Merge pull request #3403 from brauner/2020-05-07/fixes

fixes

Merge pull request #3403 from brauner/2020-05-07/fixes
57140e5a · Stéphane Graber · GitHub · 424886b1 · a201349b · 57140e5a
Unverified Commit 57140e5a authored May 07, 2020 by Stéphane Graber Committed by GitHub May 07, 2020
5 changed files
--- a/config/yum/lxc-patch.py
+++ b/config/yum/lxc-patch.py
@@ -24,7 +24,6 @@
 import os
 from fnmatch import fnmatch
 from yum.plugins import TYPE_INTERACTIVE
-from yum.plugins import PluginYumExit
 requires_api_version = '2.0'
 plugin_type = (TYPE_INTERACTIVE,)

--- a/src/lxc/attach_options.h
+++ b/src/lxc/attach_options.h
@@ -26,7 +26,7 @@ enum {
 	/* The following are off by default: */
 	LXC_ATTACH_REMOUNT_PROC_SYS      = 0x00010000, /*!< Remount /proc filesystem */
-	LXC_ATTACH_LSM_NOW               = 0x00020000, /*!< FIXME: unknown */
+	LXC_ATTACH_LSM_NOW               = 0x00020000, /*!< TODO: currently unused */
 	/* Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges. */
 	LXC_ATTACH_NO_NEW_PRIVS		 = 0x00040000, /*!< PR_SET_NO_NEW_PRIVS */
 	LXC_ATTACH_TERMINAL              = 0x00080000, /*!< Allocate new terminal for attached process. */

--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -122,7 +122,7 @@ static const char AA_PROFILE_BASE[] =
 "  deny /sys/kernel/debug/{,**} rwklx,\n"
 "\n"
 "  # allow paths to be made slave, shared, private or unbindable\n"
-"  # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.\n"
+"  # TODO: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.\n"
 "#  mount options=(rw,make-slave) -> **,\n"
 "#  mount options=(rw,make-rslave) -> **,\n"
 "#  mount options=(rw,make-shared) -> **,\n"
@@ -343,7 +343,7 @@ static const char AA_PROFILE_NESTING_BASE[] =
 "  mount /var/lib/lxd/shmounts/ -> /var/lib/lxd/shmounts/,\n"
 "  mount options=bind /var/lib/lxd/shmounts/** -> /var/lib/lxd/**,\n"
 "\n"
-"  # FIXME: There doesn't seem to be a way to ask for:\n"
+"  # TODO: There doesn't seem to be a way to ask for:\n"
 "  # mount options=(ro,nosuid,nodev,noexec,remount,bind),\n"
 "  # as we always get mount to $cdir/proc/sys with those flags denied\n"
 "  # So allow all mounts until that is straightened out:\n"
@@ -538,7 +538,7 @@ static inline char *apparmor_namespace(const char *ctname, const char *lxcpath)
 	return full;
 }
-/* FIXME: This is currently run only in the context of a constructor (via the
+/* TODO: This is currently run only in the context of a constructor (via the
 * initial lsm_init() called due to its __attribute__((constructor)), so we
 * do not have ERROR/... macros available, so there are some fprintf(stderr)s
 * in there.
@@ -560,7 +560,7 @@ static bool check_apparmor_parser_version()
 		lxc_pclose(parserpipe);
 		/* We stay silent for now as this most likely means the shell
 		 * lxc_popen executed failed to find the apparmor_parser binary.
-		 * See the FIXME comment above for details.
+		 * See the TODO comment above for details.
 		 */
 		return false;
 	}

--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -90,7 +90,7 @@ struct lxc_container {
 	 * \private
 	 * Container configuration.
 	 *
-	 * \internal FIXME: do we want the whole lxc_handler?
+	 * \internal TODO: do we want the whole lxc_handler?
 	 */
 	struct lxc_conf *lxc_conf;

--- a/src/lxc/tools/lxc_ls.c
+++ b/src/lxc/tools/lxc_ls.c
@@ -1166,6 +1166,9 @@ static int ls_recv_str(int fd, char **buf)
 	if (ret != sizeof(slen))
 		return -1;
+	if (slen == SIZE_MAX)
+		return -1;
 	if (slen > 0) {
 		*buf = malloc(sizeof(char) * (slen + 1));
 		if (!*buf)