[lxc-devel] [lxc/master] fixes

brauner on Github lxc-bot at linuxcontainers.org
Thu May 7 13:02:11 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200507/cc3750d9/attachment.bin>
-------------- next part --------------
From 50e3e83d3741e01073e5a84ac26f530824d23087 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 7 May 2020 14:54:31 +0200
Subject: [PATCH 1/3] tree-wide: this is all rather TODO than FIXME

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/attach_options.h | 2 +-
 src/lxc/lsm/apparmor.c   | 8 ++++----
 src/lxc/lxccontainer.h   | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/lxc/attach_options.h b/src/lxc/attach_options.h
index ec8bea1f6a..63e62d4ff0 100644
--- a/src/lxc/attach_options.h
+++ b/src/lxc/attach_options.h
@@ -26,7 +26,7 @@ enum {
 
 	/* The following are off by default: */
 	LXC_ATTACH_REMOUNT_PROC_SYS      = 0x00010000, /*!< Remount /proc filesystem */
-	LXC_ATTACH_LSM_NOW               = 0x00020000, /*!< FIXME: unknown */
+	LXC_ATTACH_LSM_NOW               = 0x00020000, /*!< TODO: currently unused */
 	/* Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges. */
 	LXC_ATTACH_NO_NEW_PRIVS		 = 0x00040000, /*!< PR_SET_NO_NEW_PRIVS */
 	LXC_ATTACH_TERMINAL              = 0x00080000, /*!< Allocate new terminal for attached process. */
diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index f251e5e7ec..4fc18eb438 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -122,7 +122,7 @@ static const char AA_PROFILE_BASE[] =
 "  deny /sys/kernel/debug/{,**} rwklx,\n"
 "\n"
 "  # allow paths to be made slave, shared, private or unbindable\n"
-"  # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.\n"
+"  # TODO: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.\n"
 "#  mount options=(rw,make-slave) -> **,\n"
 "#  mount options=(rw,make-rslave) -> **,\n"
 "#  mount options=(rw,make-shared) -> **,\n"
@@ -343,7 +343,7 @@ static const char AA_PROFILE_NESTING_BASE[] =
 "  mount /var/lib/lxd/shmounts/ -> /var/lib/lxd/shmounts/,\n"
 "  mount options=bind /var/lib/lxd/shmounts/** -> /var/lib/lxd/**,\n"
 "\n"
-"  # FIXME: There doesn't seem to be a way to ask for:\n"
+"  # TODO: There doesn't seem to be a way to ask for:\n"
 "  # mount options=(ro,nosuid,nodev,noexec,remount,bind),\n"
 "  # as we always get mount to $cdir/proc/sys with those flags denied\n"
 "  # So allow all mounts until that is straightened out:\n"
@@ -538,7 +538,7 @@ static inline char *apparmor_namespace(const char *ctname, const char *lxcpath)
 	return full;
 }
 
-/* FIXME: This is currently run only in the context of a constructor (via the
+/* TODO: This is currently run only in the context of a constructor (via the
  * initial lsm_init() called due to its __attribute__((constructor)), so we
  * do not have ERROR/... macros available, so there are some fprintf(stderr)s
  * in there.
@@ -560,7 +560,7 @@ static bool check_apparmor_parser_version()
 		lxc_pclose(parserpipe);
 		/* We stay silent for now as this most likely means the shell
 		 * lxc_popen executed failed to find the apparmor_parser binary.
-		 * See the FIXME comment above for details.
+		 * See the TODO comment above for details.
 		 */
 		return false;
 	}
diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
index 4577de7ff5..a9eaeb76bb 100644
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -90,7 +90,7 @@ struct lxc_container {
 	 * \private
 	 * Container configuration.
 	 *
-	 * \internal FIXME: do we want the whole lxc_handler?
+	 * \internal TODO: do we want the whole lxc_handler?
 	 */
 	struct lxc_conf *lxc_conf;
 

From c89e6d5843aadc6614846f740616d061ae0f1b17 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 7 May 2020 14:56:26 +0200
Subject: [PATCH 2/3] yum: remove unused module

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 config/yum/lxc-patch.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/config/yum/lxc-patch.py b/config/yum/lxc-patch.py
index d639e8425b..fd48298d6c 100644
--- a/config/yum/lxc-patch.py
+++ b/config/yum/lxc-patch.py
@@ -24,7 +24,6 @@
 import os
 from fnmatch import fnmatch
 from yum.plugins import TYPE_INTERACTIVE
-from yum.plugins import PluginYumExit
 
 requires_api_version = '2.0'
 plugin_type = (TYPE_INTERACTIVE,)

From a201349b342bf2cc649f5e5b3e3af69fa9fdd284 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 7 May 2020 15:01:30 +0200
Subject: [PATCH 3/3] tools/lxc-ls: shutup lgtm

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/tools/lxc_ls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/lxc/tools/lxc_ls.c b/src/lxc/tools/lxc_ls.c
index 4be8564d19..05d4bcecc8 100644
--- a/src/lxc/tools/lxc_ls.c
+++ b/src/lxc/tools/lxc_ls.c
@@ -1166,6 +1166,9 @@ static int ls_recv_str(int fd, char **buf)
 	if (ret != sizeof(slen))
 		return -1;
 
+	if (slen == SIZE_MAX)
+		return -1;
+
 	if (slen > 0) {
 		*buf = malloc(sizeof(char) * (slen + 1));
 		if (!*buf)

More information about the lxc-devel mailing list