[lxc-devel] [lxd/master] cgo: more hardening
brauner on Github
lxc-bot at linuxcontainers.org
Tue Oct 22 12:31:58 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191022/3d2b5f3d/attachment.bin>
-------------- next part --------------
From b04c0407da9e409d3cfc9eb20f47486fa8e76be6 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:35:25 +0200
Subject: [PATCH 01/12] seccomp: log syscall arguments
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/seccomp/seccomp.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go
index bfbbc80cc0..69171e026b 100644
--- a/lxd/seccomp/seccomp.go
+++ b/lxd/seccomp/seccomp.go
@@ -928,6 +928,7 @@ func (s *Server) HandleMknodSyscall(c Instance, siov *Iovec) int {
cPid: C.pid_t(siov.req.pid),
path: C.GoString(&cPathBuf[0]),
}
+ ctx["syscall_args"] = &args
return s.doDeviceSyscall(c, &args, siov)
}
@@ -989,6 +990,7 @@ func (s *Server) HandleMknodatSyscall(c Instance, siov *Iovec) int {
cPid: C.pid_t(siov.req.pid),
path: C.GoString(&cPathBuf[0]),
}
+ ctx["syscall_args"] = &args
return s.doDeviceSyscall(c, &args, siov)
}
From 90d57aa6f89822a61e184f4d4a8f7f2415f9ea57 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:38:22 +0200
Subject: [PATCH 02/12] package: lxd: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/cgo.go | 8 ++++++++
lxd/main_nsexec.go | 3 ---
2 files changed, 8 insertions(+), 3 deletions(-)
create mode 100644 lxd/cgo.go
diff --git a/lxd/cgo.go b/lxd/cgo.go
new file mode 100644
index 0000000000..abe0677c1d
--- /dev/null
+++ b/lxd/cgo.go
@@ -0,0 +1,8 @@
+// +build linux,cgo
+
+package main
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+// #cgo pkg-config: lxc
+// #cgo pkg-config: libcap
+import "C"
diff --git a/lxd/main_nsexec.go b/lxd/main_nsexec.go
index be8eb8a73b..fd1793251c 100644
--- a/lxd/main_nsexec.go
+++ b/lxd/main_nsexec.go
@@ -302,7 +302,4 @@ __attribute__((constructor)) void init(void) {
checkfeature();
}
*/
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
-// #cgo pkg-config: lxc
-// #cgo pkg-config: libcap
import "C"
From 657930d5c7856fcbf1bd8c3185011000c1bb5f4a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:41:04 +0200
Subject: [PATCH 03/12] package: lxd-p2c: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd-p2c/cgo.go | 5 +++++
lxd-p2c/setns.go | 1 -
2 files changed, 5 insertions(+), 1 deletion(-)
create mode 100644 lxd-p2c/cgo.go
diff --git a/lxd-p2c/cgo.go b/lxd-p2c/cgo.go
new file mode 100644
index 0000000000..4dc63f0be1
--- /dev/null
+++ b/lxd-p2c/cgo.go
@@ -0,0 +1,5 @@
+// build +linux,cgo
+
+package main
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
diff --git a/lxd-p2c/setns.go b/lxd-p2c/setns.go
index e9bf87b8b1..40bd83c317 100644
--- a/lxd-p2c/setns.go
+++ b/lxd-p2c/setns.go
@@ -32,5 +32,4 @@ __attribute__((constructor)) void init(void) {
// We're done, jump back to Go
}
*/
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
import "C"
From b6908b9978eb5abf6f2e270d18a809cd69661009 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:42:45 +0200
Subject: [PATCH 04/12] package: seccomp: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/seccomp/cgo.go | 6 ++++++
lxd/seccomp/seccomp.go | 1 -
2 files changed, 6 insertions(+), 1 deletion(-)
create mode 100644 lxd/seccomp/cgo.go
diff --git a/lxd/seccomp/cgo.go b/lxd/seccomp/cgo.go
new file mode 100644
index 0000000000..dc496c86e3
--- /dev/null
+++ b/lxd/seccomp/cgo.go
@@ -0,0 +1,6 @@
+// +build linux,cgo
+
+package seccomp
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+import "C"
diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go
index 69171e026b..9c00e2eaac 100644
--- a/lxd/seccomp/seccomp.go
+++ b/lxd/seccomp/seccomp.go
@@ -244,7 +244,6 @@ static void prepare_seccomp_iovec(struct iovec *iov,
iov[3].iov_len = SECCOMP_COOKIE_SIZE;
}
*/
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
import "C"
const lxdSeccompNotifyMknod = C.LXD_SECCOMP_NOTIFY_MKNOD
From 987f9dfce1a53f9c0594e3f7318334ac7ccf7158 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:44:29 +0200
Subject: [PATCH 05/12] package: quota: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/storage/quota/cgo.go | 6 ++++++
lxd/storage/quota/projectquota.go | 1 -
2 files changed, 6 insertions(+), 1 deletion(-)
create mode 100644 lxd/storage/quota/cgo.go
diff --git a/lxd/storage/quota/cgo.go b/lxd/storage/quota/cgo.go
new file mode 100644
index 0000000000..dc844f10a0
--- /dev/null
+++ b/lxd/storage/quota/cgo.go
@@ -0,0 +1,6 @@
+// +build linux,cgo
+
+package quota
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+import "C"
diff --git a/lxd/storage/quota/projectquota.go b/lxd/storage/quota/projectquota.go
index dc69cbc1f6..f96032009d 100644
--- a/lxd/storage/quota/projectquota.go
+++ b/lxd/storage/quota/projectquota.go
@@ -152,7 +152,6 @@ int32_t quota_get_path(char *path) {
}
*/
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
import "C"
var errNoDevice = fmt.Errorf("Couldn't find backing device for mountpoint")
From 784772d82a007cdb54cd3ad393c0e4eea466ce06 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:46:05 +0200
Subject: [PATCH 06/12] package: storage: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/storage/cgo.go | 6 ++++++
lxd/storage/storage_cgo.go | 1 -
2 files changed, 6 insertions(+), 1 deletion(-)
create mode 100644 lxd/storage/cgo.go
diff --git a/lxd/storage/cgo.go b/lxd/storage/cgo.go
new file mode 100644
index 0000000000..e6545c6cad
--- /dev/null
+++ b/lxd/storage/cgo.go
@@ -0,0 +1,6 @@
+// +build linux,cgo
+
+package storage
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+import "C"
diff --git a/lxd/storage/storage_cgo.go b/lxd/storage/storage_cgo.go
index 048e63bb88..879e94ff54 100644
--- a/lxd/storage/storage_cgo.go
+++ b/lxd/storage/storage_cgo.go
@@ -251,7 +251,6 @@ int unset_autoclear_loop_device(int fd_loop)
return ioctl(fd_loop, LOOP_SET_STATUS64, &lo64);
}
*/
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
import "C"
// LoFlagsAutoclear determines whether the loop device will autodestruct on last
From 30f5679aab83f97630a6bc21b16a780980015754 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:48:23 +0200
Subject: [PATCH 07/12] package: ucred: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/ucred/cgo.go | 6 ++++++
lxd/ucred/ucred_gccgo.go | 1 -
2 files changed, 6 insertions(+), 1 deletion(-)
create mode 100644 lxd/ucred/cgo.go
diff --git a/lxd/ucred/cgo.go b/lxd/ucred/cgo.go
new file mode 100644
index 0000000000..8ebbc60d04
--- /dev/null
+++ b/lxd/ucred/cgo.go
@@ -0,0 +1,6 @@
+// +build linux,cgo,gccgo
+
+package ucred
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+import "C"
diff --git a/lxd/ucred/ucred_gccgo.go b/lxd/ucred/ucred_gccgo.go
index 80edb89bf7..3483333f07 100644
--- a/lxd/ucred/ucred_gccgo.go
+++ b/lxd/ucred/ucred_gccgo.go
@@ -35,7 +35,6 @@ void getucred(int sock, uint *uid, uint *gid, int *pid)
return;
}
*/
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
import "C"
// GetUCred returns the file descriptor's ucreds.
From 67bfeaef3663c25d9b6e2f4cad00f70ef71dd866 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:50:02 +0200
Subject: [PATCH 08/12] package: idmap: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
shared/idmap/cgo.go | 6 ++++++
shared/idmap/shift_linux.go | 1 -
2 files changed, 6 insertions(+), 1 deletion(-)
create mode 100644 shared/idmap/cgo.go
diff --git a/shared/idmap/cgo.go b/shared/idmap/cgo.go
new file mode 100644
index 0000000000..495561d620
--- /dev/null
+++ b/shared/idmap/cgo.go
@@ -0,0 +1,6 @@
+// +build linux,cgo
+
+package idmap
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+import "C"
diff --git a/shared/idmap/shift_linux.go b/shared/idmap/shift_linux.go
index 3f7b23c9bd..c4b3b50b30 100644
--- a/shared/idmap/shift_linux.go
+++ b/shared/idmap/shift_linux.go
@@ -151,7 +151,6 @@ int shiftowner(char *basepath, char *path, int uid, int gid)
return 0;
}
*/
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
import "C"
// ShiftOwner updates uid and gid for a file when entering/exiting a namespace
From 6f22c1c441dd98674c7b0181f4f9b4d2282efa34 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:51:16 +0200
Subject: [PATCH 09/12] package: netutils: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
shared/netutils/cgo.go | 6 ++++++
shared/netutils/network_linux.go | 1 -
2 files changed, 6 insertions(+), 1 deletion(-)
create mode 100644 shared/netutils/cgo.go
diff --git a/shared/netutils/cgo.go b/shared/netutils/cgo.go
new file mode 100644
index 0000000000..4483d7220b
--- /dev/null
+++ b/shared/netutils/cgo.go
@@ -0,0 +1,6 @@
+// +build linux,cgo
+
+package netutils
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+import "C"
diff --git a/shared/netutils/network_linux.go b/shared/netutils/network_linux.go
index 6d354acd5a..40dbeda6c2 100644
--- a/shared/netutils/network_linux.go
+++ b/shared/netutils/network_linux.go
@@ -22,7 +22,6 @@ import (
#include "unixfd.h"
#include "netns_getifaddrs.c"
*/
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
import "C"
func NetnsGetifaddrs(initPID int32) (map[string]api.InstanceStateNetwork, error) {
From 1314497b8b497d9a15333fc4e211b0665999b602 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:52:28 +0200
Subject: [PATCH 10/12] package: termios: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
shared/termios/cgo.go | 6 ++++++
shared/termios/termios_unix.go | 1 -
2 files changed, 6 insertions(+), 1 deletion(-)
create mode 100644 shared/termios/cgo.go
diff --git a/shared/termios/cgo.go b/shared/termios/cgo.go
new file mode 100644
index 0000000000..ebb96c0fec
--- /dev/null
+++ b/shared/termios/cgo.go
@@ -0,0 +1,6 @@
+// +build !windows,cgo
+
+package termios
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+import "C"
diff --git a/shared/termios/termios_unix.go b/shared/termios/termios_unix.go
index 95c9246584..7d9622fc08 100644
--- a/shared/termios/termios_unix.go
+++ b/shared/termios/termios_unix.go
@@ -11,7 +11,6 @@ import (
)
// #include <termios.h>
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
import "C"
// State contains the state of a terminal.
From e6c95375722a62d626389869328753d9f3c52fcd Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 13:53:32 +0200
Subject: [PATCH 11/12] package: shared: add cgo.go
Add a file which serves as central configuration unit for cgo build
options. This will make it way easier to track things and we can add
automated checking per package for this file and whether it has the
right build options set.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
shared/cgo.go | 7 +++++++
shared/util_linux_cgo.go | 2 --
2 files changed, 7 insertions(+), 2 deletions(-)
create mode 100644 shared/cgo.go
diff --git a/shared/cgo.go b/shared/cgo.go
new file mode 100644
index 0000000000..d470a51532
--- /dev/null
+++ b/shared/cgo.go
@@ -0,0 +1,7 @@
+// +build linux,cgo
+
+package shared
+
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+// #cgo LDFLAGS: -lutil -lpthread
+import "C"
diff --git a/shared/util_linux_cgo.go b/shared/util_linux_cgo.go
index 39e0dc3c91..7c46c02bca 100644
--- a/shared/util_linux_cgo.go
+++ b/shared/util_linux_cgo.go
@@ -137,8 +137,6 @@ again:
return ret;
}
*/
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
-// #cgo LDFLAGS: -lutil -lpthread
import "C"
const ABSTRACT_UNIX_SOCK_LEN int = C.ABSTRACT_UNIX_SOCK_LEN
From cf5b8a50c9c60b1257ec0ed83433fd5a025fafac Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 22 Oct 2019 14:30:30 +0200
Subject: [PATCH 12/12] lxd: add cgo hardening flags and fix minor bugs found
by them
Minimal required gcc version for this is 4.8 which is what we require for
liblxc as well.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/cgo.go | 7 ++++++-
lxd/main_checkfeature.go | 4 ++--
lxd/main_forkdns.go | 2 +-
lxd/main_forkfile.go | 3 ++-
lxd/main_forkmount.go | 13 ++++++++-----
lxd/main_forknet.go | 3 ++-
lxd/main_forkproxy.go | 2 +-
lxd/main_forksyscall.go | 6 +++---
lxd/main_forkuevent.go | 3 ++-
9 files changed, 27 insertions(+), 16 deletions(-)
diff --git a/lxd/cgo.go b/lxd/cgo.go
index abe0677c1d..f938f1b442 100644
--- a/lxd/cgo.go
+++ b/lxd/cgo.go
@@ -2,7 +2,12 @@
package main
-// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden
+// #cgo CFLAGS: -std=gnu11 -Wvla -Werror -fvisibility=hidden -Winit-self
+// #cgo CFLAGS: -Wformat=2 -Wshadow -Wendif-labels -fasynchronous-unwind-tables
+// #cgo CFLAGS: -pipe -Wcast-align --param=ssp-buffer-size=4 -g
+// #cgo CFLAGS: -Werror=implicit-function-declaration -Wlogical-op
+// #cgo CFLAGS: -Werror=return-type -Wendif-labels -Werror=overflow
+// #cgo CFLAGS: -Wnested-externs -fexceptions
// #cgo pkg-config: lxc
// #cgo pkg-config: libcap
import "C"
diff --git a/lxd/main_checkfeature.go b/lxd/main_checkfeature.go
index c9118f082a..ed121f3b5a 100644
--- a/lxd/main_checkfeature.go
+++ b/lxd/main_checkfeature.go
@@ -128,7 +128,7 @@ void is_netnsid_aware(int *hostnetns_fd, int *newnetns_fd)
netnsid_aware = true;
}
-void is_uevent_aware()
+static void is_uevent_aware(void)
{
if (can_inject_uevent("dummy", 6) < 0)
return;
@@ -285,7 +285,7 @@ static void is_seccomp_notify_aware(void)
}
-void checkfeature()
+void checkfeature(void)
{
__do_close_prot_errno int hostnetns_fd = -EBADF, newnetns_fd = -EBADF;
diff --git a/lxd/main_forkdns.go b/lxd/main_forkdns.go
index d49fa42321..e5dfea7252 100644
--- a/lxd/main_forkdns.go
+++ b/lxd/main_forkdns.go
@@ -53,7 +53,7 @@ again:
return 0;
}
-void forkdns()
+void forkdns(void)
{
ssize_t ret;
pid_t pid;
diff --git a/lxd/main_forkfile.go b/lxd/main_forkfile.go
index 14ff6d1a44..3911fcc2a7 100644
--- a/lxd/main_forkfile.go
+++ b/lxd/main_forkfile.go
@@ -403,7 +403,8 @@ void forkremovefile(char *rootfs, pid_t pid) {
_exit(0);
}
-void forkfile() {
+void forkfile(void)
+{
char *command = NULL;
char *rootfs = NULL;
pid_t pid = 0;
diff --git a/lxd/main_forkmount.go b/lxd/main_forkmount.go
index e81bc3ffc3..473bd42f35 100644
--- a/lxd/main_forkmount.go
+++ b/lxd/main_forkmount.go
@@ -129,7 +129,8 @@ void create(char *src, char *dest)
}
}
-void do_lxd_forkmount(pid_t pid) {
+static void do_lxd_forkmount(pid_t pid)
+{
char *src, *dest, *opts, *shiftfs;
attach_userns(pid);
@@ -187,7 +188,8 @@ void do_lxd_forkmount(pid_t pid) {
_exit(0);
}
-void do_lxd_forkumount(pid_t pid) {
+void do_lxd_forkumount(pid_t pid)
+{
int ret;
char *path = NULL;
@@ -239,7 +241,7 @@ static int lxc_safe_ulong(const char *numstr, unsigned long *converted)
}
#endif
-void do_lxc_forkmount()
+static void do_lxc_forkmount(void)
{
#if VERSION_AT_LEAST(3, 1, 0)
int ret;
@@ -285,7 +287,7 @@ void do_lxc_forkmount()
#endif
}
-void do_lxc_forkumount()
+static void do_lxc_forkumount(void)
{
#if VERSION_AT_LEAST(3, 1, 0)
int ret;
@@ -321,7 +323,8 @@ void do_lxc_forkumount()
#endif
}
-void forkmount() {
+void forkmount(void)
+{
char *cur = NULL;
char *command = NULL;
diff --git a/lxd/main_forknet.go b/lxd/main_forknet.go
index 5cbaded534..b24be09027 100644
--- a/lxd/main_forknet.go
+++ b/lxd/main_forknet.go
@@ -43,7 +43,8 @@ void forkdonetdetach(char *file) {
// Jump back to Go for the rest
}
-void forknet() {
+void forknet(void)
+{
char *command = NULL;
char *cur = NULL;
pid_t pid = 0;
diff --git a/lxd/main_forkproxy.go b/lxd/main_forkproxy.go
index 03454dabc0..ec758b3a73 100644
--- a/lxd/main_forkproxy.go
+++ b/lxd/main_forkproxy.go
@@ -91,7 +91,7 @@ again:
#define LISTEN_NEEDS_MNTNS 1U
#define CONNECT_NEEDS_MNTNS 2U
-void forkproxy()
+void forkproxy(void)
{
unsigned int needs_mntns = 0;
int connect_pid, listen_pid, log_fd;
diff --git a/lxd/main_forksyscall.go b/lxd/main_forksyscall.go
index 53f7edd4f3..f2599947cd 100644
--- a/lxd/main_forksyscall.go
+++ b/lxd/main_forksyscall.go
@@ -95,7 +95,7 @@ static bool acquire_basic_creds(pid_t pid)
// Expects command line to be in the form:
// <PID> <root-uid> <root-gid> <path> <mode> <dev>
-static void forkmknod()
+static void forkmknod(void)
{
__do_close_prot_errno int target_dir_fd = -EBADF;
char *cur = NULL, *target = NULL, *target_dir = NULL, *target_host = NULL;
@@ -235,7 +235,7 @@ static bool change_creds(int ns_fd, cap_t caps, uid_t nsuid, gid_t nsgid, uid_t
return true;
}
-static void forksetxattr()
+static void forksetxattr(void)
{
__do_close_prot_errno int ns_fd = -EBADF, target_fd = -EBADF;
int flags = 0;
@@ -316,7 +316,7 @@ static void forksetxattr()
}
}
-void forksyscall()
+void forksyscall(void)
{
char *syscall = NULL;
diff --git a/lxd/main_forkuevent.go b/lxd/main_forkuevent.go
index ac29e997f7..1b78125cfa 100644
--- a/lxd/main_forkuevent.go
+++ b/lxd/main_forkuevent.go
@@ -145,7 +145,8 @@ static int inject_uevent(const char *uevent, size_t len)
return 0;
}
-void forkuevent() {
+void forkuevent(void)
+{
char *uevent = NULL;
char *cur = NULL;
pid_t pid = 0;
More information about the lxc-devel
mailing list