lsm: hide unnecessary symbols

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 4ec6c7b8df503b845a575975996371a36d0b66fc..0c9215bb0fdf9eade0a18b02cd9f9c3a82c0ff18 100644 (file)
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -361,7 +361,8 @@ lxc_attach_SOURCES = tools/lxc_attach.c \
                     sync.c sync.h \
                     terminal.c terminal.h \
                     utils.c utils.h \
-                    uuid.c uuid.h
+                    uuid.c uuid.h \
+                    $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_attach_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -397,7 +398,8 @@ lxc_autostart_SOURCES = tools/lxc_autostart.c \
                        sync.c sync.h \
                        terminal.c terminal.h \
                        utils.c utils.h \
-                       uuid.c uuid.h
+                       uuid.c uuid.h \
+                       $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_autostart_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -433,7 +435,8 @@ lxc_cgroup_SOURCES = tools/lxc_cgroup.c \
                     sync.c sync.h \
                     terminal.c terminal.h \
                     utils.c utils.h \
-                    uuid.c uuid.h
+                    uuid.c uuid.h \
+                    $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_cgroup_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -469,7 +472,8 @@ lxc_config_SOURCES = tools/lxc_config.c \
                     sync.c sync.h \
                     terminal.c terminal.h \
                     utils.c utils.h \
-                    uuid.c uuid.h
+                    uuid.c uuid.h \
+                    $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_config_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -505,7 +509,8 @@ lxc_console_SOURCES = tools/lxc_console.c \
                      sync.c sync.h \
                      terminal.c terminal.h \
                      utils.c utils.h \
-                     uuid.c uuid.h
+                     uuid.c uuid.h \
+                     $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_console_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -541,7 +546,8 @@ lxc_destroy_SOURCES = tools/lxc_destroy.c \
                      sync.c sync.h \
                      terminal.c terminal.h \
                      utils.c utils.h \
-                     uuid.c uuid.h
+                     uuid.c uuid.h \
+                     $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_destroy_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -577,7 +583,8 @@ lxc_device_SOURCES = tools/lxc_device.c \
                     sync.c sync.h \
                     terminal.c terminal.h \
                     utils.c utils.h \
-                    uuid.c uuid.h
+                    uuid.c uuid.h \
+                    $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_device_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -613,7 +620,8 @@ lxc_execute_SOURCES = tools/lxc_execute.c \
                      sync.c sync.h \
                      terminal.c terminal.h \
                      utils.c utils.h \
-                     uuid.c uuid.h
+                     uuid.c uuid.h \
+                     $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_execute_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -649,7 +657,8 @@ lxc_freeze_SOURCES = tools/lxc_freeze.c \
                     sync.c sync.h \
                     terminal.c terminal.h \
                     utils.c utils.h \
-                    uuid.c uuid.h
+                    uuid.c uuid.h \
+                    $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_freeze_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -685,7 +694,8 @@ lxc_info_SOURCES = tools/lxc_info.c \
                   sync.c sync.h \
                   terminal.c terminal.h \
                   utils.c utils.h \
-                  uuid.c uuid.h
+                  uuid.c uuid.h \
+                  $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_info_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -722,7 +732,8 @@ lxc_monitor_SOURCES = tools/lxc_monitor.c \
                      sync.c sync.h \
                      terminal.c terminal.h \
                      utils.c utils.h \
-                     uuid.c uuid.h
+                     uuid.c uuid.h \
+                     $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_monitor_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -759,7 +770,8 @@ lxc_ls_SOURCES = tools/lxc_ls.c \
                 sync.c sync.h \
                 terminal.c terminal.h \
                 utils.c utils.h \
-                uuid.c uuid.h
+                uuid.c uuid.h \
+                $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_ls_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -796,7 +808,8 @@ lxc_copy_SOURCES = tools/lxc_copy.c \
                   sync.c sync.h \
                   terminal.c terminal.h \
                   utils.c utils.h \
-                  uuid.c uuid.h
+                  uuid.c uuid.h \
+                  $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_copy_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -832,7 +845,8 @@ lxc_start_SOURCES = tools/lxc_start.c \
                    sync.c sync.h \
                    terminal.c terminal.h \
                    utils.c utils.h \
-                   uuid.c uuid.h
+                   uuid.c uuid.h \
+                   $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_start_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -868,7 +882,8 @@ lxc_stop_SOURCES = tools/lxc_stop.c \
                   sync.c sync.h \
                   terminal.c terminal.h \
                   utils.c utils.h \
-                  uuid.c uuid.h
+                  uuid.c uuid.h \
+                  $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_stop_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -904,7 +919,8 @@ lxc_top_SOURCES = tools/lxc_top.c \
                  sync.c sync.h \
                  terminal.c terminal.h \
                  utils.c utils.h \
-                 uuid.c uuid.h
+                 uuid.c uuid.h \
+                 $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_top_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -940,7 +956,8 @@ lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \
                       sync.c sync.h \
                       terminal.c terminal.h \
                       utils.c utils.h \
-                      uuid.c uuid.h
+                      uuid.c uuid.h \
+                      $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_unfreeze_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -978,7 +995,8 @@ lxc_unshare_SOURCES = tools/lxc_unshare.c \
                      syscall_wrappers.h \
                      terminal.c terminal.h \
                      utils.c utils.h \
-                     uuid.c uuid.h
+                     uuid.c uuid.h \
+                     $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_unshare_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -1014,7 +1032,8 @@ lxc_wait_SOURCES = tools/lxc_wait.c \
                   sync.c sync.h \
                   terminal.c terminal.h \
                   utils.c utils.h \
-                  uuid.c uuid.h
+                  uuid.c uuid.h \
+                  $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_wait_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -1051,7 +1070,8 @@ lxc_create_SOURCES = tools/lxc_create.c \
                     sync.c sync.h \
                     terminal.c terminal.h \
                     utils.c utils.h \
-                    uuid.c uuid.h
+                    uuid.c uuid.h \
+                    $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_create_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -1087,7 +1107,8 @@ lxc_snapshot_SOURCES = tools/lxc_snapshot.c \
                       sync.c sync.h \
                       terminal.c terminal.h \
                       utils.c utils.h \
-                      uuid.c uuid.h
+                      uuid.c uuid.h \
+                      $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_snapshot_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -1123,7 +1144,8 @@ lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \
                         sync.c sync.h \
                         terminal.c terminal.h \
                         utils.c utils.h \
-                        uuid.c uuid.h
+                        uuid.c uuid.h \
+                        $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_checkpoint_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -1182,7 +1204,8 @@ lxc_monitord_SOURCES = cmd/lxc_monitord.c \
                       syscall_numbers.h \
                       terminal.c terminal.h \
                       utils.c utils.h \
-                      uuid.c uuid.h
+                      uuid.c uuid.h \
+                      $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_monitord_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -1221,7 +1244,8 @@ lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
                       syscall_wrappers.h \
                       terminal.c terminal.h \
                       utils.c utils.h \
-                      uuid.c uuid.h
+                      uuid.c uuid.h \
+                      $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_user_nic_SOURCES += seccomp.c lxcseccomp.h
 endif
@@ -1260,7 +1284,8 @@ lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
                         syscall_wrappers.h \
                         terminal.c terminal.h \
                         utils.c utils.h \
-                        uuid.c uuid.h
+                        uuid.c uuid.h \
+                        $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_usernsexec_SOURCES += seccomp.c lxcseccomp.h
 endif

diff --git a/src/lxc/lsm/lsm.h b/src/lxc/lsm/lsm.h
index ee578bb035cda5a125e564c2b84976ef534af611..8c7b4661c8d2b360e50b504b62a1f363fcdf8e37 100644 (file)
--- a/src/lxc/lsm/lsm.h
+++ b/src/lxc/lsm/lsm.h
@@ -7,6 +7,7 @@ struct lxc_conf;
 
 #include <sys/types.h>
 
+#include "compiler.h"
 #include "macro.h"
 #include "utils.h"
 
@@ -22,17 +23,15 @@ struct lsm_drv {
        void (*cleanup)(struct lxc_conf *conf, const char *lxcpath);
 };
 
-extern void lsm_init(void);
-extern int lsm_enabled(void);
-extern const char *lsm_name(void);
-extern char *lsm_process_label_get(pid_t pid);
-extern int lsm_process_prepare(struct lxc_conf *conf, const char *lxcpath);
-extern int lsm_process_label_set(const char *label, struct lxc_conf *conf,
-                                bool on_exec);
-extern int lsm_process_label_fd_get(pid_t pid, bool on_exec);
-extern int lsm_process_label_set_at(int label_fd, const char *label,
-                                   bool on_exec);
-extern void lsm_process_cleanup(struct lxc_conf *conf, const char *lxcpath);
-extern int lsm_keyring_label_set(char *label);
+__hidden extern void lsm_init(void);
+__hidden extern int lsm_enabled(void);
+__hidden extern const char *lsm_name(void);
+__hidden extern char *lsm_process_label_get(pid_t pid);
+__hidden extern int lsm_process_prepare(struct lxc_conf *conf, const char *lxcpath);
+__hidden extern int lsm_process_label_set(const char *label, struct lxc_conf *conf, bool on_exec);
+__hidden extern int lsm_process_label_fd_get(pid_t pid, bool on_exec);
+__hidden extern int lsm_process_label_set_at(int label_fd, const char *label, bool on_exec);
+__hidden extern void lsm_process_cleanup(struct lxc_conf *conf, const char *lxcpath);
+__hidden extern int lsm_keyring_label_set(char *label);
 
 #endif /* __LXC_LSM_H */

diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index c63799bbdf05af1e46cc2c82bf2ace14110a325d..02f554ce3980ef86281bc10b2c65deb14d951a88 100644 (file)
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -7,6 +7,18 @@ LDADD = ../lxc/liblxc.la \
        @SELINUX_LIBS@ \
        @DLOG_LIBS@
 
+LSM_SOURCES = ../lxc/lsm/lsm.c \
+             ../lxc/lsm/lsm.h \
+             ../lxc/lsm/nop.c
+
+if ENABLE_APPARMOR
+LSM_SOURCES += ../lxc/lsm/apparmor.c
+endif
+
+if ENABLE_SELINUX
+LSM_SOURCES += ../lxc/lsm/selinux.c
+endif
+
 lxc_test_api_reboot_SOURCES = api_reboot.c \
                              ../lxc/af_unix.c ../lxc/af_unix.h \
                              ../lxc/caps.c ../lxc/caps.h \
@@ -37,7 +49,8 @@ lxc_test_api_reboot_SOURCES = api_reboot.c \
                              ../lxc/string_utils.c ../lxc/string_utils.h \
                              ../lxc/terminal.c ../lxc/terminal.h \
                              ../lxc/utils.c ../lxc/utils.h \
-                             ../lxc/uuid.c ../lxc/uuid.h
+                             ../lxc/uuid.c ../lxc/uuid.h \
+                             $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_test_api_reboot_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
 endif
@@ -72,7 +85,8 @@ lxc_test_apparmor_SOURCES = aa.c \
                            ../lxc/string_utils.c ../lxc/string_utils.h \
                            ../lxc/terminal.c ../lxc/terminal.h \
                            ../lxc/utils.c ../lxc/utils.h \
-                           ../lxc/uuid.c ../lxc/uuid.h
+                           ../lxc/uuid.c ../lxc/uuid.h \
+                           $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_test_apparmor_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
 endif
@@ -107,7 +121,8 @@ lxc_test_attach_SOURCES = attach.c \
                          ../lxc/string_utils.c ../lxc/string_utils.h \
                          ../lxc/terminal.c ../lxc/terminal.h \
                          ../lxc/utils.c ../lxc/utils.h \
-                         ../lxc/uuid.c ../lxc/uuid.h
+                         ../lxc/uuid.c ../lxc/uuid.h \
+                         $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_test_attach_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
 endif
@@ -143,7 +158,8 @@ lxc_test_cgpath_SOURCES = cgpath.c \
                          ../lxc/string_utils.c ../lxc/string_utils.h \
                          ../lxc/terminal.c ../lxc/terminal.h \
                          ../lxc/utils.c ../lxc/utils.h \
-                         ../lxc/uuid.c ../lxc/uuid.h
+                         ../lxc/uuid.c ../lxc/uuid.h \
+                         $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_test_cgpath_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
 endif
@@ -181,7 +197,8 @@ lxc_test_config_jump_table_SOURCES = config_jump_table.c \
                                     ../lxc/string_utils.c ../lxc/string_utils.h \
                                     ../lxc/terminal.c ../lxc/terminal.h \
                                     ../lxc/utils.c ../lxc/utils.h \
-                                    ../lxc/uuid.c ../lxc/uuid.h
+                                    ../lxc/uuid.c ../lxc/uuid.h \
+                                    $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_test_config_jump_table_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
 endif
@@ -227,7 +244,8 @@ lxc_test_locktests_SOURCES = locktests.c \
                             ../lxc/string_utils.c ../lxc/string_utils.h \
                             ../lxc/terminal.c ../lxc/terminal.h \
                             ../lxc/utils.c ../lxc/utils.h \
-                            ../lxc/uuid.c ../lxc/uuid.h
+                            ../lxc/uuid.c ../lxc/uuid.h \
+                            $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_test_locktests_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
 endif
@@ -265,7 +283,8 @@ lxc_test_mount_injection_SOURCES = mount_injection.c \
                                   ../lxc/string_utils.c ../lxc/string_utils.h \
                                   ../lxc/terminal.c ../lxc/terminal.h \
                                   ../lxc/utils.c ../lxc/utils.h \
-                                  ../lxc/uuid.c ../lxc/uuid.h
+                                  ../lxc/uuid.c ../lxc/uuid.h \
+                                  $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_test_mount_injection_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
 endif
@@ -301,23 +320,49 @@ lxc_test_parse_config_file_SOURCES = parse_config_file.c \
                                     ../lxc/string_utils.c ../lxc/string_utils.h \
                                     ../lxc/terminal.c ../lxc/terminal.h \
                                     ../lxc/utils.c ../lxc/utils.h \
-                                    ../lxc/uuid.c ../lxc/uuid.h
+                                    ../lxc/uuid.c ../lxc/uuid.h \
+                                    $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_test_parse_config_file_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
 endif
 
 lxc_test_raw_clone_SOURCES = lxc_raw_clone.c \
                             lxctest.h \
+                            ../lxc/af_unix.c ../lxc/af_unix.h \
                             ../lxc/caps.c ../lxc/caps.h \
                             ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \
                             ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \
                             ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \
+                            ../lxc/commands.c ../lxc/commands.h \
+                            ../lxc/commands_utils.c ../lxc/commands_utils.h \
+                            ../lxc/conf.c ../lxc/conf.h \
+                            ../lxc/confile.c ../lxc/confile.h \
+                            ../lxc/confile_utils.c ../lxc/confile_utils.h \
+                            ../lxc/error.c ../lxc/error.h \
                             ../lxc/file_utils.c ../lxc/file_utils.h \
+                            ../lxc/initutils.c ../lxc/initutils.h \
                             ../lxc/log.c ../lxc/log.h \
+                            ../lxc/lxclock.c ../lxc/lxclock.h \
+                            ../lxc/mainloop.c ../lxc/mainloop.h \
+                            ../lxc/monitor.c ../lxc/monitor.h \
                             ../lxc/namespace.c ../lxc/namespace.h \
+                            ../lxc/network.c ../lxc/network.h \
+                            ../lxc/nl.c ../lxc/nl.h \
+                            ../lxc/parse.c ../lxc/parse.h \
                             ../lxc/process_utils.c ../lxc/process_utils.h \
+                            ../lxc/ringbuf.c ../lxc/ringbuf.h \
+                            ../lxc/start.c ../lxc/start.h \
+                            ../lxc/state.c ../lxc/state.h \
+                            ../lxc/sync.c ../lxc/sync.h \
                             ../lxc/string_utils.c ../lxc/string_utils.h \
-                            ../lxc/utils.c ../lxc/utils.h
+                            ../lxc/terminal.c ../lxc/terminal.h \
+                            ../lxc/utils.c ../lxc/utils.h \
+                            ../lxc/uuid.c ../lxc/uuid.h \
+                            $(LSM_SOURCES)
+if ENABLE_SECCOMP
+lxc_test_raw_clone_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
 lxc_test_reboot_SOURCES = reboot.c
 lxc_test_saveconfig_SOURCES = saveconfig.c
 lxc_test_share_ns_SOURCES = share_ns.c \
@@ -363,7 +408,8 @@ lxc_test_utils_SOURCES = lxc-test-utils.c \
                          ../lxc/string_utils.c ../lxc/string_utils.h \
                          ../lxc/terminal.c ../lxc/terminal.h \
                          ../lxc/utils.c ../lxc/utils.h \
-                         ../lxc/uuid.c ../lxc/uuid.h
+                         ../lxc/uuid.c ../lxc/uuid.h \
+                         $(LSM_SOURCES)
 if ENABLE_SECCOMP
 lxc_test_utils_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
 endif