From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 4 Jan 2021 10:06:02 +0000 (+0100)
Subject: conf: add lxc_wants_cap() helper
X-Git-Tag: lxc-5.0.0~325^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=309ae2876fe9f58a8db21c5218b859cfc441e597;p=thirdparty%2Flxc.git

conf: add lxc_wants_cap() helper

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 0078b3c85..bf181987f 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1832,10 +1832,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 	}
 
 	if (!wants_force_mount) {
-		if (!lxc_list_empty(&handler->conf->keepcaps))
-			wants_force_mount = !in_caplist(CAP_SYS_ADMIN, &handler->conf->keepcaps);
-		else
-			wants_force_mount = in_caplist(CAP_SYS_ADMIN, &handler->conf->caps);
+		wants_force_mount = lxc_wants_cap(CAP_SYS_ADMIN, handler->conf);
 
 		/*
 		 * Most recent distro versions currently have init system that
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 84b0f81b0..5a501b442 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -514,6 +514,15 @@ __hidden extern int run_script(const char *name, const char *section, const char
 __hidden extern int run_script_argv(const char *name, unsigned int hook_version, const char *section,
 				    const char *script, const char *hookname, char **argsin);
 __hidden extern int in_caplist(int cap, struct lxc_list *caps);
+
+static inline int lxc_wants_cap(int cap, struct lxc_conf *conf)
+{
+	if (!lxc_list_empty(&conf->keepcaps))
+		return !in_caplist(cap, &conf->keepcaps);
+
+	return in_caplist(cap, &conf->caps);
+}
+
 __hidden extern int setup_sysctl_parameters(struct lxc_list *sysctls);
 __hidden extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
 __hidden extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid);