diff --git a/configure.ac b/configure.ac index 0139a746b..54964fb40 100644 --- a/configure.ac +++ b/configure.ac @@ -611,7 +611,7 @@ AC_CHECK_DECLS([PR_SET_NO_NEW_PRIVS], [], [], [#include ]) AC_CHECK_DECLS([PR_GET_NO_NEW_PRIVS], [], [], [#include ]) # Check for some headers -AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/memfd.h sys/personality.h utmpx.h sys/timerfd.h sys/resource.h]) +AC_CHECK_HEADERS([pty.h sys/memfd.h sys/personality.h sys/resource.h sys/signalfd.h sys/timerfd.h utmpx.h]) AC_CHECK_HEADER([ifaddrs.h], AM_CONDITIONAL(HAVE_IFADDRS_H, true) diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 0322a0d65..1f8c5d980 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -6,6 +6,7 @@ noinst_HEADERS = attach.h \ caps.h \ cgroups/cgroup.h \ cgroups/cgroup_utils.h \ + compiler.h \ conf.h \ confile.h \ confile_utils.h \ @@ -39,9 +40,12 @@ noinst_HEADERS = attach.h \ tools/arguments.h \ utils.h +if !HAVE_IFADDRS_H +noinst_HEADERS += ../include/ifaddrs.h +endif + if IS_BIONIC -noinst_HEADERS += ../include/ifaddrs.h \ - ../include/lxcmntent.h \ +noinst_HEADERS += ../include/lxcmntent.h \ ../include/openpty.h endif @@ -86,6 +90,7 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \ cgroups/cgfsng.c \ cgroups/cgroup.c cgroups/cgroup.h \ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + compiler.h \ commands.c commands.h \ commands_utils.c commands_utils.h \ conf.c conf.h \ @@ -300,6 +305,7 @@ lxc_freeze_SOURCES = tools/lxc_freeze.c \ lxc_info_SOURCES = tools/lxc_info.c \ tools/arguments.c tools/arguments.h lxc_monitor_SOURCES = tools/lxc_monitor.c \ + macro.h \ tools/arguments.c tools/arguments.h lxc_ls_SOURCES = tools/lxc_ls.c \ tools/arguments.c tools/arguments.h diff --git a/src/lxc/caps.c b/src/lxc/caps.c index acc5788ae..c56fe732e 100644 --- a/src/lxc/caps.c +++ b/src/lxc/caps.c @@ -39,31 +39,6 @@ lxc_log_define(caps, lxc); #if HAVE_LIBCAP -#ifndef PR_CAPBSET_READ -#define PR_CAPBSET_READ 23 -#endif - -/* Control the ambient capability set */ -#ifndef PR_CAP_AMBIENT -#define PR_CAP_AMBIENT 47 -#endif - -#ifndef PR_CAP_AMBIENT_IS_SET -#define PR_CAP_AMBIENT_IS_SET 1 -#endif - -#ifndef PR_CAP_AMBIENT_RAISE -#define PR_CAP_AMBIENT_RAISE 2 -#endif - -#ifndef PR_CAP_AMBIENT_LOWER -#define PR_CAP_AMBIENT_LOWER 3 -#endif - -#ifndef PR_CAP_AMBIENT_CLEAR_ALL -#define PR_CAP_AMBIENT_CLEAR_ALL 4 -#endif - int lxc_caps_down(void) { cap_t caps; @@ -321,10 +296,10 @@ static long int _real_caps_last_cap(void) if (fd >= 0) { ssize_t n; char *ptr; - char buf[LXC_NUMSTRLEN64 + 1]; + char buf[INTTYPE_TO_STRLEN(int)]; again: - n = read(fd, buf, LXC_NUMSTRLEN64); + n = read(fd, buf, INTTYPE_TO_STRLEN(int)); if (n < 0 && errno == EINTR) { goto again; } else if (n >= 0) { diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index e7a242910..82eb46a3b 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -55,6 +55,7 @@ #include "commands.h" #include "conf.h" #include "log.h" +#include "macro.h" #include "storage/storage.h" #include "utils.h" @@ -314,14 +315,14 @@ static char *lxc_cpumask_to_cpulist(uint32_t *bitarr, size_t nbits) int ret; size_t i; char **cpulist = NULL; - char numstr[LXC_NUMSTRLEN64] = {0}; + char numstr[INTTYPE_TO_STRLEN(size_t)] = {0}; for (i = 0; i <= nbits; i++) { if (!is_set(i, bitarr)) continue; - ret = snprintf(numstr, LXC_NUMSTRLEN64, "%zu", i); - if (ret < 0 || (size_t)ret >= LXC_NUMSTRLEN64) { + ret = snprintf(numstr, INTTYPE_TO_STRLEN(size_t), "%zu", i); + if (ret < 0 || (size_t)ret >= INTTYPE_TO_STRLEN(size_t)) { lxc_free_array((void **)cpulist, free); return NULL; } diff --git a/src/lxc/commands.c b/src/lxc/commands.c index 5aad2432d..458749ab5 100644 --- a/src/lxc/commands.c +++ b/src/lxc/commands.c @@ -1239,7 +1239,7 @@ out_close: int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix) { int fd, len, ret; - char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = {0}; + char path[LXC_AUDS_ADDR_LEN] = {0}; char *offset = &path[1]; /* -2 here because this is an abstract unix socket so it needs a diff --git a/src/lxc/commands.h b/src/lxc/commands.h index 816cd7483..2c024b65d 100644 --- a/src/lxc/commands.h +++ b/src/lxc/commands.h @@ -25,17 +25,12 @@ #define __LXC_COMMANDS_H #include -#include #include +#include -#include "state.h" #include "lxccontainer.h" - -#define LXC_CMD_DATA_MAX (MAXPATHLEN * 2) - -/* https://developer.gnome.org/glib/2.28/glib-Type-Conversion-Macros.html */ -#define INT_TO_PTR(n) ((void *)(long)(n)) -#define PTR_TO_INT(p) ((int)(long)(p)) +#include "macro.h" +#include "state.h" typedef enum { LXC_CMD_CONSOLE, diff --git a/src/lxc/commands_utils.c b/src/lxc/commands_utils.c index 854d90ce5..c6544631d 100644 --- a/src/lxc/commands_utils.c +++ b/src/lxc/commands_utils.c @@ -162,7 +162,7 @@ int lxc_cmd_connect(const char *name, const char *lxcpath, const char *hashed_sock_name, const char *suffix) { int ret, client_fd; - char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = {0}; + char path[LXC_AUDS_ADDR_LEN] = {0}; char *offset = &path[1]; /* -2 here because this is an abstract unix socket so it needs a diff --git a/src/lxc/compiler.h b/src/lxc/compiler.h new file mode 100644 index 000000000..cda44c987 --- /dev/null +++ b/src/lxc/compiler.h @@ -0,0 +1,35 @@ +/* liblxcapi + * + * Copyright © 2018 Christian Brauner . + * Copyright © 2018 Canonical Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef __LXC_COMPILER_H +#define __LXC_COMPILER_H + +#include "config.h" + +#ifndef thread_local +#if __STDC_VERSION__ >= 201112L && \ + !(defined(__STDC_NO_THREADS__) || \ + (defined(__GNU_LIBRARY__) && __GLIBC__ == 2 && __GLIBC_MINOR__ < 16)) +#define thread_local _Thread_local +#else +#define thread_local __thread +#endif +#endif + +#endif /* __LXC_COMPILER_H */ diff --git a/src/lxc/conf.c b/src/lxc/conf.c index dfca5923a..ba4ac502a 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -125,7 +125,7 @@ lxc_log_define(conf, lxc); * This is used in the error calls. */ #ifdef HAVE_TLS -__thread struct lxc_conf *current_config; +thread_local struct lxc_conf *current_config; #else struct lxc_conf *current_config; #endif @@ -2952,7 +2952,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid) * + * strlen(" ") = 1 * + - * LXC_NUMSTRLEN64 + * INTTYPE_TO_STRLEN(uint32_t) * + * strlen(" ") = 1 * @@ -2960,7 +2960,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid) * LXC_IDMAPLEN bytes available for our the {g,u]id mapping. */ int ret = 0, gidmap = 0, uidmap = 0; - char mapbuf[9 + 1 + LXC_NUMSTRLEN64 + 1 + LXC_IDMAPLEN] = {0}; + char mapbuf[9 + 1 + INTTYPE_TO_STRLEN(uint32_t) + 1 + LXC_IDMAPLEN] = {0}; bool had_entry = false, use_shadow = false; int hostuid, hostgid; diff --git a/src/lxc/conf.h b/src/lxc/conf.h index 070dd2292..eddf97a1a 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -38,6 +38,7 @@ #include #endif +#include "compiler.h" #include "list.h" #include "ringbuf.h" #include "start.h" /* for lxc_handler */ @@ -395,7 +396,7 @@ extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf, size_t buf_size); #ifdef HAVE_TLS -extern __thread struct lxc_conf *current_config; +extern thread_local struct lxc_conf *current_config; #else extern struct lxc_conf *current_config; #endif diff --git a/src/lxc/confile.c b/src/lxc/confile.c index b94703084..349631325 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -3236,19 +3236,19 @@ static int get_config_idmaps(const char *key, char *retv, int inlen, * + * sizeof(" ") * + - * sizeof(uint64_t) + * sizeof(uint32_t) * + * sizeof(" ") * + - * sizeof(uint64_t) + * sizeof(uint32_t) * + * sizeof(" ") * + - * sizeof(uint64_t) + * sizeof(uint32_t) * + * \0 */ -#define __LXC_IDMAP_STR_BUF (3 * LXC_NUMSTRLEN64 + 3 + 1 + 1) +#define __LXC_IDMAP_STR_BUF (3 * INTTYPE_TO_STRLEN(uint32_t) + 3 + 1 + 1) char buf[__LXC_IDMAP_STR_BUF]; if (!retv) @@ -3257,8 +3257,7 @@ static int get_config_idmaps(const char *key, char *retv, int inlen, memset(retv, 0, inlen); listlen = lxc_list_len(&c->id_map); - lxc_list_for_each(it, &c->id_map) - { + lxc_list_for_each(it, &c->id_map) { struct id_map *map = it->elem; ret = snprintf(buf, __LXC_IDMAP_STR_BUF, "%c %lu %lu %lu", (map->idtype == ID_TYPE_UID) ? 'u' : 'g', @@ -3706,9 +3705,8 @@ static int get_config_prlimit(const char *key, char *retv, int inlen, return -1; lxc_list_for_each(it, &c->limits) { - char buf[LXC_NUMSTRLEN64 * 2 + 2]; /* 2 colon separated 64 bit - integers or the word - 'unlimited' */ + /* 2 colon separated 64 bit integers or the word 'unlimited' */ + char buf[INTTYPE_TO_STRLEN(uint64_t) * 2 + 2]; int partlen; struct lxc_limit *lim = it->elem; diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c index c582b2d00..467d3f0bc 100644 --- a/src/lxc/initutils.c +++ b/src/lxc/initutils.c @@ -28,6 +28,7 @@ #include "initutils.h" #include "log.h" #include "macro.h" +#include "compiler.h" #ifndef HAVE_STRLCPY #include "include/strlcpy.h" @@ -72,9 +73,9 @@ const char *lxc_global_config_value(const char *option_name) /* placed in the thread local storage pool for non-bionic targets */ #ifdef HAVE_TLS - static __thread const char *values[sizeof(options) / sizeof(options[0])] = { 0 }; + static thread_local const char *values[sizeof(options) / sizeof(options[0])] = {0}; #else - static const char *values[sizeof(options) / sizeof(options[0])] = { 0 }; + static const char *values[sizeof(options) / sizeof(options[0])] = {0}; #endif /* user_config_path is freed as soon as it is used */ diff --git a/src/lxc/log.c b/src/lxc/log.c index d944273b6..38f7c889c 100644 --- a/src/lxc/log.c +++ b/src/lxc/log.c @@ -53,7 +53,7 @@ * datatype is currently at maximum a 64bit integer, we have a date string that * is of maximum length (2^64 - 1) * 2 = (21 + 21) = 42. */ -#define LXC_LOG_TIME_SIZE ((LXC_NUMSTRLEN64)*2) +#define LXC_LOG_TIME_SIZE ((INTTYPE_TO_STRLEN(uint64_t)) * 2) int lxc_log_fd = -1; static int syslog_enable = 0; @@ -170,7 +170,7 @@ static int lxc_unix_epoch_to_utc(char *buf, size_t bufsize, const struct timespe { int64_t epoch_to_days, z, era, doe, yoe, year, doy, mp, day, month, d_in_s, hours, h_in_s, minutes, seconds; - char nanosec[LXC_NUMSTRLEN64]; + char nanosec[INTTYPE_TO_STRLEN(int64_t)]; int ret; /* See https://howardhinnant.github.io/date_algorithms.html for an @@ -247,8 +247,8 @@ static int lxc_unix_epoch_to_utc(char *buf, size_t bufsize, const struct timespe seconds = (time->tv_sec - d_in_s - h_in_s - (minutes * 60)); /* Make string from nanoseconds. */ - ret = snprintf(nanosec, LXC_NUMSTRLEN64, "%"PRId64, (int64_t)time->tv_nsec); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) + ret = snprintf(nanosec, INTTYPE_TO_STRLEN(int64_t), "%"PRId64, (int64_t)time->tv_nsec); + if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int64_t)) return -1; /* Create final timestamp for the log and shorten nanoseconds to 3 diff --git a/src/lxc/lsm/lsm.h b/src/lxc/lsm/lsm.h index 52e656d6f..dda740b3d 100644 --- a/src/lxc/lsm/lsm.h +++ b/src/lxc/lsm/lsm.h @@ -28,10 +28,9 @@ struct lxc_conf; #include +#include "macro.h" #include "utils.h" -#define LXC_LSMATTRLEN (5 + (LXC_NUMSTRLEN64) + 7 + 1) - struct lsm_drv { const char *name; diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 2c37caefd..002c4ec70 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -1037,10 +1037,10 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a */ if (c->pidfile) { int ret, w; - char pidstr[LXC_NUMSTRLEN64]; + char pidstr[INTTYPE_TO_STRLEN(int)]; - w = snprintf(pidstr, LXC_NUMSTRLEN64, "%d", (int)lxc_raw_getpid()); - if (w < 0 || (size_t)w >= LXC_NUMSTRLEN64) { + w = snprintf(pidstr, INTTYPE_TO_STRLEN(int), "%d", (int)lxc_raw_getpid()); + if (w < 0 || (size_t)w >= INTTYPE_TO_STRLEN(int)) { free_init_cmd(init_cmd); lxc_free_handler(handler); diff --git a/src/lxc/macro.h b/src/lxc/macro.h index ba2c242c5..8bad2d89d 100644 --- a/src/lxc/macro.h +++ b/src/lxc/macro.h @@ -27,15 +27,23 @@ #include #include #include +#include +#include #include #include +#include +#include /* Define __S_ISTYPE if missing from the C library. */ #ifndef __S_ISTYPE #define __S_ISTYPE(mode, mask) (((mode)&S_IFMT) == (mask)) #endif -#if HAVE_LIBCAP +/* capabilities */ +#ifndef CAP_SYS_ADMIN +#define CAP_SYS_ADMIN 21 +#endif + #ifndef CAP_SETFCAP #define CAP_SETFCAP 31 #endif @@ -47,11 +55,6 @@ #ifndef CAP_MAC_ADMIN #define CAP_MAC_ADMIN 33 #endif -#endif - -#ifndef PR_CAPBSET_DROP -#define PR_CAPBSET_DROP 24 -#endif #ifndef CAP_SETUID #define CAP_SETUID 7 @@ -61,25 +64,45 @@ #define CAP_SETGID 6 #endif -/* needed for cgroup automount checks, regardless of whether we - * have included linux/capability.h or not */ -#ifndef CAP_SYS_ADMIN -#define CAP_SYS_ADMIN 21 +/* prctl */ +#ifndef PR_CAPBSET_READ +#define PR_CAPBSET_READ 23 #endif -#ifndef HAVE_DECL_PR_CAPBSET_DROP +#ifndef PR_CAPBSET_DROP #define PR_CAPBSET_DROP 24 #endif -/* prctl */ -#ifndef HAVE_DECL_PR_SET_NO_NEW_PRIVS +/* Control the ambient capability set */ +#ifndef PR_CAP_AMBIENT +#define PR_CAP_AMBIENT 47 +#endif + +#ifndef PR_CAP_AMBIENT_IS_SET +#define PR_CAP_AMBIENT_IS_SET 1 +#endif + +#ifndef PR_CAP_AMBIENT_RAISE +#define PR_CAP_AMBIENT_RAISE 2 +#endif + +#ifndef PR_CAP_AMBIENT_LOWER +#define PR_CAP_AMBIENT_LOWER 3 +#endif + +#ifndef PR_CAP_AMBIENT_CLEAR_ALL +#define PR_CAP_AMBIENT_CLEAR_ALL 4 +#endif + +#ifndef PR_SET_NO_NEW_PRIVS #define PR_SET_NO_NEW_PRIVS 38 #endif -#ifndef HAVE_DECL_PR_GET_NO_NEW_PRIVS +#ifndef PR_GET_NO_NEW_PRIVS #define PR_GET_NO_NEW_PRIVS 39 #endif +/* filesystem magic values */ #ifndef CGROUP_SUPER_MAGIC #define CGROUP_SUPER_MAGIC 0x27e0eb #endif @@ -92,34 +115,55 @@ #define NSFS_MAGIC 0x6e736673 #endif -/* We have two different magic values for overlayfs, yay. */ -#ifndef OVERLAYFS_SUPER_MAGIC -#define OVERLAYFS_SUPER_MAGIC 0x794c764f -#endif - +/* current overlayfs */ #ifndef OVERLAY_SUPER_MAGIC #define OVERLAY_SUPER_MAGIC 0x794c7630 #endif +/* legacy overlayfs */ +#ifndef OVERLAYFS_SUPER_MAGIC +#define OVERLAYFS_SUPER_MAGIC 0x794c764f +#endif + +/* Calculate the number of chars needed to represent a given integer as a C + * string. Include room for '-' to indicate negative numbers and the \0 byte. + * This is based on systemd. + */ +#define INTTYPE_TO_STRLEN(type) \ + (2 + (sizeof(type) <= 1 \ + ? 3 \ + : sizeof(type) <= 2 \ + ? 5 \ + : sizeof(type) <= 4 \ + ? 10 \ + : sizeof(type) <= 8 \ + ? 20 \ + : sizeof(int[-2 * (sizeof(type) > 8)]))) + /* Useful macros */ -/* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */ -#define LXC_NUMSTRLEN64 21 #define LXC_LINELEN 4096 #define LXC_IDMAPLEN 4096 #define LXC_MAX_BUFFER 4096 + /* /proc/ = 6 * + - * = LXC_NUMSTRLEN64 + * = INTTYPE_TO_STRLEN(pid_t) * + * /fd/ = 4 * + - * = LXC_NUMSTRLEN64 + * = INTTYPE_TO_STRLEN(int) * + * \0 = 1 */ -#define LXC_PROC_PID_FD_LEN (6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1) -/* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */ -#define LXC_PROC_STATUS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1) +#define LXC_PROC_PID_FD_LEN (6 + INTTYPE_TO_STRLEN(pid_t) + 4 + INTTYPE_TO_STRLEN(int) + 1) + +/* /proc/pid-to-str/status\0 = (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) */ +#define LXC_PROC_STATUS_LEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) + +/* /proc/pid-to-str/attr/current = (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) */ +#define LXC_LSMATTRLEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) + +#define LXC_CMD_DATA_MAX (MAXPATHLEN * 2) /* loop devices */ #ifndef LO_FLAGS_AUTOCLEAR @@ -155,14 +199,15 @@ * though, hence the two different methods. */ #ifndef __OPTIMIZE__ -#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)])) +#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2 * !!(condition)])) #else extern int __build_bug_on_failed; -#define BUILD_BUG_ON(condition) \ - do { \ - ((void)sizeof(char[1 - 2*!!(condition)])); \ - if (condition) __build_bug_on_failed = 1; \ - } while(0) +#define BUILD_BUG_ON(condition) \ + do { \ + ((void)sizeof(char[1 - 2 * !!(condition)])); \ + if (condition) \ + __build_bug_on_failed = 1; \ + } while (0) #endif #define lxc_iterate_parts(__iterator, __splitme, __separators) \ @@ -237,6 +282,9 @@ extern int __build_bug_on_failed; #define MACVLAN_MODE_PASSTHRU 8 #endif +/* Length of abstract unix domain socket socket address. */ +#define LXC_AUDS_ADDR_LEN sizeof(((struct sockaddr_un *)0)->sun_path) + /* mount */ #ifndef MS_REC #define MS_REC 16384 @@ -260,4 +308,8 @@ extern int __build_bug_on_failed; #define SOCK_CLOEXEC 02000000 #endif +/* pointer conversion macros */ +#define PTR_TO_INT(p) ((int)((intptr_t)(p))) +#define INT_TO_PTR(u) ((void *)((intptr_t)(u))) + #endif /* __LXC_MACRO_H */ diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c index 5aa8e6036..cdf15b659 100644 --- a/src/lxc/monitor.c +++ b/src/lxc/monitor.c @@ -46,6 +46,7 @@ #include "error.h" #include "log.h" #include "lxclock.h" +#include "macro.h" #include "monitor.h" #include "state.h" #include "utils.h" @@ -299,7 +300,7 @@ int lxc_monitord_spawn(const char *lxcpath) { int ret; int pipefd[2]; - char pipefd_str[LXC_NUMSTRLEN64]; + char pipefd_str[INTTYPE_TO_STRLEN(int)]; pid_t pid1, pid2; char *const args[] = { @@ -370,8 +371,8 @@ int lxc_monitord_spawn(const char *lxcpath) close(pipefd[0]); - ret = snprintf(pipefd_str, LXC_NUMSTRLEN64, "%d", pipefd[1]); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) { + ret = snprintf(pipefd_str, INTTYPE_TO_STRLEN(int), "%d", pipefd[1]); + if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int)) { ERROR("Failed to create pid argument to pass to monitord."); _exit(EXIT_FAILURE); } diff --git a/src/lxc/network.c b/src/lxc/network.c index dd294cd91..56ca12b3b 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -49,6 +49,7 @@ #include "conf.h" #include "config.h" #include "log.h" +#include "macro.h" #include "network.h" #include "nl.h" #include "utils.h" @@ -2102,7 +2103,7 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna if (child == 0) { int ret; size_t retlen; - char pidstr[LXC_NUMSTRLEN64]; + char pidstr[INTTYPE_TO_STRLEN(pid_t)]; close(pipefd[0]); @@ -2124,10 +2125,10 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna _exit(EXIT_FAILURE); } - ret = snprintf(pidstr, LXC_NUMSTRLEN64, "%d", pid); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) + ret = snprintf(pidstr, sizeof(pidstr), "%d", pid); + if (ret < 0 || ret >= sizeof(pidstr)) _exit(EXIT_FAILURE); - pidstr[LXC_NUMSTRLEN64 - 1] = '\0'; + pidstr[sizeof(pidstr) - 1] = '\0'; INFO("Execing lxc-user-nic create %s %s %s veth %s %s", lxcpath, lxcname, pidstr, netdev_link, @@ -2329,15 +2330,15 @@ bool lxc_delete_network_unpriv(struct lxc_handler *handler) struct lxc_list *network = &handler->conf->network; /* strlen("/proc/") = 6 * + - * LXC_NUMSTRLEN64 + * INTTYPE_TO_STRLEN(pid_t) * + * strlen("/fd/") = 4 * + - * LXC_NUMSTRLEN64 + * INTTYPE_TO_STRLEN(int) * + * \0 */ - char netns_path[6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1]; + char netns_path[6 + INTTYPE_TO_STRLEN(pid_t) + 4 + INTTYPE_TO_STRLEN(int) + 1]; *netns_path = '\0'; diff --git a/src/lxc/parse.c b/src/lxc/parse.c index d1d7cf8e1..3ae96f307 100644 --- a/src/lxc/parse.c +++ b/src/lxc/parse.c @@ -21,9 +21,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#define _GNU_SOURCE +#include "config.h" + #include -#undef _GNU_SOURCE #include #include #include @@ -31,7 +31,6 @@ #include #include "parse.h" -#include "config.h" #include "utils.h" #include "log.h" diff --git a/src/lxc/start.c b/src/lxc/start.c index 086a874f0..b5c248974 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -53,18 +53,6 @@ #include #endif -#if !HAVE_DECL_PR_CAPBSET_DROP -#define PR_CAPBSET_DROP 24 -#endif - -#if !HAVE_DECL_PR_SET_NO_NEW_PRIVS -#define PR_SET_NO_NEW_PRIVS 38 -#endif - -#if !HAVE_DECL_PR_GET_NO_NEW_PRIVS -#define PR_GET_NO_NEW_PRIVS 39 -#endif - #include "af_unix.h" #include "caps.h" #include "cgroup.h" @@ -79,6 +67,7 @@ #include "lxccontainer.h" #include "lxclock.h" #include "lxcseccomp.h" +#include "macro.h" #include "mainloop.h" #include "monitor.h" #include "namespace.h" diff --git a/src/lxc/string_utils.c b/src/lxc/string_utils.c index 74cea3c70..fb5cb54e7 100644 --- a/src/lxc/string_utils.c +++ b/src/lxc/string_utils.c @@ -43,6 +43,7 @@ #include "log.h" #include "lxclock.h" +#include "macro.h" #include "namespace.h" #include "parse.h" #include "string_utils.h" @@ -678,7 +679,7 @@ int lxc_safe_uint64(const char *numstr, uint64_t *converted, int base) errno = 0; u = strtoull(numstr, &err, base); - if (errno == ERANGE && u == ULLONG_MAX) + if (errno == ERANGE && u == UINT64_MAX) return -ERANGE; if (err == numstr || *err != '\0') @@ -860,7 +861,7 @@ int parse_byte_size_string(const char *s, int64_t *converted) long long int conv; int64_t mltpl, overflow; char *end; - char dup[LXC_NUMSTRLEN64 + 2]; + char dup[INTTYPE_TO_STRLEN(int64_t)]; char suffix[3] = {0}; if (!s || !strcmp(s, "")) diff --git a/src/lxc/tools/lxc_monitor.c b/src/lxc/tools/lxc_monitor.c index df4d00f42..5e296082e 100644 --- a/src/lxc/tools/lxc_monitor.c +++ b/src/lxc/tools/lxc_monitor.c @@ -47,6 +47,7 @@ #include "af_unix.h" #include "arguments.h" #include "log.h" +#include "macro.h" #include "monitor.h" #include "state.h" #include "utils.h" @@ -156,7 +157,7 @@ static int lxc_tool_monitord_spawn(const char *lxcpath) { int ret; int pipefd[2]; - char pipefd_str[LXC_NUMSTRLEN64]; + char pipefd_str[INTTYPE_TO_STRLEN(int)]; pid_t pid1, pid2; char *const args[] = { @@ -223,8 +224,8 @@ static int lxc_tool_monitord_spawn(const char *lxcpath) close(pipefd[0]); - ret = snprintf(pipefd_str, LXC_NUMSTRLEN64, "%d", pipefd[1]); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) { + ret = snprintf(pipefd_str, INTTYPE_TO_STRLEN(int), "%d", pipefd[1]); + if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int)) { ERROR("Failed to create pid argument to pass to monitord"); _exit(EXIT_FAILURE); } diff --git a/src/lxc/utils.c b/src/lxc/utils.c index 58dd223a9..1f0ba8971 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -1157,7 +1157,7 @@ int lxc_mount_proc_if_needed(const char *rootfs) { char path[MAXPATHLEN]; int link_to_pid, linklen, mypid, ret; - char link[LXC_NUMSTRLEN64] = {0}; + char link[INTTYPE_TO_STRLEN(pid_t)] = {0}; ret = snprintf(path, MAXPATHLEN, "%s/proc/self", rootfs); if (ret < 0 || ret >= MAXPATHLEN) { @@ -1165,7 +1165,7 @@ int lxc_mount_proc_if_needed(const char *rootfs) return -1; } - linklen = readlink(path, link, LXC_NUMSTRLEN64); + linklen = readlink(path, link, INTTYPE_TO_STRLEN(pid_t)); ret = snprintf(path, MAXPATHLEN, "%s/proc", rootfs); if (ret < 0 || ret >= MAXPATHLEN) { @@ -1179,7 +1179,7 @@ int lxc_mount_proc_if_needed(const char *rootfs) return -1; goto domount; - } else if (linklen >= LXC_NUMSTRLEN64) { + } else if (linklen >= INTTYPE_TO_STRLEN(pid_t)) { link[linklen - 1] = '\0'; ERROR("readlink returned truncated content: \"%s\"", link); return -1; @@ -1260,7 +1260,7 @@ int null_stdfds(void) /* Check whether a signal is blocked by a process. */ /* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */ -#define __PROC_STATUS_LEN (6 + (LXC_NUMSTRLEN64) + 7 + 1) +#define __PROC_STATUS_LEN (6 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) bool task_blocks_signal(pid_t pid, int signal) { int ret; diff --git a/src/tests/lxc-test-utils.c b/src/tests/lxc-test-utils.c index 8a1ecc1dd..20f71b9a5 100644 --- a/src/tests/lxc-test-utils.c +++ b/src/tests/lxc-test-utils.c @@ -39,6 +39,7 @@ #include #include "lxctest.h" +#include "macro.h" #include "utils.h" void test_lxc_deslashify(void) @@ -81,7 +82,7 @@ void test_lxc_deslashify(void) } /* /proc/int_as_str/ns/mnt\0 = (5 + 21 + 7 + 1) */ -#define __MNTNS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1) +#define __MNTNS_LEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) void test_detect_ramfs_rootfs(void) { size_t i; @@ -246,19 +247,19 @@ void test_lxc_safe_uint(void) { int ret; unsigned int n; - char numstr[LXC_NUMSTRLEN64]; + char numstr[INTTYPE_TO_STRLEN(uint64_t)]; lxc_test_assert_abort((-EINVAL == lxc_safe_uint(" -123", &n))); lxc_test_assert_abort((-EINVAL == lxc_safe_uint("-123", &n))); - ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRIu64, (uint64_t)UINT_MAX); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) + ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)UINT_MAX); + if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t)) exit(EXIT_FAILURE); lxc_test_assert_abort((0 == lxc_safe_uint(numstr, &n)) && n == UINT_MAX); - ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRIu64, (uint64_t)UINT_MAX + 1); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) + ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)UINT_MAX + 1); + if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t)) exit(EXIT_FAILURE); lxc_test_assert_abort((-ERANGE == lxc_safe_uint(numstr, &n))); @@ -282,28 +283,28 @@ void test_lxc_safe_int(void) { int ret; signed int n; - char numstr[LXC_NUMSTRLEN64]; + char numstr[INTTYPE_TO_STRLEN(uint64_t)]; - ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRIu64, (uint64_t)INT_MAX); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) + ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)INT_MAX); + if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t)) exit(EXIT_FAILURE); lxc_test_assert_abort((0 == lxc_safe_int(numstr, &n)) && n == INT_MAX); - ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRIu64, (uint64_t)INT_MAX + 1); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) + ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)INT_MAX + 1); + if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t)) exit(EXIT_FAILURE); lxc_test_assert_abort((-ERANGE == lxc_safe_int(numstr, &n))); - ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRId64, (int64_t)INT_MIN); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) + ret = snprintf(numstr, INTTYPE_TO_STRLEN(int64_t), "%" PRId64, (int64_t)INT_MIN); + if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int64_t)) exit(EXIT_FAILURE); lxc_test_assert_abort((0 == lxc_safe_int(numstr, &n)) && n == INT_MIN); - ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRId64, (int64_t)INT_MIN - 1); - if (ret < 0 || ret >= LXC_NUMSTRLEN64) + ret = snprintf(numstr, INTTYPE_TO_STRLEN(int64_t), "%" PRId64, (int64_t)INT_MIN - 1); + if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int64_t)) exit(EXIT_FAILURE); lxc_test_assert_abort((-ERANGE == lxc_safe_int(numstr, &n)));