conf: add lxc_wants_cap() helper

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: add lxc_wants_cap() helper
2dfeec3d · Christian Brauner · 1865b640 · 2dfeec3d · 2dfeec3d
Unverified Commit 2dfeec3d authored Jan 04, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

cgfsng.c src/lxc/cgroups/cgfsng.c +1 -4

conf.h src/lxc/conf.h +9 -0

No files found.
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1831,10 +1831,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 	}
 	if (!wants_force_mount) {
-		if (!lxc_list_empty(&handler->conf->keepcaps))
+		wants_force_mount = lxc_wants_cap(CAP_SYS_ADMIN, handler->conf);
-			wants_force_mount = !in_caplist(CAP_SYS_ADMIN, &handler->conf->keepcaps);
-		else
-			wants_force_mount = in_caplist(CAP_SYS_ADMIN, &handler->conf->caps);
 		/*
 		 * Most recent distro versions currently have init system that

--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -501,6 +501,15 @@ __hidden extern int run_script(const char *name, const char *section, const char
 __hidden extern int run_script_argv(const char *name, unsigned int hook_version, const char *section,
 				    const char *script, const char *hookname, char **argsin);
 __hidden extern int in_caplist(int cap, struct lxc_list *caps);
+static inline int lxc_wants_cap(int cap, struct lxc_conf *conf)
+{
+	if (!lxc_list_empty(&conf->keepcaps))
+		return !in_caplist(cap, &conf->keepcaps);
+	return in_caplist(cap, &conf->caps);
+}
 __hidden extern int setup_sysctl_parameters(struct lxc_list *sysctls);
 __hidden extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
 __hidden extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid);