From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 31 May 2017 07:21:41 +0000 (+0200)
Subject: confile: add getter for lxc.no_new_privs
X-Git-Tag: lxc-2.1.0~110^2~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b09521ac54be365634223eb5ed0270566a254f6e;p=thirdparty%2Flxc.git

confile: add getter for lxc.no_new_privs

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 52fd6110a..55543489a 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -207,6 +207,8 @@ static int set_config_ephemeral(const char *, const char *, struct lxc_conf *);
 static int get_config_ephemeral(struct lxc_container *, const char *, char *, int);
 
 static int set_config_no_new_privs(const char *, const char *, struct lxc_conf *);
+static int get_config_no_new_privs(struct lxc_container *, const char *, char *, int);
+
 static int set_config_limit(const char *, const char *, struct lxc_conf *);
 
 static struct lxc_config_t config[] = {
@@ -279,7 +281,7 @@ static struct lxc_config_t config[] = {
 	{ "lxc.init_gid",             set_config_init_gid,             get_config_init_gid,          NULL},
 	{ "lxc.ephemeral",            set_config_ephemeral,            get_config_ephemeral,         NULL},
 	{ "lxc.syslog",               set_config_syslog,               get_config_syslog,            NULL},
-	{ "lxc.no_new_privs",	      set_config_no_new_privs,	    NULL, NULL},
+	{ "lxc.no_new_privs",	      set_config_no_new_privs,         get_config_no_new_privs,      NULL},
 	{ "lxc.limit",                set_config_limit,                 NULL, NULL},
 };
 
@@ -2724,9 +2726,7 @@ int lxc_get_config_item(struct lxc_conf *c, const char *key, char *retv,
 {
 	const char *v = NULL;
 
-	if (strcmp(key, "lxc.no_new_privs") == 0)
-		return lxc_get_conf_int(c, retv, inlen, c->no_new_privs);
-	else if (strcmp(key, "lxc.limit") == 0) // all limits
+	if (strcmp(key, "lxc.limit") == 0) // all limits
 		return lxc_get_limit_entry(c, retv, inlen, "all");
 	else if (strncmp(key, "lxc.limit.", 10) == 0) // specific limit
 		return lxc_get_limit_entry(c, retv, inlen, key + 10);
@@ -2893,6 +2893,9 @@ int lxc_clear_config_item(struct lxc_conf *c, const char *key)
 	} else if (strcmp(key, "lxc.start.order") == 0) {
 		c->start_order = 0;
 
+	} else if (strcmp(key, "lxc.no_new_privs") == 0) {
+		c->no_new_privs = false;
+
 	} else {
 		ret = -1;
 	}
@@ -4001,3 +4004,10 @@ static int get_config_ephemeral(struct lxc_container *c, const char *key,
 	return lxc_get_conf_int(c->lxc_conf, retv, inlen,
 				c->lxc_conf->ephemeral);
 }
+
+static int get_config_no_new_privs(struct lxc_container *c, const char *key,
+				   char *retv, int inlen)
+{
+	return lxc_get_conf_int(c->lxc_conf, retv, inlen,
+				c->lxc_conf->no_new_privs);
+}