[lxc-devel] [lxc/master] tree-wide: pass unsigned long to prctl()

brauner on Github lxc-bot at linuxcontainers.org
Sun Aug 5 12:05:48 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180805/ccca412a/attachment.bin>
-------------- next part --------------
From b81689a103a39a115ea94cf4f95efb5a41397231 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 5 Aug 2018 14:04:03 +0200
Subject: [PATCH] tree-wide: pass unsigned long to prctl()

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/attach.c      |  6 ++++--
 src/lxc/caps.c        | 10 ++++++----
 src/lxc/conf.c        |  6 ++++--
 src/lxc/initutils.c   |  4 +++-
 src/lxc/macro.h       |  2 ++
 src/lxc/start.c       |  6 ++++--
 src/lxc/storage/nbd.c |  3 ++-
 src/lxc/utils.c       |  3 ++-
 8 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 6fa53ebb4..f992b4f99 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -318,7 +318,8 @@ static int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx)
 		if (ctx->capability_mask & (1LL << cap))
 			continue;
 
-		if (prctl(PR_CAPBSET_DROP, cap, 0, 0, 0)) {
+		if (prctl(PR_CAPBSET_DROP, prctl_arg(cap), prctl_arg(0),
+			  prctl_arg(0), prctl_arg(0))) {
 			SYSERROR("Failed to drop capability %d", cap);
 			return -1;
 		}
@@ -898,7 +899,8 @@ static int attach_child_main(struct attach_clone_payload *payload)
 	if ((init_ctx->container && init_ctx->container->lxc_conf &&
 	     init_ctx->container->lxc_conf->no_new_privs) ||
 	    (options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) {
-		ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+		ret = prctl(PR_SET_NO_NEW_PRIVS, prctl_arg(1), prctl_arg(0),
+			    prctl_arg(0), prctl_arg(0));
 		if (ret < 0)
 			goto on_error;
 
diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 1444b4c7e..bec3b32c6 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -198,7 +198,8 @@ int lxc_ambient_caps_up(void)
 	}
 
 	for (cap = 0; cap <= last_cap; cap++) {
-		ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap, 0, 0);
+		ret = prctl(PR_CAP_AMBIENT, prctl_arg(PR_CAP_AMBIENT_RAISE),
+			    prctl_arg(cap), prctl_arg(0), prctl_arg(0));
 		if (ret < 0) {
 			SYSWARN("Failed to raise ambient capability %d", cap);
 			goto out;
@@ -230,7 +231,8 @@ int lxc_ambient_caps_down(void)
 	if (!getuid())
 		return 0;
 
-	ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0);
+	ret = prctl(PR_CAP_AMBIENT, prctl_arg(PR_CAP_AMBIENT_CLEAR_ALL),
+		    prctl_arg(0), prctl_arg(0), prctl_arg(0));
 	if (ret < 0) {
 		SYSERROR("Failed to clear ambient capability set");
 		return -1;
@@ -276,7 +278,7 @@ int lxc_caps_init(void)
 
 		INFO("Command is run as setuid root (uid: %d)", uid);
 
-		ret = prctl(PR_SET_KEEPCAPS, 1);
+		ret = prctl(PR_SET_KEEPCAPS, prctl_arg(1));
 		if (ret < 0) {
 			SYSERROR("Failed to set PR_SET_KEEPCAPS");
 			return -1;
@@ -341,7 +343,7 @@ static int _real_caps_last_cap(void)
 		/* Try to get it manually by trying to get the status of each
 		 * capability individually from the kernel.
 		 */
-		while (prctl(PR_CAPBSET_READ, cap) >= 0)
+		while (prctl(PR_CAPBSET_READ, prctl_arg(cap)) >= 0)
 			cap++;
 
 		result = cap - 1;
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 3cbebfb6a..90d2a23f0 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2544,7 +2544,8 @@ static int setup_caps(struct lxc_list *caps)
 			return -1;
 		}
 
-		ret = prctl(PR_CAPBSET_DROP, capid, 0, 0, 0);
+		ret = prctl(PR_CAPBSET_DROP, prctl_arg(capid), prctl_arg(0),
+			    prctl_arg(0), prctl_arg(0));
 		if (ret < 0) {
 			SYSERROR("Failed to remove %s capability", drop_entry);
 			return -1;
@@ -2593,7 +2594,8 @@ static int dropcaps_except(struct lxc_list *caps)
 		if (caplist[i])
 			continue;
 
-		ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
+		ret = prctl(PR_CAPBSET_DROP, prctl_arg(i), prctl_arg(0),
+			    prctl_arg(0), prctl_arg(0));
 		if (ret < 0) {
 			SYSERROR("Failed to remove capability %d", i);
 			return -1;
diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
index 6ab39a7da..cadd82757 100644
--- a/src/lxc/initutils.c
+++ b/src/lxc/initutils.c
@@ -26,6 +26,7 @@
 
 #include "initutils.h"
 #include "log.h"
+#include "macro.h"
 
 #ifndef HAVE_STRLCPY
 #include "include/strlcpy.h"
@@ -361,7 +362,8 @@ int setproctitle(char *title)
 		.exe_fd = -1,
 	};
 
-	ret = prctl(PR_SET_MM, PR_SET_MM_MAP, (long) &prctl_map, sizeof(prctl_map), 0);
+	ret = prctl(PR_SET_MM, prctl_arg(PR_SET_MM_MAP), prctl_arg(&prctl_map),
+		    prctl_arg(sizeof(prctl_map)), prctl_arg(0));
 	if (ret == 0)
 		(void)strlcpy((char*)arg_start, title, len);
 	else
diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index d2333bf94..733cb3322 100644
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -136,4 +136,6 @@ extern int __build_bug_on_failed;
 	     (__iterator = __it);                                               \
 	     __iterator = __it = strtok_r(NULL, __separators, &__p))
 
+#define prctl_arg(x) ((unsigned long)x)
+
 #endif /* __LXC_MACRO_H */
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 92d3c64c6..3616527eb 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1152,7 +1152,8 @@ static int do_start(void *data)
 		if (ret < 0 && (handler->am_root || errno != EPERM))
 			goto out_warn_father;
 
-		ret = prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
+		ret = prctl(PR_SET_DUMPABLE, prctl_arg(1), prctl_arg(0),
+			    prctl_arg(0), prctl_arg(0));
 		if (ret < 0)
 			goto out_warn_father;
 
@@ -1255,7 +1256,8 @@ static int do_start(void *data)
 	 * before we aren't allowed anymore.
 	 */
 	if (handler->conf->no_new_privs) {
-		ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+		ret = prctl(PR_SET_NO_NEW_PRIVS, prctl_arg(1), prctl_arg(0),
+			    prctl_arg(0), prctl_arg(0));
 		if (ret < 0) {
 			SYSERROR("Could not set PR_SET_NO_NEW_PRIVS to block "
 				 "execve() gainable privileges");
diff --git a/src/lxc/storage/nbd.c b/src/lxc/storage/nbd.c
index 9f92ecc9b..771bd9e3e 100644
--- a/src/lxc/storage/nbd.c
+++ b/src/lxc/storage/nbd.c
@@ -209,7 +209,8 @@ static int do_attach_nbd(void *d)
 		exit(1);
 	}
 
-	if (prctl(PR_SET_PDEATHSIG, SIGHUP, 0, 0, 0) < 0)
+	if (prctl(PR_SET_PDEATHSIG, prctl_arg(SIGHUP), prctl_arg(0),
+		  prctl_arg(0), prctl_arg(0)) < 0)
 		SYSERROR("Error setting parent death signal for nbd watcher");
 
 	pid = fork();
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index c4e8df02d..b4d3459ba 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -2680,7 +2680,8 @@ int lxc_set_death_signal(int signal)
 	int ret;
 	pid_t ppid;
 
-	ret = prctl(PR_SET_PDEATHSIG, signal, 0, 0, 0);
+	ret = prctl(PR_SET_PDEATHSIG, prctl_arg(signal), prctl_arg(0),
+		    prctl_arg(0), prctl_arg(0));
 
 	/* Check whether we have been orphaned. */
 	ppid = (pid_t)syscall(SYS_getppid);

More information about the lxc-devel mailing list