conf: improve capability handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index e464042d8dc8bd5b0c8562840c87b8df154d216a..08dd62364f143d267cb67219ab9d3b01e44375fc 100644 (file)
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -209,7 +209,8 @@ int lxc_caps_init(void)
 
 static long int _real_caps_last_cap(void)
 {
-       int fd, result = -1;
+       __do_close int fd = -EBADF;
+       __s32 result = -1;
 
        /* Try to get the maximum capability over the kernel interface
         * introduced in v3.2.
@@ -230,7 +231,7 @@ static long int _real_caps_last_cap(void)
 
                close(fd);
        } else {
-               int cap = 0;
+               __s32 cap = 0;
 
                /* Try to get it manually by trying to get the status of each
                 * capability individually from the kernel.
@@ -246,7 +247,7 @@ static long int _real_caps_last_cap(void)
 
 int lxc_caps_last_cap(void)
 {
-       static long int last_cap = -1;
+       static __s32 last_cap = -1;
 
        if (last_cap < 0) {
                last_cap = _real_caps_last_cap();

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a185acc5cbd4dd6334375b00663a452214a30e06..ad4c5ca149ea5c713b30d7d102c53d595cb948cb 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3176,11 +3176,11 @@ static int capabilities_deny(struct lxc_conf *conf)
 static int capabilities_allow(struct lxc_conf *conf)
 {
        __do_free __u32 *keep_bits = NULL;
-       int numcaps;
+       __s32 numcaps;
        struct cap_entry *cap;
        size_t nr_u32;
 
-       numcaps = lxc_caps_last_cap() + 1;
+       numcaps = lxc_caps_last_cap();
        if (numcaps <= 0 || numcaps > 200)
                return ret_errno(EINVAL);
 
@@ -3192,14 +3192,14 @@ static int capabilities_allow(struct lxc_conf *conf)
                return ret_errno(ENOMEM);
 
        list_for_each_entry(cap, &conf->caps.list, head) {
-               if (cap->cap >= numcaps)
+               if (cap->cap > numcaps)
                        continue;
 
                set_bit(cap->cap, keep_bits);
                DEBUG("Keeping %s (%d) capability", cap->cap_name, cap->cap);
        }
 
-       for (int cap_bit = 0; cap_bit < numcaps; cap_bit++) {
+       for (__s32 cap_bit = 0; cap_bit <= numcaps; cap_bit++) {
                int ret;
 
                if (is_set(cap_bit, keep_bits))

diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index ab0950c7ef860c1d3d5ec815ea4adef473d3532b..291d158b26d5a555eba5cad1d824bafd07fbe372 100644 (file)
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -770,19 +770,19 @@ typedef long long unsigned int llu;
 #define DIV_ROUND_UP(n, d) (((n) + (d)-1) / (d))
 #define BITS_TO_LONGS(nr) DIV_ROUND_UP(nr, NBITS)
 
-static inline void set_bit(unsigned bit, uint32_t *bitarr)
+static inline void set_bit(__u32 bit, __u32 *bitarr)
 {
-       bitarr[bit / NBITS] |= (1 << (bit % NBITS));
+       bitarr[bit / NBITS] |= ((__u32)1 << (bit % NBITS));
 }
 
-static inline void clear_bit(unsigned bit, uint32_t *bitarr)
+static inline void clear_bit(__u32 bit, __u32 *bitarr)
 {
-       bitarr[bit / NBITS] &= ~(1 << (bit % NBITS));
+       bitarr[bit / NBITS] &= ~((__u32)1 << (bit % NBITS));
 }
 
-static inline bool is_set(unsigned bit, uint32_t *bitarr)
+static inline bool is_set(__u32 bit, __u32 *bitarr)
 {
-       return (bitarr[bit / NBITS] & (1 << (bit % NBITS))) != 0;
+       return (bitarr[bit / NBITS] & ((__u32)1 << (bit % NBITS))) != 0;
 }
 
 #endif /* __LXC_MACRO_H */