lxcseccomp: hide unnecessary symbols

author Christian Brauner <christian.brauner@ubuntu.com>

Mon, 20 Jul 2020 15:26:12 +0000 (17:26 +0200)

committer Christian Brauner <christian.brauner@ubuntu.com>

Mon, 20 Jul 2020 15:47:19 +0000 (17:47 +0200)
author Christian Brauner <christian.brauner@ubuntu.com>
Mon, 20 Jul 2020 15:26:12 +0000 (17:26 +0200)
committer Christian Brauner <christian.brauner@ubuntu.com>
Mon, 20 Jul 2020 15:47:19 +0000 (17:47 +0200)
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am

index 32ab6eeb06bae9e032fc7584b6e7f75798fe65b0..2caaaad252a6a825aa7feb596dd3a30baa2518fd 100644 (file)
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -183,7 +183,7 @@ endif
  endif
  
  if ENABLE_SECCOMP
-liblxc_la_SOURCES += seccomp.c
+liblxc_la_SOURCES += seccomp.c lxcseccomp.h
  endif
  
  if !HAVE_STRLCPY
@@ -341,6 +341,10 @@ lxc_attach_SOURCES = tools/lxc_attach.c \
                      log.c log.h \
                      rexec.c rexec.h \
                      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_attach_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_autostart_SOURCES = tools/lxc_autostart.c \
                         tools/arguments.c tools/arguments.h \
                         af_unix.c af_unix.h \
@@ -352,6 +356,10 @@ lxc_autostart_SOURCES = tools/lxc_autostart.c \
                         initutils.c initutils.h \
                         log.c log.h \
                         string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_autostart_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_cgroup_SOURCES = tools/lxc_cgroup.c \
                      tools/arguments.c tools/arguments.h \
                      af_unix.c af_unix.h \
@@ -363,6 +371,10 @@ lxc_cgroup_SOURCES = tools/lxc_cgroup.c \
                      initutils.c initutils.h \
                      log.c log.h \
                      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_cgroup_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_config_SOURCES = tools/lxc_config.c \
                      tools/arguments.c tools/arguments.h \
                      af_unix.c af_unix.h \
@@ -374,6 +386,10 @@ lxc_config_SOURCES = tools/lxc_config.c \
                      initutils.c initutils.h \
                      log.c log.h \
                      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_config_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_console_SOURCES = tools/lxc_console.c \
                       tools/arguments.c tools/arguments.h \
                       af_unix.c af_unix.h \
@@ -385,6 +401,10 @@ lxc_console_SOURCES = tools/lxc_console.c \
                       initutils.c initutils.h \
                       log.c log.h \
                       string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_console_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_destroy_SOURCES = tools/lxc_destroy.c \
                       tools/arguments.c tools/arguments.h \
                       af_unix.c af_unix.h \
@@ -396,6 +416,10 @@ lxc_destroy_SOURCES = tools/lxc_destroy.c \
                       initutils.c initutils.h \
                       log.c log.h \
                       string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_destroy_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_device_SOURCES = tools/lxc_device.c \
                      tools/arguments.c tools/arguments.h \
                      af_unix.c af_unix.h \
@@ -407,6 +431,10 @@ lxc_device_SOURCES = tools/lxc_device.c \
                      initutils.c initutils.h \
                      log.c log.h \
                      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_device_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_execute_SOURCES = tools/lxc_execute.c \
                       tools/arguments.c tools/arguments.h \
                       af_unix.c af_unix.h \
@@ -418,6 +446,10 @@ lxc_execute_SOURCES = tools/lxc_execute.c \
                       initutils.c initutils.h \
                       log.c log.h \
                       string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_execute_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_freeze_SOURCES = tools/lxc_freeze.c \
                      tools/arguments.c tools/arguments.h \
                      af_unix.c af_unix.h \
@@ -429,6 +461,10 @@ lxc_freeze_SOURCES = tools/lxc_freeze.c \
                      initutils.c initutils.h \
                      log.c log.h \
                      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_freeze_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_info_SOURCES = tools/lxc_info.c \
                    tools/arguments.c tools/arguments.h \
                    af_unix.c af_unix.h \
@@ -440,6 +476,10 @@ lxc_info_SOURCES = tools/lxc_info.c \
                    initutils.c initutils.h \
                    log.c log.h \
                    string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_info_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_monitor_SOURCES = tools/lxc_monitor.c \
                       tools/arguments.c tools/arguments.h \
                       af_unix.c af_unix.h \
@@ -452,6 +492,10 @@ lxc_monitor_SOURCES = tools/lxc_monitor.c \
                       log.c log.h \
                       macro.h \
                       string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_monitor_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_ls_SOURCES = tools/lxc_ls.c \
                  tools/arguments.c tools/arguments.h \
                  af_unix.c af_unix.h \
@@ -464,6 +508,10 @@ lxc_ls_SOURCES = tools/lxc_ls.c \
                  log.c log.h \
                  memory_utils.h \
                  string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_ls_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_copy_SOURCES = tools/lxc_copy.c \
                    tools/arguments.c tools/arguments.h \
                    af_unix.c af_unix.h \
@@ -476,6 +524,10 @@ lxc_copy_SOURCES = tools/lxc_copy.c \
                    log.c log.h \
                    storage/storage_utils.c storage/storage_utils.h \
                    string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_copy_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_start_SOURCES = tools/lxc_start.c \
                     tools/arguments.c tools/arguments.h \
                     af_unix.c af_unix.h \
@@ -487,6 +539,10 @@ lxc_start_SOURCES = tools/lxc_start.c \
                     initutils.c initutils.h \
                     log.c log.h \
                     string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_start_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_stop_SOURCES = tools/lxc_stop.c \
                    tools/arguments.c tools/arguments.h \
                    af_unix.c af_unix.h \
@@ -498,6 +554,10 @@ lxc_stop_SOURCES = tools/lxc_stop.c \
                    initutils.c initutils.h \
                    log.c log.h \
                    string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_stop_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_top_SOURCES = tools/lxc_top.c \
                   tools/arguments.c tools/arguments.h \
                   af_unix.c af_unix.h \
@@ -509,6 +569,10 @@ lxc_top_SOURCES = tools/lxc_top.c \
                   initutils.c initutils.h \
                   log.c log.h \
                   string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_top_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \
                        tools/arguments.c tools/arguments.h \
                        af_unix.c af_unix.h \
@@ -520,6 +584,10 @@ lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \
                        initutils.c initutils.h \
                        log.c log.h \
                        string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_unfreeze_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_unshare_SOURCES = tools/lxc_unshare.c \
                       tools/arguments.c tools/arguments.h \
                       af_unix.c af_unix.h \
@@ -533,6 +601,10 @@ lxc_unshare_SOURCES = tools/lxc_unshare.c \
                       string_utils.c string_utils.h \
                       syscall_numbers.h \
                       syscall_wrappers.h
+if ENABLE_SECCOMP
+lxc_unshare_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_wait_SOURCES = tools/lxc_wait.c \
                    tools/arguments.c tools/arguments.h \
                    af_unix.c af_unix.h \
@@ -544,6 +616,10 @@ lxc_wait_SOURCES = tools/lxc_wait.c \
                    initutils.c initutils.h \
                    log.c log.h \
                    string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_wait_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_create_SOURCES = tools/lxc_create.c \
                      tools/arguments.c tools/arguments.h \
                      af_unix.c af_unix.h \
@@ -556,6 +632,10 @@ lxc_create_SOURCES = tools/lxc_create.c \
                      log.c log.h \
                      storage/storage_utils.c storage/storage_utils.h \
                      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_create_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_snapshot_SOURCES = tools/lxc_snapshot.c \
                        tools/arguments.c tools/arguments.h \
                        af_unix.c af_unix.h \
@@ -567,6 +647,10 @@ lxc_snapshot_SOURCES = tools/lxc_snapshot.c \
                        initutils.c initutils.h \
                        log.c log.h \
                        string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_snapshot_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \
                          tools/arguments.c tools/arguments.h \
                          af_unix.c af_unix.h \
@@ -578,6 +662,10 @@ lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \
                          initutils.c initutils.h \
                          log.c log.h \
                          string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_checkpoint_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  endif
  
  if ENABLE_COMMANDS
@@ -594,6 +682,9 @@ init_lxc_SOURCES = cmd/lxc_init.c \
                    process_utils.c process_utils.h \
                    syscall_numbers.h \
                    string_utils.c string_utils.h
+if ENABLE_SECCOMP
+init_lxc_SOURCES += seccomp.c lxcseccomp.h
+endif
  
  init_lxc_LDFLAGS = -pthread
  
@@ -612,6 +703,10 @@ lxc_monitord_SOURCES = cmd/lxc_monitord.c \
                        string_utils.c string_utils.h \
                        syscall_numbers.h \
                        utils.c utils.h
+if ENABLE_SECCOMP
+lxc_monitord_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
                        ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \
                        af_unix.c af_unix.h \
@@ -630,6 +725,10 @@ lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
                        syscall_numbers.h \
                        string_utils.c string_utils.h \
                        syscall_wrappers.h
+if ENABLE_SECCOMP
+lxc_user_nic_SOURCES += seccomp.c lxcseccomp.h
+endif
+
  lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
                          af_unix.c af_unix.h \
                          caps.c caps.h \
@@ -645,6 +744,9 @@ lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
                          string_utils.c string_utils.h \
                          syscall_wrappers.h \
                          utils.c utils.h
+if ENABLE_SECCOMP
+lxc_usernsexec_SOURCES += seccomp.c lxcseccomp.h
+endif
  endif
  
  
diff --git a/src/lxc/lxcseccomp.h b/src/lxc/lxcseccomp.h

index d96a015b222ff51dc0b39f4c075f01cbb34f253e..2e9bda5a4318631a90f5d53b65ad6b1f1630be58 100644 (file)
--- a/src/lxc/lxcseccomp.h
+++ b/src/lxc/lxcseccomp.h
@@ -16,6 +16,7 @@
  #include <sys/un.h>
  #endif
  
+#include "compiler.h"
  #include "conf.h"
  #include "config.h"
  #include "memory_utils.h"
@@ -77,21 +78,19 @@ struct lxc_seccomp {
  #endif /* HAVE_DECL_SECCOMP_NOTIFY_FD */
  };
  
-extern int lxc_seccomp_load(struct lxc_conf *conf);
-extern int lxc_read_seccomp_config(struct lxc_conf *conf);
-extern void lxc_seccomp_free(struct lxc_seccomp *seccomp);
-extern int seccomp_notify_handler(int fd, uint32_t events, void *data,
-                                 struct lxc_epoll_descr *descr);
-extern void seccomp_conf_init(struct lxc_conf *conf);
-extern int lxc_seccomp_setup_proxy(struct lxc_seccomp *seccomp,
-                                  struct lxc_epoll_descr *descr,
-                                  struct lxc_handler *handler);
-extern int lxc_seccomp_send_notifier_fd(struct lxc_seccomp *seccomp,
-                                       int socket_fd);
-extern int lxc_seccomp_recv_notifier_fd(struct lxc_seccomp *seccomp,
-                                       int socket_fd);
-extern int lxc_seccomp_add_notifier(const char *name, const char *lxcpath,
-                                   struct lxc_seccomp *seccomp);
+__hidden extern int lxc_seccomp_load(struct lxc_conf *conf);
+__hidden extern int lxc_read_seccomp_config(struct lxc_conf *conf);
+__hidden extern void lxc_seccomp_free(struct lxc_seccomp *seccomp);
+__hidden extern int seccomp_notify_handler(int fd, uint32_t events, void *data,
+                                          struct lxc_epoll_descr *descr);
+__hidden extern void seccomp_conf_init(struct lxc_conf *conf);
+__hidden extern int lxc_seccomp_setup_proxy(struct lxc_seccomp *seccomp,
+                                           struct lxc_epoll_descr *descr,
+                                           struct lxc_handler *handler);
+__hidden extern int lxc_seccomp_send_notifier_fd(struct lxc_seccomp *seccomp, int socket_fd);
+__hidden extern int lxc_seccomp_recv_notifier_fd(struct lxc_seccomp *seccomp, int socket_fd);
+__hidden extern int lxc_seccomp_add_notifier(const char *name, const char *lxcpath,
+                                            struct lxc_seccomp *seccomp);
  static inline int lxc_seccomp_get_notify_fd(struct lxc_seccomp *seccomp)
  {
  #if HAVE_DECL_SECCOMP_NOTIFY_FD
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am

index 8c84c1d2bc7a38f7cb00560c3f9c1c0694ae9957..064b2b0f63302ffb05db9ca313114a697f488463 100644 (file)
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -1,6 +1,11 @@
  if ENABLE_TESTS
  
-LDADD = ../lxc/liblxc.la
+LDADD = ../lxc/liblxc.la \
+       @CAP_LIBS@ \
+       @OPENSSL_LIBS@ \
+       @SECCOMP_LIBS@ \
+       @SELINUX_LIBS@ \
+       @DLOG_LIBS@
  
  lxc_test_api_reboot_SOURCES = api_reboot.c \
                               ../lxc/af_unix.c ../lxc/af_unix.h \
@@ -16,6 +21,10 @@ lxc_test_api_reboot_SOURCES = api_reboot.c \
                               ../lxc/network.c ../lxc/network.h \
                               ../lxc/nl.c ../lxc/nl.h \
                               ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_api_reboot_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
  lxc_test_apparmor_SOURCES = aa.c
  lxc_test_attach_SOURCES = attach.c \
                           ../lxc/af_unix.c ../lxc/af_unix.h \
@@ -31,6 +40,10 @@ lxc_test_attach_SOURCES = attach.c \
                           ../lxc/network.c ../lxc/network.h \
                           ../lxc/nl.c ../lxc/nl.h \
                           ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_attach_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
  lxc_test_basic_SOURCES = basic.c
  lxc_test_cgpath_SOURCES = cgpath.c \
                           ../lxc/af_unix.c ../lxc/af_unix.h \
@@ -46,6 +59,10 @@ lxc_test_cgpath_SOURCES = cgpath.c \
                           ../lxc/network.c ../lxc/network.h \
                           ../lxc/nl.c ../lxc/nl.h \
                           ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_cgpath_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
  lxc_test_clonetest_SOURCES = clonetest.c
  lxc_test_concurrent_SOURCES = concurrent.c
  lxc_test_config_jump_table_SOURCES = config_jump_table.c \
@@ -63,6 +80,10 @@ lxc_test_config_jump_table_SOURCES = config_jump_table.c \
                                      ../lxc/network.c ../lxc/network.h \
                                      ../lxc/nl.c ../lxc/nl.h \
                                      ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_config_jump_table_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
  lxc_test_console_SOURCES = console.c
  lxc_test_console_log_SOURCES = console_log.c lxctest.h
  lxc_test_containertests_SOURCES = containertests.c
@@ -99,6 +120,10 @@ lxc_test_parse_config_file_SOURCES = parse_config_file.c \
                                      ../lxc/network.c ../lxc/network.h \
                                      ../lxc/nl.c ../lxc/nl.h \
                                      ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_parse_config_file_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
  lxc_test_raw_clone_SOURCES = lxc_raw_clone.c \
                              lxctest.h \
                              ../lxc/caps.c ../lxc/caps.h \
@@ -137,6 +162,9 @@ lxc_test_utils_SOURCES = lxc-test-utils.c \
                           ../lxc/network.c ../lxc/network.h \
                           ../lxc/nl.c ../lxc/nl.h \
                           ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_utils_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
  
  AM_CFLAGS=-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
           -DLXCPATH=\"$(LXCPATH)\" \
author	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 20 Jul 2020 15:26:12 +0000 (17:26 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 20 Jul 2020 15:47:19 +0000 (17:47 +0200)
src/lxc/Makefile.am		patch \| blob \| blame \| history
src/lxc/lxcseccomp.h		patch \| blob \| blame \| history
src/tests/Makefile.am		patch \| blob \| blame \| history