[lxc-devel] [lxc/master] compiler: hardening
brauner on Github
lxc-bot at linuxcontainers.org
Tue Feb 5 20:15:37 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190205/ba361faf/attachment-0001.bin>
-------------- next part --------------
From 6c99695e52c29e0dbb2423287efede6460643323 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:29:21 +0100
Subject: [PATCH 01/11] compiler: -Wlogical-op hardening
Warn about suspicious uses of logical operators in expressions.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 2 ++
1 file changed, 2 insertions(+)
diff --git a/configure.ac b/configure.ac
index 9a6ba83c2..6aee94be3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -690,6 +690,7 @@ AC_PROG_SED
# See if we support thread-local storage.
LXC_CHECK_TLS
+# Hardening flags
AX_CHECK_COMPILE_FLAG([-fdiagnostics-color], [CFLAGS="$CFLAGS -fdiagnostics-color"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wimplicit-fallthrough], [CFLAGS="$CFLAGS -Wimplicit-fallthrough"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wcast-align], [CFLAGS="$CFLAGS -Wcast-align"],,[-Werror])
@@ -700,6 +701,7 @@ AX_CHECK_LINK_FLAG([-fstack-protector-strong], [CFLAGS="$CFLAGS -fstack-protecto
AX_CHECK_COMPILE_FLAG([-g], [CFLAGS="$CFLAGS -g"],,[-Werror])
AX_CHECK_COMPILE_FLAG([--mcet -fcf-protection], [CFLAGS="$CFLAGS --mcet -fcf-protection"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=implicit-function-declaration], [CFLAGS="$CFLAGS -Werror=implicit-function-declaration"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wlogical-op], [CFLAGS="$CFLAGS -Wlogical-op"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
From 4fc9b054294121696c41b90b6b9afd88d59af4fb Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:31:20 +0100
Subject: [PATCH 02/11] compiler: -Wmissing-include-dirs hardening
Warn if a user-supplied include directory does not exist.
This already surfaced a bug that is fixed by this commit.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 1 +
src/tests/Makefile.am | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 6aee94be3..5918bc5e4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -702,6 +702,7 @@ AX_CHECK_COMPILE_FLAG([-g], [CFLAGS="$CFLAGS -g"],,[-Werror])
AX_CHECK_COMPILE_FLAG([--mcet -fcf-protection], [CFLAGS="$CFLAGS --mcet -fcf-protection"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=implicit-function-declaration], [CFLAGS="$CFLAGS -Werror=implicit-function-declaration"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wlogical-op], [CFLAGS="$CFLAGS -Wlogical-op"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wmissing-include-dirs], [CFLAGS="$CFLAGS -Wmissing-include-dirs"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index f03d61eb8..842708c44 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -48,7 +48,6 @@ AM_CFLAGS=-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
-DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \
-I $(top_srcdir)/src \
-I $(top_srcdir)/src/lxc \
- -I $(top_srcdir)/src/lxc/bdev \
-I $(top_srcdir)/src/lxc/cgroups \
-I $(top_srcdir)/src/lxc/tools \
-pthread
From 6d9b016ca0047da9efe68338f49e362a2cd40dc1 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:33:40 +0100
Subject: [PATCH 03/11] compiler: -Wold-style-definition hardening
Warn if an old-style function definition is used. A warning is given
even if there is a previous prototype.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index 5918bc5e4..2e2209239 100644
--- a/configure.ac
+++ b/configure.ac
@@ -703,6 +703,7 @@ AX_CHECK_COMPILE_FLAG([--mcet -fcf-protection], [CFLAGS="$CFLAGS --mcet -fcf-pro
AX_CHECK_COMPILE_FLAG([-Werror=implicit-function-declaration], [CFLAGS="$CFLAGS -Werror=implicit-function-declaration"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wlogical-op], [CFLAGS="$CFLAGS -Wlogical-op"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wmissing-include-dirs], [CFLAGS="$CFLAGS -Wmissing-include-dirs"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wold-style-definition], [CFLAGS="$CFLAGS -Wold-style-definition"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
From 80792c16cf2b50306673981e472cbe92b6af733f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:43:00 +0100
Subject: [PATCH 04/11] compiler: -Winit-self hardening
Warn about uninitialized variables that are initialized with themselves.
Note this option can only be used with the -Wuninitialized option.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index 2e2209239..a6ff6eefa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -704,6 +704,7 @@ AX_CHECK_COMPILE_FLAG([-Werror=implicit-function-declaration], [CFLAGS="$CFLAGS
AX_CHECK_COMPILE_FLAG([-Wlogical-op], [CFLAGS="$CFLAGS -Wlogical-op"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wmissing-include-dirs], [CFLAGS="$CFLAGS -Wmissing-include-dirs"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wold-style-definition], [CFLAGS="$CFLAGS -Wold-style-definition"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
From 2d1e4090e35c02303597b87beaf477173efefbf7 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:43:52 +0100
Subject: [PATCH 05/11] compiler: -Wfloat-equal hardening
Warn if floating-point values are used in equality comparisons.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index a6ff6eefa..12fe0daee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -705,6 +705,7 @@ AX_CHECK_COMPILE_FLAG([-Wlogical-op], [CFLAGS="$CFLAGS -Wlogical-op"],,[-Werror]
AX_CHECK_COMPILE_FLAG([-Wmissing-include-dirs], [CFLAGS="$CFLAGS -Wmissing-include-dirs"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wold-style-definition], [CFLAGS="$CFLAGS -Wold-style-definition"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
From 3e0801a57b3a53a6f2df8a54d0dbcbaadee82104 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:44:57 +0100
Subject: [PATCH 06/11] compiler: -Wsuggest-attribute=noreturn hardening
Warn about functions that might be candidates for attributes pure, const
or noreturn or malloc.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 1 +
src/tests/state_server.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 12fe0daee..4daff5b82 100644
--- a/configure.ac
+++ b/configure.ac
@@ -706,6 +706,7 @@ AX_CHECK_COMPILE_FLAG([-Wmissing-include-dirs], [CFLAGS="$CFLAGS -Wmissing-inclu
AX_CHECK_COMPILE_FLAG([-Wold-style-definition], [CFLAGS="$CFLAGS -Wold-style-definition"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest-attribute=noreturn"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
diff --git a/src/tests/state_server.c b/src/tests/state_server.c
index a814227ea..d24ba8b3d 100644
--- a/src/tests/state_server.c
+++ b/src/tests/state_server.c
@@ -38,7 +38,7 @@ struct thread_args {
struct lxc_container *c;
};
-void *state_wrapper(void *data)
+static void *state_wrapper(void *data)
{
struct thread_args *args = data;
From 134ca66b032c25c58fc1e6fa3c668f8eceb694ca Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:48:45 +0100
Subject: [PATCH 07/11] compiler: -Werror=return-type hardening
Warn whenever a function is defined with a return type that defaults to
int. Also warn about any return statement with no return value in a
function whose return type is not void (falling off the end of the
function body is considered returning without a value).
For C only, warn about a return statement with an expression in a
function whose return type is void, unless the expression type is also
void. As a GNU extension, the latter case is accepted without a warning
unless -Wpedantic is used.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index 4daff5b82..ac628feb8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -707,6 +707,7 @@ AX_CHECK_COMPILE_FLAG([-Wold-style-definition], [CFLAGS="$CFLAGS -Wold-style-def
AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest-attribute=noreturn"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Werror=return-type], [CFLAGS="$CFLAGS -Werror=return-type"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
From 88ce3d9af49831b74ec7f9fd510a5421a06986e9 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:49:59 +0100
Subject: [PATCH 08/11] compiler: -Werror=incompatible-pointer-types
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index ac628feb8..4729bddca 100644
--- a/configure.ac
+++ b/configure.ac
@@ -708,6 +708,7 @@ AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest-attribute=noreturn"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=return-type], [CFLAGS="$CFLAGS -Werror=return-type"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Werror=incompatible-pointer-types], [CFLAGS="$CFLAGS -Werror=incompatible-pointer-types"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
From 56118872f9146b8dbd356a3add9bdc67d88efd4f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:51:50 +0100
Subject: [PATCH 09/11] compiler: -Werror=format=2 hardening
Enable -Wformat plus additional format checks. Currently equivalent to
-Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index 4729bddca..c0d75da1b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -709,6 +709,7 @@ AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werro
AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest-attribute=noreturn"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=return-type], [CFLAGS="$CFLAGS -Werror=return-type"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=incompatible-pointer-types], [CFLAGS="$CFLAGS -Werror=incompatible-pointer-types"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Werror=format=2], [CFLAGS="$CFLAGS -Werror=format=2"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
From 3be648b3f40ff4f76933903c76acf12baf33e30f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:54:33 +0100
Subject: [PATCH 10/11] compiler: set -Wimplicit-fallthrough to 5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-Wimplicit-fallthrough=5 doesn’t recognize any comments as fallthrough
comments, only attributes disable the warning.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index c0d75da1b..a2d4c3b74 100644
--- a/configure.ac
+++ b/configure.ac
@@ -692,7 +692,7 @@ LXC_CHECK_TLS
# Hardening flags
AX_CHECK_COMPILE_FLAG([-fdiagnostics-color], [CFLAGS="$CFLAGS -fdiagnostics-color"],,[-Werror])
-AX_CHECK_COMPILE_FLAG([-Wimplicit-fallthrough], [CFLAGS="$CFLAGS -Wimplicit-fallthrough"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wimplicit-fallthrough=5], [CFLAGS="$CFLAGS -Wimplicit-fallthrough=5"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wcast-align], [CFLAGS="$CFLAGS -Wcast-align"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wstrict-prototypes], [CFLAGS="$CFLAGS -Wstrict-prototypes"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"],,[-Werror])
From 598f0a3c20d35ede867cf6b756036071c33c3929 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 Feb 2019 20:56:08 +0100
Subject: [PATCH 11/11] compiler: -Wshadow hardening
Warn whenever a local variable or type declaration shadows another
variable, parameter, type, class member (in C++), or instance variable
(in Objective-C) or whenever a built-in function is shadowed.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 1 +
src/lxc/attach.c | 2 +-
src/lxc/cmd/lxc_user_nic.c | 1 -
src/lxc/conf.c | 1 -
src/lxc/criu.c | 2 --
src/lxc/log.h | 8 ++++----
src/lxc/lxccontainer.c | 13 ++++++-------
src/lxc/network.c | 5 -----
src/lxc/storage/overlay.c | 4 ++--
src/lxc/storage/storage.c | 1 -
src/lxc/storage/zfs.c | 3 ---
src/lxc/tools/lxc_info.c | 12 ++++++------
src/lxc/tools/lxc_ls.c | 2 --
src/lxc/tools/lxc_unshare.c | 14 +++++++-------
src/tests/share_ns.c | 4 ----
src/tests/state_server.c | 4 ----
16 files changed, 27 insertions(+), 50 deletions(-)
diff --git a/configure.ac b/configure.ac
index a2d4c3b74..5228c358c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -710,6 +710,7 @@ AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest
AX_CHECK_COMPILE_FLAG([-Werror=return-type], [CFLAGS="$CFLAGS -Werror=return-type"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=incompatible-pointer-types], [CFLAGS="$CFLAGS -Werror=incompatible-pointer-types"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=format=2], [CFLAGS="$CFLAGS -Werror=format=2"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wshadow], [CFLAGS="$CFLAGS -Wshadow"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 117e3778f..df9dda02e 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -1351,10 +1351,10 @@ int lxc_attach(const char *name, const char *lxcpath,
if ((options->namespaces & CLONE_NEWNS) &&
(options->attach_flags & LXC_ATTACH_LSM) &&
init_ctx->lsm_label) {
- int ret = -1;
int labelfd;
bool on_exec;
+ ret = -1;
on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? true : false;
labelfd = lsm_process_label_fd_get(attached_pid, on_exec);
if (labelfd < 0)
diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
index 12c3d83c7..bd60228aa 100644
--- a/src/lxc/cmd/lxc_user_nic.c
+++ b/src/lxc/cmd/lxc_user_nic.c
@@ -1250,7 +1250,6 @@ int main(int argc, char *argv[])
free(me);
if (request == LXC_USERNIC_DELETE) {
- int ret;
struct alloted_s *it;
bool found_nicname = false;
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index be2852f27..57144c972 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3377,7 +3377,6 @@ void remount_all_slave(void)
}
while (getline(&line, &len, f) != -1) {
- int ret;
char *opts, *target;
target = get_field(line, 4);
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index 3d857b541..56e4c978c 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -1071,7 +1071,6 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
rmdir(rootfs->mount);
goto out_fini_handler;
} else {
- int ret;
char title[2048];
close(pipes[1]);
@@ -1300,7 +1299,6 @@ static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *op
int status;
ssize_t n;
char buf[4096];
- bool ret;
close(criuout[1]);
diff --git a/src/lxc/log.h b/src/lxc/log.h
index 008df7a73..3b7557edb 100644
--- a/src/lxc/log.h
+++ b/src/lxc/log.h
@@ -342,9 +342,9 @@ ATTR_UNUSED static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo, \
char errno_buf[PATH_MAX / 2] = {"Failed to get errno string"}; \
char *ptr = NULL; \
{ \
- int saved_errno = errno; \
+ int __saved_errno = errno; \
ptr = strerror_r(errno, errno_buf, sizeof(errno_buf)); \
- errno = saved_errno; \
+ errno = __saved_errno; \
if (!ptr) \
ptr = errno_buf; \
}
@@ -353,9 +353,9 @@ ATTR_UNUSED static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo, \
char errno_buf[PATH_MAX / 2] = {"Failed to get errno string"}; \
char *ptr = errno_buf; \
{ \
- int saved_errno = errno; \
+ int __saved_errno = errno; \
(void)strerror_r(errno, errno_buf, sizeof(errno_buf)); \
- errno = saved_errno; \
+ errno = __saved_errno; \
}
#endif
#elif ENFORCE_THREAD_SAFETY
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 7c826a9fd..06384f069 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1041,7 +1041,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
* right PID.
*/
if (c->pidfile) {
- int ret, w;
+ int w;
char pidstr[INTTYPE_TO_STRLEN(pid_t)];
w = snprintf(pidstr, sizeof(pidstr), "%d", lxc_raw_getpid());
@@ -2439,8 +2439,7 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface,
if (pid == 0) {
ssize_t nbytes;
char addressOutputBuffer[INET6_ADDRSTRLEN];
- int ret = 1;
- char *address = NULL;
+ char *address_ptr = NULL;
void *tempAddrPtr = NULL;
struct netns_ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL;
@@ -2489,16 +2488,16 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface,
else if (!interface && strcmp("lo", tempIfAddr->ifa_name) == 0)
continue;
- address = (char *)inet_ntop(tempIfAddr->ifa_addr->sa_family,
+ address_ptr = (char *)inet_ntop(tempIfAddr->ifa_addr->sa_family,
tempAddrPtr, addressOutputBuffer,
sizeof(addressOutputBuffer));
- if (!address)
+ if (!address_ptr)
continue;
- nbytes = lxc_write_nointr(pipefd[1], address, INET6_ADDRSTRLEN);
+ nbytes = lxc_write_nointr(pipefd[1], address_ptr, INET6_ADDRSTRLEN);
if (nbytes != INET6_ADDRSTRLEN) {
SYSERROR("Failed to send ipv6 address \"%s\"",
- address);
+ address_ptr);
goto out;
}
diff --git a/src/lxc/network.c b/src/lxc/network.c
index 499ddff6e..ec75b0c28 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -2116,8 +2116,6 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna
}
if (child == 0) {
- int ret;
- size_t retlen;
char pidstr[INTTYPE_TO_STRLEN(pid_t)];
close(pipefd[0]);
@@ -2280,7 +2278,6 @@ static int lxc_delete_network_unpriv_exec(const char *lxcpath, const char *lxcna
if (child == 0) {
char *hostveth;
- int ret;
close(pipefd[0]);
@@ -2925,8 +2922,6 @@ static int lxc_setup_netdev_in_child_namespaces(struct lxc_netdev *netdev)
/* set the network device up */
if (netdev->flags & IFF_UP) {
- int err;
-
err = lxc_netdev_up(current_ifname);
if (err) {
errno = -err;
diff --git a/src/lxc/storage/overlay.c b/src/lxc/storage/overlay.c
index 01546b1bf..1a593b340 100644
--- a/src/lxc/storage/overlay.c
+++ b/src/lxc/storage/overlay.c
@@ -86,7 +86,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
if (strcmp(orig->type, "dir") == 0) {
char *delta, *lastslash;
char *work;
- int ret, len, lastslashidx;
+ int len, lastslashidx;
/* If we have "/var/lib/lxc/c2/rootfs" then delta will be
* "/var/lib/lxc/c2/delta0".
@@ -194,7 +194,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
char *clean_old_path, *clean_new_path;
char *lastslash, *ndelta, *nsrc, *odelta, *osrc, *s1, *s2, *s3,
*work;
- int ret, lastslashidx;
+ int lastslashidx;
size_t len, name_len;
osrc = strdup(orig->src);
diff --git a/src/lxc/storage/storage.c b/src/lxc/storage/storage.c
index c4f4c2ea3..837e8cabe 100644
--- a/src/lxc/storage/storage.c
+++ b/src/lxc/storage/storage.c
@@ -355,7 +355,6 @@ struct lxc_storage *storage_copy(struct lxc_container *c, const char *cname,
}
if (!orig->dest) {
- int ret;
size_t len;
struct stat sb;
diff --git a/src/lxc/storage/zfs.c b/src/lxc/storage/zfs.c
index ba104da54..0a804ad19 100644
--- a/src/lxc/storage/zfs.c
+++ b/src/lxc/storage/zfs.c
@@ -468,7 +468,6 @@ int zfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
orig_src = lxc_storage_get_path(orig->src, orig->type);
if (!strcmp(orig->type, "zfs")) {
- size_t len;
if (*orig_src == '/') {
bool found;
@@ -594,8 +593,6 @@ int zfs_destroy(struct lxc_storage *orig)
* "<lxcpath>/<lxcname>/rootfs" is given.
*/
if (*src == '/') {
- char *tmp;
-
found = zfs_list_entry(src, cmd_output, sizeof(cmd_output));
if (!found) {
ERROR("Failed to find zfs entry \"%s\"", orig->src);
diff --git a/src/lxc/tools/lxc_info.c b/src/lxc/tools/lxc_info.c
index 138a3060b..1aae1c6f2 100644
--- a/src/lxc/tools/lxc_info.c
+++ b/src/lxc/tools/lxc_info.c
@@ -274,28 +274,28 @@ static void print_stats(struct lxc_container *c)
}
}
-static void print_info_msg_int(const char *key, int value)
+static void print_info_msg_int(const char *k, int value)
{
if (humanize)
- printf("%-15s %d\n", key, value);
+ printf("%-15s %d\n", k, value);
else {
if (filter_count == 1)
printf("%d\n", value);
else
- printf("%-15s %d\n", key, value);
+ printf("%-15s %d\n", k, value);
}
fflush(stdout);
}
-static void print_info_msg_str(const char *key, const char *value)
+static void print_info_msg_str(const char *k, const char *value)
{
if (humanize)
- printf("%-15s %s\n", key, value);
+ printf("%-15s %s\n", k, value);
else {
if (filter_count == 1)
printf("%s\n", value);
else
- printf("%-15s %s\n", key, value);
+ printf("%-15s %s\n", k, value);
}
fflush(stdout);
}
diff --git a/src/lxc/tools/lxc_ls.c b/src/lxc/tools/lxc_ls.c
index cb3eb1e52..8f7a5a2fc 100644
--- a/src/lxc/tools/lxc_ls.c
+++ b/src/lxc/tools/lxc_ls.c
@@ -512,8 +512,6 @@ static int ls_get(struct ls **m, size_t *size, const struct lxc_arguments *args,
l->unprivileged = !(val == NULL);
free(val);
} else {
- int ret;
-
ret = c->get_config_item(c, "lxc.idmap", NULL, 0);
l->unprivileged = !(ret == 0);
}
diff --git a/src/lxc/tools/lxc_unshare.c b/src/lxc/tools/lxc_unshare.c
index a86d12b3c..197c9f531 100644
--- a/src/lxc/tools/lxc_unshare.c
+++ b/src/lxc/tools/lxc_unshare.c
@@ -431,24 +431,24 @@ int main(int argc, char *argv[])
if (lxc_list_len(&ifnames) > 0) {
struct lxc_list *iterator;
char* ifname;
- pid_t pid;
+ pid_t lpid;
lxc_list_for_each(iterator, &ifnames) {
ifname = iterator->elem;
if (!ifname)
continue;
- pid = fork();
- if (pid < 0) {
+ lpid = fork();
+ if (lpid < 0) {
SYSERROR("Failed to move network device \"%s\" to network namespace",
ifname);
continue;
}
- if (pid == 0) {
+ if (lpid == 0) {
char buf[256];
- ret = snprintf(buf, 256, "%d", pid);
+ ret = snprintf(buf, 256, "%d", lpid);
if (ret < 0 || ret >= 256)
_exit(EXIT_FAILURE);
@@ -456,9 +456,9 @@ int main(int argc, char *argv[])
_exit(EXIT_FAILURE);
}
- if (wait_for_pid(pid) != 0)
+ if (wait_for_pid(lpid) != 0)
SYSERROR("Could not move interface \"%s\" into container %d",
- ifname, pid);
+ ifname, lpid);
}
free_ifname_list();
diff --git a/src/tests/share_ns.c b/src/tests/share_ns.c
index d65aef85a..3c74a165e 100644
--- a/src/tests/share_ns.c
+++ b/src/tests/share_ns.c
@@ -269,8 +269,6 @@ int main(int argc, char *argv[])
lxc_debug("Starting namespace sharing test iteration %d\n", j);
for (i = 0; i < 10; i++) {
- int ret;
-
args[i].thread_id = i;
args[i].success = false;
args[i].init_pid = init_pid;
@@ -283,8 +281,6 @@ int main(int argc, char *argv[])
}
for (i = 0; i < 10; i++) {
- int ret;
-
ret = pthread_join(threads[i], NULL);
if (ret != 0)
goto on_error_stop;
diff --git a/src/tests/state_server.c b/src/tests/state_server.c
index d24ba8b3d..bb64a87cb 100644
--- a/src/tests/state_server.c
+++ b/src/tests/state_server.c
@@ -108,8 +108,6 @@ int main(int argc, char *argv[])
sleep(5);
for (i = 0; i < 10; i++) {
- int ret;
-
args[i].thread_id = i;
args[i].c = c;
args[i].timeout = -1;
@@ -123,8 +121,6 @@ int main(int argc, char *argv[])
}
for (i = 0; i < 10; i++) {
- int ret;
-
ret = pthread_join(threads[i], NULL);
if (ret != 0)
goto on_error_stop;
More information about the lxc-devel
mailing list