cgroups/devices: use dedicated enums

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c
index 72511ba7119ad9f695570713c7b06e4934e7a94c..aa6eff884c1f85036aa32a5cdfb9df8095612d14 100644 (file)
--- a/src/lxc/cgroups/cgroup2_devices.c
+++ b/src/lxc/cgroups/cgroup2_devices.c
@@ -447,7 +447,8 @@ int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device)
        lxc_list_for_each(it, &conf->devices) {
                struct device_item *cur = it->elem;
 
-               if (cur->global_rule != -1 && device->global_rule != -1) {
+               if (cur->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE &&
+                   device->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE) {
                        TRACE("Switched from %s to %s",
                              cur->global_rule == LXC_BPF_DEVICE_CGROUP_WHITELIST
                                  ? "whitelist"

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index cfd74561602b9f890bcc68593b32e141d1ea40bf..eb5023acd09b7d64fc4d30ab33e9db155e1c2d3f 100644 (file)
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -231,9 +231,9 @@ struct lxc_state_client {
 };
 
 enum {
+       LXC_BPF_DEVICE_CGROUP_LOCAL_RULE = -1,
        LXC_BPF_DEVICE_CGROUP_WHITELIST  =  0,
        LXC_BPF_DEVICE_CGROUP_BLACKLIST  =  1,
-       LXC_BPF_DEVICE_CGROUP_LOCAL_RULE = -1,
 };
 
 struct device_item {