835153b86 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -295,6 +295,9 @@ static int config_network_type(const char *key, const char *value,
 	struct lxc_netdev *netdev;
 	struct lxc_list *list;
 
+	if (!value || strlen(value) == 0)
+		return lxc_clear_config_network(lxc_conf);
+
 	netdev = malloc(sizeof(*netdev));
 	if (!netdev) {
 		SYSERROR("failed to allocate memory");
@@ -865,7 +868,12 @@ static int config_seccomp(const char *key, const char *value,
 static int config_hook(const char *key, const char *value,
 				 struct lxc_conf *lxc_conf)
 {
-	char *copy = strdup(value);
+	char *copy;
+	
+	if (!value || strlen(value) == 0)
+		return lxc_clear_hooks(lxc_conf, key);
+
+	copy = strdup(value);
 	if (!copy) {
 		SYSERROR("failed to dup string '%s'", value);
 		return -1;
@@ -1062,6 +1070,9 @@ static int config_cgroup(const char *key, const char *value,
 	struct lxc_list *cglist = NULL;
 	struct lxc_cgroup *cgelem = NULL;
 
+	if (!value || strlen(value) == 0)
+		return lxc_clear_cgroups(lxc_conf, key);
+
 	subkey = strstr(key, token);
 
 	if (!subkey)
@@ -1123,6 +1134,9 @@ static int config_idmap(const char *key, const char *value, struct lxc_conf *lxc
 	char type;
 	int ret;
 
+	if (!value || strlen(value) == 0)
+		return lxc_clear_idmaps(lxc_conf);
+
 	subkey = strstr(key, token);
 
 	if (!subkey)
@@ -1250,6 +1264,9 @@ static int config_mount(const char *key, const char *value,
 	char *mntelem;
 	struct lxc_list *mntlist;
 
+	if (!value || strlen(value) == 0)
+		return lxc_clear_mount_entries(lxc_conf);
+
 	subkey = strstr(key, token);
 
 	if (!subkey) {
@@ -1294,7 +1311,7 @@ static int config_cap_keep(const char *key, const char *value,
 	int ret = -1;
 
 	if (!strlen(value))
-		return -1;
+		return lxc_clear_config_keepcaps(lxc_conf);
 
 	keepcaps = strdup(value);
 	if (!keepcaps) {
@@ -1340,7 +1357,7 @@ static int config_cap_drop(const char *key, const char *value,
 	int ret = -1;
 
 	if (!strlen(value))
-		return -1;
+		return lxc_clear_config_caps(lxc_conf);
 
 	dropcaps = strdup(value);
 	if (!dropcaps) {