lsm: fix integer comparisons

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index 0667526d41e4a033a48eed1993573bdf610be78a..2d81acdc8e1427903f98be7c8d1c92896b00a31c 100644 (file)
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -406,7 +406,7 @@ static int __apparmor_process_label_open(struct lsm_ops *ops, pid_t pid, int o_f
 
        /* first try the apparmor subdir */
        ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/apparmor/current", pid);
-       if (ret < 0 || ret >= LXC_LSMATTRLEN)
+       if (ret < 0 || (size_t)ret >= LXC_LSMATTRLEN)
                return -1;
 
        labelfd = open(path, o_flags);
@@ -417,7 +417,7 @@ static int __apparmor_process_label_open(struct lsm_ops *ops, pid_t pid, int o_f
 
        /* fallback to legacy global attr directory */
        ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/current", pid);
-       if (ret < 0 || ret >= LXC_LSMATTRLEN)
+       if (ret < 0 || (size_t)ret >= LXC_LSMATTRLEN)
                return -1;
 
        labelfd = open(path, o_flags);
@@ -721,13 +721,12 @@ static void append_all_remount_rules(char **profile, size_t *size)
        const size_t buf_append_pos = strlen(buf);
 
        const size_t opt_count = ARRAY_SIZE(REMOUNT_OPTIONS);
-       size_t opt_bits;
 
        must_append_sized(profile, size,
                          "# allow various ro-bind-*re*mounts\n",
                          sizeof("# allow various ro-bind-*re*mounts\n")-1);
 
-       for (opt_bits = 0; opt_bits != 1 << opt_count; ++opt_bits) {
+       for (size_t opt_bits = 0; opt_bits != (size_t)1 << opt_count; ++opt_bits) {
                size_t at = buf_append_pos;
                unsigned bit = 1;
                size_t o;

diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index 34987a6c7f7690727d5b54f8ef130772e24dbd08..e0833f1b7bc3643f8962c86c3a024b4e75bcc24d 100644 (file)
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -136,7 +136,7 @@ static int selinux_process_label_fd_get(struct lsm_ops *ops, pid_t pid, bool on_
                ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/exec", pid);
        else
                ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/current", pid);
-       if (ret < 0 || ret >= LXC_LSMATTRLEN)
+       if (ret < 0 || (size_t)ret >= LXC_LSMATTRLEN)
                return -1;
 
        labelfd = open(path, O_RDWR);