Merge pull request #3488 from brauner/2020-07-17/fixes

src/lxc/Makefile.am

@@ -217,7 +217,6 @@ AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
 	    -I $(top_srcdir)/src/lxc \
 	    -I $(top_srcdir)/src/lxc/storage \
 	    -I $(top_srcdir)/src/lxc/cgroups
-
 if ENABLE_APPARMOR
 AM_CFLAGS += -DHAVE_APPARMOR
 endif
@@ -331,55 +330,143 @@ LDADD = liblxc.la \
 
 if ENABLE_TOOLS
 lxc_attach_SOURCES = tools/lxc_attach.c \
+		     tools/arguments.c tools/arguments.h \
+		     af_unix.c af_unix.h \
+		     caps.c caps.h \
+		     conf.c conf.h \
 		     rexec.c rexec.h \
-		     tools/arguments.c tools/arguments.h
+		     string_utils.c string_utils.h
 lxc_autostart_SOURCES = tools/lxc_autostart.c \
-			tools/arguments.c tools/arguments.h
+			tools/arguments.c tools/arguments.h \
+			af_unix.c af_unix.h \
+			caps.c caps.h \
+			conf.c conf.h \
+			string_utils.c string_utils.h
 lxc_cgroup_SOURCES = tools/lxc_cgroup.c \
-		     tools/arguments.c tools/arguments.h
+		     tools/arguments.c tools/arguments.h \
+		     af_unix.c af_unix.h \
+		     caps.c caps.h \
+		     conf.c conf.h \
+		     string_utils.c string_utils.h
 lxc_config_SOURCES = tools/lxc_config.c \
-		     tools/arguments.c tools/arguments.h
+		     tools/arguments.c tools/arguments.h \
+		     af_unix.c af_unix.h \
+		     caps.c caps.h \
+		     conf.c conf.h \
+		     string_utils.c string_utils.h
 lxc_console_SOURCES = tools/lxc_console.c \
-		      tools/arguments.c tools/arguments.h
+		      tools/arguments.c tools/arguments.h \
+		      af_unix.c af_unix.h \
+		      caps.c caps.h \
+		      conf.c conf.h \
+		      string_utils.c string_utils.h
 lxc_destroy_SOURCES = tools/lxc_destroy.c \
-		      tools/arguments.c tools/arguments.h
+		      tools/arguments.c tools/arguments.h \
+		      af_unix.c af_unix.h \
+		      caps.c caps.h \
+		      conf.c conf.h \
+		      string_utils.c string_utils.h
 lxc_device_SOURCES = tools/lxc_device.c \
-		     tools/arguments.c tools/arguments.h
+		     tools/arguments.c tools/arguments.h \
+		     af_unix.c af_unix.h \
+		     caps.c caps.h \
+		     conf.c conf.h \
+		     string_utils.c string_utils.h
 lxc_execute_SOURCES = tools/lxc_execute.c \
-		      tools/arguments.c tools/arguments.h
+		      tools/arguments.c tools/arguments.h \
+		      af_unix.c af_unix.h \
+		      caps.c caps.h \
+		      conf.c conf.h \
+		      string_utils.c string_utils.h
 lxc_freeze_SOURCES = tools/lxc_freeze.c \
-		     tools/arguments.c tools/arguments.h
+		     tools/arguments.c tools/arguments.h \
+		     af_unix.c af_unix.h \
+		     caps.c caps.h \
+		     conf.c conf.h \
+		     string_utils.c string_utils.h
 lxc_info_SOURCES = tools/lxc_info.c \
-		   tools/arguments.c tools/arguments.h
+		   tools/arguments.c tools/arguments.h \
+		   af_unix.c af_unix.h \
+		   caps.c caps.h \
+		   conf.c conf.h \
+		   string_utils.c string_utils.h
 lxc_monitor_SOURCES = tools/lxc_monitor.c \
+		      tools/arguments.c tools/arguments.h \
+		      af_unix.c af_unix.h \
+		      caps.c caps.h \
+		      conf.c conf.h \
 		      macro.h \
-		      tools/arguments.c tools/arguments.h
+		      string_utils.c string_utils.h
 lxc_ls_SOURCES = tools/lxc_ls.c \
-		 tools/arguments.c tools/arguments.h
+		 tools/arguments.c tools/arguments.h \
+		 af_unix.c af_unix.h \
+		 caps.c caps.h \
+		 conf.c conf.h \
+		 string_utils.c string_utils.h
 lxc_copy_SOURCES = tools/lxc_copy.c \
 		   tools/arguments.c tools/arguments.h \
-		   storage/storage_utils.c storage/storage_utils.h
+		   af_unix.c af_unix.h \
+		   caps.c caps.h \
+		   conf.c conf.h \
+		   storage/storage_utils.c storage/storage_utils.h \
+		   string_utils.c string_utils.h
 lxc_start_SOURCES = tools/lxc_start.c \
-		    tools/arguments.c tools/arguments.h
+		    tools/arguments.c tools/arguments.h \
+		    af_unix.c af_unix.h \
+		    caps.c caps.h \
+		    conf.c conf.h \
+		    string_utils.c string_utils.h
 lxc_stop_SOURCES = tools/lxc_stop.c \
-		   tools/arguments.c tools/arguments.h
+		   tools/arguments.c tools/arguments.h \
+		   af_unix.c af_unix.h \
+		   caps.c caps.h \
+		   conf.c conf.h \
+		   string_utils.c string_utils.h
 lxc_top_SOURCES = tools/lxc_top.c \
-		  tools/arguments.c tools/arguments.h
+		  tools/arguments.c tools/arguments.h \
+		  af_unix.c af_unix.h \
+		  caps.c caps.h \
+		  conf.c conf.h \
+		  string_utils.c string_utils.h
 lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \
-		       tools/arguments.c tools/arguments.h
+		       tools/arguments.c tools/arguments.h \
+		       af_unix.c af_unix.h \
+		       caps.c caps.h \
+		       conf.c conf.h \
+		       string_utils.c string_utils.h
 lxc_unshare_SOURCES = tools/lxc_unshare.c \
+		      tools/arguments.c tools/arguments.h \
+		      af_unix.c af_unix.h \
+		      caps.c caps.h \
+		      conf.c conf.h \
+		      string_utils.c string_utils.h \
 		      syscall_numbers.h \
-		      syscall_wrappers.h \
-		      tools/arguments.c tools/arguments.h
+		      syscall_wrappers.h
 lxc_wait_SOURCES = tools/lxc_wait.c \
-		   tools/arguments.c tools/arguments.h
+		   tools/arguments.c tools/arguments.h \
+		   af_unix.c af_unix.h \
+		   caps.c caps.h \
+		   conf.c conf.h \
+		   string_utils.c string_utils.h
 lxc_create_SOURCES = tools/lxc_create.c \
 		     tools/arguments.c tools/arguments.h \
-		     storage/storage_utils.c storage/storage_utils.h
+		     af_unix.c af_unix.h \
+		     caps.c caps.h \
+		     conf.c conf.h \
+		     storage/storage_utils.c storage/storage_utils.h \
+		     string_utils.c string_utils.h
 lxc_snapshot_SOURCES = tools/lxc_snapshot.c \
-		       tools/arguments.c tools/arguments.h
+		       tools/arguments.c tools/arguments.h \
+		       af_unix.c af_unix.h \
+		       caps.c caps.h \
+		       conf.c conf.h \
+		       string_utils.c string_utils.h
 lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \
-			 tools/arguments.c tools/arguments.h
+			 tools/arguments.c tools/arguments.h \
+			 af_unix.c af_unix.h \
+			 caps.c caps.h \
+			 conf.c conf.h \
+			 string_utils.c string_utils.h1
 endif
 
 if ENABLE_COMMANDS
@@ -398,17 +485,24 @@ init_lxc_LDFLAGS = -pthread
 
 lxc_monitord_SOURCES = cmd/lxc_monitord.c \
 		       af_unix.c af_unix.h \
+		       caps.c caps.h \
+		       conf.c conf.h \
 		       log.c log.h \
 		       mainloop.c mainloop.h \
 		       monitor.c monitor.h \
 		       process_utils.c process_utils.h \
+		       string_utils.c string_utils.h \
 		       syscall_numbers.h \
 		       utils.c utils.h
 lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
 		       ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \
+		       af_unix.c af_unix.h \
+		       caps.c caps.h \
+		       conf.c conf.h \
 		       log.c log.h \
 		       memory_utils.h \
 		       network.c network.h \
+		       nl.c nl.h \
 		       parse.c parse.h \
 		       process_utils.c process_utils.h \
 		       syscall_numbers.h \
@@ -416,6 +510,8 @@ lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
 		       string_utils.c string_utils.h \
 		       syscall_wrappers.h
 lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
+			 af_unix.c af_unix.h \
+			 caps.c caps.h \
 			 conf.c conf.h \
 			 file_utils.c file_utils.h \
 			 list.h \
@@ -439,6 +535,7 @@ if HAVE_STATIC_LIBCAP
 sbin_PROGRAMS += init.lxc.static
 
 init_lxc_static_SOURCES = cmd/lxc_init.c \
+			  af_unix.c af_unix.h \
 			  caps.c caps.h \
 			  error.c error.h \
 			  initutils.c initutils.h \

src/lxc/af_unix.h

@@ -10,35 +10,31 @@
 #include "compiler.h"
 
 /* does not enforce \0-termination */
-extern int lxc_abstract_unix_open(const char *path, int type, int flags);
-extern void lxc_abstract_unix_close(int fd);
+__hidden extern int lxc_abstract_unix_open(const char *path, int type, int flags);
+__hidden extern void lxc_abstract_unix_close(int fd);
 /* does not enforce \0-termination */
-extern int lxc_abstract_unix_connect(const char *path);
+__hidden extern int lxc_abstract_unix_connect(const char *path);
 
-extern int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
-				      void *data, size_t size)
-__access_r(2, 3) __access_r(4, 5);
+__hidden extern int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data,
+					       size_t size) __access_r(2, 3) __access_r(4, 5);
 
-extern int lxc_abstract_unix_send_fds_iov(int fd, int *sendfds, int num_sendfds,
-					  struct iovec *iov, size_t iovlen)
-__access_r(2, 3);
+__hidden extern int lxc_abstract_unix_send_fds_iov(int fd, int *sendfds, int num_sendfds,
+						   struct iovec *iov, size_t iovlen) __access_r(2, 3);
 
-extern int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
-				      void *data, size_t size)
-__access_r(2, 3) __access_r(4, 5);
+__hidden extern int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds, void *data,
+					       size_t size) __access_r(2, 3) __access_r(4, 5);
 
-extern int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data,
-			     size_t size);
+__hidden extern int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data, size_t size);
 
-extern int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
-__access_r(2, 3);
+__hidden extern int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
+    __access_r(2, 3);
 
-extern int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
-__access_w(2, 3);
+__hidden extern int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
+    __access_w(2, 3);
 
-extern int lxc_unix_sockaddr(struct sockaddr_un *ret, const char *path);
-extern int lxc_unix_connect(struct sockaddr_un *addr);
-extern int lxc_unix_connect_type(struct sockaddr_un *addr, int type);
-extern int lxc_socket_set_timeout(int fd, int rcv_timeout, int snd_timeout);
+__hidden extern int lxc_unix_sockaddr(struct sockaddr_un *ret, const char *path);
+__hidden extern int lxc_unix_connect(struct sockaddr_un *addr);
+__hidden extern int lxc_unix_connect_type(struct sockaddr_un *addr, int type);
+__hidden extern int lxc_socket_set_timeout(int fd, int rcv_timeout, int snd_timeout);
 
 #endif /* __LXC_AF_UNIX_H */

src/lxc/attach.h

@@ -7,6 +7,7 @@
 #include <lxc/attach_options.h>
 #include <sys/types.h>
 
+#include "compiler.h"
 #include "namespace.h"
 
 struct lxc_conf;
@@ -20,10 +21,10 @@ struct lxc_proc_context_info {
 	int ns_fd[LXC_NS_MAX];
 };
 
-extern int lxc_attach(struct lxc_container *container,
-		      lxc_attach_exec_t exec_function, void *exec_payload,
-		      lxc_attach_options_t *options, pid_t *attached_process);
+__hidden extern int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
+			       void *exec_payload, lxc_attach_options_t *options,
+			       pid_t *attached_process);
 
-extern int lxc_attach_remount_sys_proc(void);
+__hidden extern int lxc_attach_remount_sys_proc(void);
 
 #endif /* __LXC_ATTACH_H */

src/lxc/caps.h

@@ -6,20 +6,20 @@
 #include <stdbool.h>
 
 #include "config.h"
+#include "compiler.h"
 
 #if HAVE_LIBCAP
 #include <linux/types.h> /* workaround for libcap < 2.17 bug */
 #include <sys/capability.h>
 
-extern int lxc_caps_down(void);
-extern int lxc_caps_up(void);
-extern int lxc_ambient_caps_up(void);
-extern int lxc_ambient_caps_down(void);
-extern int lxc_caps_init(void);
-extern int lxc_caps_last_cap(void);
-extern bool lxc_proc_cap_is_set(cap_value_t cap, cap_flag_t flag);
-extern bool lxc_file_cap_is_set(const char *path, cap_value_t cap,
-				cap_flag_t flag);
+__hidden extern int lxc_caps_down(void);
+__hidden extern int lxc_caps_up(void);
+__hidden extern int lxc_ambient_caps_up(void);
+__hidden extern int lxc_ambient_caps_down(void);
+__hidden extern int lxc_caps_init(void);
+__hidden extern int lxc_caps_last_cap(void);
+__hidden extern bool lxc_proc_cap_is_set(cap_value_t cap, cap_flag_t flag);
+__hidden extern bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag);
 #else
 static inline int lxc_caps_down(void)
 {

src/lxc/cmd/lxc_user_nic.c

@@ -35,6 +35,7 @@
 #include "log.h"
 #include "memory_utils.h"
 #include "network.h"
+#include "nl.h"
 #include "parse.h"
 #include "process_utils.h"
 #include "string_utils.h"

src/lxc/commands.h

@@ -7,6 +7,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include "compiler.h"
 #include "lxccontainer.h"
 #include "macro.h"
 #include "state.h"
@@ -73,23 +74,23 @@ struct lxc_cmd_console_log {
 
 };
 
-extern int lxc_cmd_terminal_winch(const char *name, const char *lxcpath);
-extern int lxc_cmd_console(const char *name, int *ttynum, int *fd,
-			   const char *lxcpath);
+__hidden extern int lxc_cmd_terminal_winch(const char *name, const char *lxcpath);
+__hidden extern int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath);
 /*
  * Get the 'real' cgroup path (as seen in /proc/self/cgroup) for a container
  * for a particular subsystem
  */
-extern char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
-			const char *subsystem);
-extern int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath);
-extern char *lxc_cmd_get_config_item(const char *name, const char *item, const char *lxcpath);
-extern char *lxc_cmd_get_name(const char *hashed_sock);
-extern char *lxc_cmd_get_lxcpath(const char *hashed_sock);
-extern pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath);
-extern int lxc_cmd_get_init_pidfd(const char *name, const char *lxcpath);
-extern int lxc_cmd_get_state(const char *name, const char *lxcpath);
-extern int lxc_cmd_stop(const char *name, const char *lxcpath);
+__hidden extern char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
+					      const char *subsystem);
+__hidden extern int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath);
+__hidden extern char *lxc_cmd_get_config_item(const char *name, const char *item,
+					      const char *lxcpath);
+__hidden extern char *lxc_cmd_get_name(const char *hashed_sock);
+__hidden extern char *lxc_cmd_get_lxcpath(const char *hashed_sock);
+__hidden extern pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath);
+__hidden extern int lxc_cmd_get_init_pidfd(const char *name, const char *lxcpath);
+__hidden extern int lxc_cmd_get_state(const char *name, const char *lxcpath);
+__hidden extern int lxc_cmd_stop(const char *name, const char *lxcpath);
 
 /* lxc_cmd_add_state_client    Register a new state client fd in the container's
  *                             in-memory handler.
@@ -104,36 +105,32 @@ extern int lxc_cmd_stop(const char *name, const char *lxcpath);
  *                                                 via socket fd
  *                                     < MAX_STATE current container state
  */
-extern int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
-				    lxc_state_t states[MAX_STATE],
-				    int *state_client_fd);
-extern int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
-				       lxc_state_t state);
+__hidden extern int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
+					     lxc_state_t states[MAX_STATE], int *state_client_fd);
+__hidden extern int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
+						lxc_state_t state);
 
 struct lxc_epoll_descr;
 struct lxc_handler;
 
-extern int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix);
-extern int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
-				    struct lxc_handler *handler);
-extern int lxc_try_cmd(const char *name, const char *lxcpath);
-extern int lxc_cmd_console_log(const char *name, const char *lxcpath,
-			       struct lxc_console_log *log);
-extern int lxc_cmd_seccomp_notify_add_listener(const char *name,
-					       const char *lxcpath,
-					       int fd,
-					       /* unused */ unsigned int command,
-					       /* unused */ unsigned int flags);
+__hidden extern int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix);
+__hidden extern int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
+					 struct lxc_handler *handler);
+__hidden extern int lxc_try_cmd(const char *name, const char *lxcpath);
+__hidden extern int lxc_cmd_console_log(const char *name, const char *lxcpath,
+					struct lxc_console_log *log);
+__hidden extern int lxc_cmd_seccomp_notify_add_listener(const char *name, const char *lxcpath, int fd,
+							/* unused */ unsigned int command,
+							/* unused */ unsigned int flags);
 
 struct device_item;
-extern int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
-					 struct device_item *device);
-extern int lxc_cmd_freeze(const char *name, const char *lxcpath, int timeout);
-extern int lxc_cmd_unfreeze(const char *name, const char *lxcpath, int timeout);
-extern int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath);
-extern char *lxc_cmd_get_limiting_cgroup_path(const char *name,
-					      const char *lxcpath,
-					      const char *subsystem);
-extern int lxc_cmd_get_limiting_cgroup2_fd(const char *name, const char *lxcpath);
+__hidden extern int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
+						  struct device_item *device);
+__hidden extern int lxc_cmd_freeze(const char *name, const char *lxcpath, int timeout);
+__hidden extern int lxc_cmd_unfreeze(const char *name, const char *lxcpath, int timeout);
+__hidden extern int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath);
+__hidden extern char *lxc_cmd_get_limiting_cgroup_path(const char *name, const char *lxcpath,
+						       const char *subsystem);
+__hidden extern int lxc_cmd_get_limiting_cgroup2_fd(const char *name, const char *lxcpath);
 
 #endif /* __commands_h */

src/lxc/commands_utils.h

@@ -8,11 +8,9 @@
 #include "state.h"
 #include "commands.h"
 
-int lxc_make_abstract_socket_name(char *path, size_t pathlen,
-				  const char *lxcname,
-				  const char *lxcpath,
-				  const char *hashed_sock_name,
-				  const char *suffix);
+__hidden extern int lxc_make_abstract_socket_name(char *path, size_t pathlen, const char *lxcname,
+						  const char *lxcpath, const char *hashed_sock_name,
+						  const char *suffix);
 
 /* lxc_cmd_sock_get_state      Register a new state client fd in the container's
  *                             in-memory handler and retrieve the requested
@@ -24,8 +22,8 @@ int lxc_make_abstract_socket_name(char *path, size_t pathlen,
  * @return                     Return  < 0 on error
  *                                     < MAX_STATE current container state
  */
-extern int lxc_cmd_sock_get_state(const char *name, const char *lxcpath,
-				  lxc_state_t states[MAX_STATE], int timeout);
+__hidden extern int lxc_cmd_sock_get_state(const char *name, const char *lxcpath,
+					   lxc_state_t states[MAX_STATE], int timeout);
 
 /* lxc_cmd_sock_rcv_state      Retrieve the requested state from a state client
  *                             fd registerd in the container's in-memory
@@ -36,7 +34,7 @@ extern int lxc_cmd_sock_get_state(const char *name, const char *lxcpath,
  * @return                     Return  < 0 on error
  *                                     < MAX_STATE current container state
  */
-extern int lxc_cmd_sock_rcv_state(int state_client_fd, int timeout);
+__hidden extern int lxc_cmd_sock_rcv_state(int state_client_fd, int timeout);
 
 /* lxc_add_state_client        Add a new state client to the container's
  *                             in-memory handler.
@@ -48,9 +46,8 @@ extern int lxc_cmd_sock_rcv_state(int state_client_fd, int timeout);
  * @return                     Return  < 0 on error
  *                                       0 on success
  */
-extern int lxc_add_state_client(int state_client_fd,
-				struct lxc_handler *handler,
-				lxc_state_t states[MAX_STATE]);
+__hidden extern int lxc_add_state_client(int state_client_fd, struct lxc_handler *handler,
+					 lxc_state_t states[MAX_STATE]);
 
 /* lxc_cmd_connect             Connect to the container's command socket.
  *
@@ -62,7 +59,7 @@ extern int lxc_add_state_client(int state_client_fd,
  * @return                     Return   < 0 on error
  *                                     >= 0 client fd
  */
-extern int lxc_cmd_connect(const char *name, const char *lxcpath,
-			   const char *hashed_sock_name, const char *suffix);
+__hidden extern int lxc_cmd_connect(const char *name, const char *lxcpath,
+				    const char *hashed_sock_name, const char *suffix);
 
 #endif /* __LXC_COMMANDS_UTILS_H */

src/lxc/compiler.h

@@ -75,4 +75,8 @@
 #endif
 #endif
 
+#ifndef __hidden
+#define __hidden __attribute__((visibility("hidden")))
+#endif
+
 #endif /* __LXC_COMPILER_H */

src/lxc/conf.h

@@ -415,9 +415,8 @@ struct lxc_conf {
 	struct timens_offsets timens;
 };
 
-extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
-			    size_t buf_size)
-__access_r(3, 4);
+__hidden extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf, size_t buf_size)
+    __access_r(3, 4);
 
 #ifdef HAVE_TLS
 extern thread_local struct lxc_conf *current_config;
@@ -425,68 +424,61 @@ extern thread_local struct lxc_conf *current_config;
 extern struct lxc_conf *current_config;
 #endif
 
-extern int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
-			 char *argv[]);
-extern int detect_shared_rootfs(void);
-extern struct lxc_conf *lxc_conf_init(void);
-extern void lxc_conf_free(struct lxc_conf *conf);
-extern int pin_rootfs(const char *rootfs);
-extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
-extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
-extern void lxc_delete_tty(struct lxc_tty_info *ttys);
-extern int lxc_clear_config_caps(struct lxc_conf *c);
-extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
-extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version);
-extern int lxc_clear_mount_entries(struct lxc_conf *c);
-extern int lxc_clear_automounts(struct lxc_conf *c);
-extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
-extern int lxc_clear_idmaps(struct lxc_conf *c);
-extern int lxc_clear_groups(struct lxc_conf *c);
-extern int lxc_clear_environment(struct lxc_conf *c);
-extern int lxc_clear_limits(struct lxc_conf *c, const char *key);
-extern int lxc_delete_autodev(struct lxc_handler *handler);
-extern int lxc_clear_autodev_tmpfs_size(struct lxc_conf *c);
-extern void lxc_clear_includes(struct lxc_conf *conf);
-extern int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf,
-					 const char *name, const char *lxcpath);
-extern int lxc_setup(struct lxc_handler *handler);
-extern int lxc_setup_parent(struct lxc_handler *handler);
-extern int setup_resource_limits(struct lxc_list *limits, pid_t pid);
-extern int find_unmapped_nsid(const struct lxc_conf *conf, enum idtype idtype);
-extern int mapped_hostid(unsigned id, const struct lxc_conf *conf,
-			 enum idtype idtype);
-extern int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *),
-			 void *data, const char *fn_name);
-extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *),
-			    void *data, const char *fn_name);
-extern int parse_mntopts(const char *mntopts, unsigned long *mntflags,
-			 char **mntdata);
-extern int parse_propagationopts(const char *mntopts, unsigned long *pflags);
-extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
-extern void turn_into_dependent_mounts(void);
-extern void suggest_default_idmap(void);
-extern FILE *make_anonymous_mount_file(struct lxc_list *mount,
-				       bool include_nesting_helpers);
-extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
-extern unsigned long add_required_remount_flags(const char *s, const char *d,
-						unsigned long flags);
-extern int run_script(const char *name, const char *section, const char *script,
-		      ...);
-extern int run_script_argv(const char *name, unsigned int hook_version,
-			   const char *section, const char *script,
-			   const char *hookname, char **argsin);
-extern int in_caplist(int cap, struct lxc_list *caps);
-extern int setup_sysctl_parameters(struct lxc_list *sysctls);
-extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
-extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid);
-extern int lxc_clear_procs(struct lxc_conf *c, const char *key);
-extern int lxc_clear_apparmor_raw(struct lxc_conf *c);
-extern int lxc_clear_namespace(struct lxc_conf *c);
-extern int userns_exec_minimal(const struct lxc_conf *conf,
-			       int (*fn_parent)(void *), void *fn_parent_data,
-			       int (*fn_child)(void *), void *fn_child_data);
-extern int userns_exec_mapped_root(const char *path, int path_fd,
-				   const struct lxc_conf *conf);
+__hidden extern int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf, char *argv[]);
+__hidden extern struct lxc_conf *lxc_conf_init(void);
+__hidden extern void lxc_conf_free(struct lxc_conf *conf);
+__hidden extern int pin_rootfs(const char *rootfs);
+__hidden extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
+__hidden extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
+__hidden extern void lxc_delete_tty(struct lxc_tty_info *ttys);
+__hidden extern int lxc_clear_config_caps(struct lxc_conf *c);
+__hidden extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
+__hidden extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version);
+__hidden extern int lxc_clear_mount_entries(struct lxc_conf *c);
+__hidden extern int lxc_clear_automounts(struct lxc_conf *c);
+__hidden extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
+__hidden extern int lxc_clear_idmaps(struct lxc_conf *c);
+__hidden extern int lxc_clear_groups(struct lxc_conf *c);
+__hidden extern int lxc_clear_environment(struct lxc_conf *c);
+__hidden extern int lxc_clear_limits(struct lxc_conf *c, const char *key);
+__hidden extern int lxc_delete_autodev(struct lxc_handler *handler);
+__hidden extern int lxc_clear_autodev_tmpfs_size(struct lxc_conf *c);
+__hidden extern void lxc_clear_includes(struct lxc_conf *conf);
+__hidden extern int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name,
+						  const char *lxcpath);
+__hidden extern int lxc_setup(struct lxc_handler *handler);
+__hidden extern int lxc_setup_parent(struct lxc_handler *handler);
+__hidden extern int setup_resource_limits(struct lxc_list *limits, pid_t pid);
+__hidden extern int find_unmapped_nsid(const struct lxc_conf *conf, enum idtype idtype);
+__hidden extern int mapped_hostid(unsigned id, const struct lxc_conf *conf, enum idtype idtype);
+__hidden extern int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), void *data,
+				  const char *fn_name);
+__hidden extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
+				     const char *fn_name);
+__hidden extern int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata);
+__hidden extern int parse_propagationopts(const char *mntopts, unsigned long *pflags);
+__hidden extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
+__hidden extern void turn_into_dependent_mounts(void);
+__hidden extern void suggest_default_idmap(void);
+__hidden extern FILE *make_anonymous_mount_file(struct lxc_list *mount, bool include_nesting_helpers);
+__hidden extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
+__hidden extern unsigned long add_required_remount_flags(const char *s, const char *d,
+							 unsigned long flags);
+__hidden extern int run_script(const char *name, const char *section, const char *script, ...);
+__hidden extern int run_script_argv(const char *name, unsigned int hook_version, const char *section,
+				    const char *script, const char *hookname, char **argsin);
+__hidden extern int in_caplist(int cap, struct lxc_list *caps);
+__hidden extern int setup_sysctl_parameters(struct lxc_list *sysctls);
+__hidden extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
+__hidden extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid);
+__hidden extern int lxc_clear_procs(struct lxc_conf *c, const char *key);
+__hidden extern int lxc_clear_apparmor_raw(struct lxc_conf *c);
+__hidden extern int lxc_clear_namespace(struct lxc_conf *c);
+__hidden extern int userns_exec_minimal(const struct lxc_conf *conf, int (*fn_parent)(void *),
+					void *fn_parent_data, int (*fn_child)(void *),
+					void *fn_child_data);
+__hidden extern int userns_exec_mapped_root(const char *path, int path_fd,
+					    const struct lxc_conf *conf);
 static inline int chown_mapped_root(const char *path, const struct lxc_conf *conf)
 {
 	return userns_exec_mapped_root(path, -EBADF, conf);

src/lxc/error.c

@@ -18,7 +18,7 @@ lxc_log_define(error, lxc);
  *   128+n       signal n received by the application
  *   255         lxc error
  */
-extern int  lxc_error_set_and_log(int pid, int status)
+extern int lxc_error_set_and_log(int pid, int status)
 {
 	int ret = 0;
 

src/lxc/file_utils.c

@@ -14,10 +14,10 @@
 
 #include "config.h"
 #include "file_utils.h"
-#include "log.h"
 #include "macro.h"
 #include "memory_utils.h"
 #include "string_utils.h"
+#include <time.h>
 #include "utils.h"
 
 int lxc_open_dirfd(const char *dir)

src/lxc/initutils.c

@@ -4,12 +4,13 @@
 #define _GNU_SOURCE 1
 #endif
 #include <sys/prctl.h>
+#include <sys/syscall.h>
+#include <unistd.h>
 
 #include "compiler.h"
 #include "config.h"
 #include "file_utils.h"
 #include "initutils.h"
-#include "log.h"
 #include "macro.h"
 #include "memory_utils.h"
 
@@ -17,8 +18,6 @@
 #include "include/strlcpy.h"
 #endif
 
-lxc_log_define(initutils, lxc);
-
 static char *copy_global_config_value(char *p)
 {
 	int len = strlen(p);
@@ -310,8 +309,6 @@ int setproctitle(char *title)
 		    prctl_arg(sizeof(prctl_map)), prctl_arg(0));
 	if (ret == 0)
 		(void)strlcpy((char *)arg_start, title, len);
-	else
-		SYSWARN("Failed to set cmdline");
 
 	return ret;
 }

src/lxc/network.c

@@ -2753,7 +2753,6 @@ static const char padchar[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM
 
 char *lxc_ifname_alnum_case_sensitive(char *template)
 {
-	int ret;
 	char name[IFNAMSIZ];
 	size_t i = 0;
 #ifdef HAVE_RAND_R
@@ -2783,9 +2782,8 @@ char *lxc_ifname_alnum_case_sensitive(char *template)
 			}
 		}
 
-		if (if_nametoindex(name) == 0) {
+		if (if_nametoindex(name) == 0)
 			break;
-		}
 	}
 
 	(void)strlcpy(template, name, strlen(template) + 1);

src/lxc/nl.c

@@ -19,7 +19,7 @@
 
 lxc_log_define(nl, lxc);
 
-size_t nlmsg_len(const struct nlmsg *nlmsg)
+static size_t nlmsg_len(const struct nlmsg *nlmsg)
 {
 	return nlmsg->nlmsghdr->nlmsg_len - NLMSG_HDRLEN;
 }

src/lxc/nl.h

@@ -5,6 +5,7 @@
 
 #include <stdio.h>
 
+#include "compiler.h"
 #include "memory_utils.h"
 
 /*
@@ -59,7 +60,7 @@ struct nlmsg {
  *
  * Return 0 on success, < 0 otherwise
  */
-int netlink_open(struct nl_handler *handler, int protocol);
+__hidden extern int netlink_open(struct nl_handler *handler, int protocol);
 
 /*
  * netlink_close : close a netlink socket, after this call,
@@ -67,7 +68,7 @@ int netlink_open(struct nl_handler *handler, int protocol);
  *
  * @handler: a handler to the netlink socket
  */
-void netlink_close(struct nl_handler *handler);
+__hidden extern void netlink_close(struct nl_handler *handler);
 define_cleanup_function(struct nl_handler *, netlink_close);
 
 /*
@@ -80,8 +81,8 @@ define_cleanup_function(struct nl_handler *, netlink_close);
  *
  * Returns 0 on success, < 0 otherwise
  */
-int netlink_rcv(struct nl_handler *handler, struct nlmsg *nlmsg);
-int __netlink_recv(struct nl_handler *handler, struct nlmsghdr *nlmsg);
+__hidden extern int netlink_rcv(struct nl_handler *handler, struct nlmsg *nlmsg);
+__hidden extern int __netlink_recv(struct nl_handler *handler, struct nlmsghdr *nlmsg);
 
 /*
  * netlink_send: send a netlink message to the kernel. It is up
@@ -92,8 +93,8 @@ int __netlink_recv(struct nl_handler *handler, struct nlmsghdr *nlmsg);
  *
  * Returns 0 on success, < 0 otherwise
  */
-int netlink_send(struct nl_handler *handler, struct nlmsg *nlmsg);
-int __netlink_send(struct nl_handler *handler, struct nlmsghdr *nlmsg);
+__hidden extern int netlink_send(struct nl_handler *handler, struct nlmsg *nlmsg);
+__hidden extern int __netlink_send(struct nl_handler *handler, struct nlmsghdr *nlmsg);
 
 /*
  * netlink_transaction: send a request to the kernel and read the response.
@@ -106,10 +107,10 @@ int __netlink_send(struct nl_handler *handler, struct nlmsghdr *nlmsg);
  *
  * Returns 0 on success, < 0 otherwise
  */
-int netlink_transaction(struct nl_handler *handler,
-			struct nlmsg *request, struct nlmsg *answer);
-int __netlink_transaction(struct nl_handler *handler, struct nlmsghdr *request,
-			  struct nlmsghdr *answer);
+__hidden extern int netlink_transaction(struct nl_handler *handler, struct nlmsg *request,
+					struct nlmsg *answer);
+__hidden extern int __netlink_transaction(struct nl_handler *handler, struct nlmsghdr *request,
+					  struct nlmsghdr *answer);
 
 /*
  * nla_put_string: copy a null terminated string to a netlink message
@@ -121,7 +122,7 @@ int __netlink_transaction(struct nl_handler *handler, struct nlmsghdr *request,
  *
  * Returns 0 on success, < 0 otherwise
  */
-int nla_put_string(struct nlmsg *nlmsg, int attr, const char *string);
+__hidden int nla_put_string(struct nlmsg *nlmsg, int attr, const char *string);
 
 /*
  * nla_put_buffer: copy a buffer with a specified size to a netlink
@@ -178,7 +179,7 @@ int nla_put_attr(struct nlmsg *nlmsg, int attr);
  * Returns current nested pointer to be reused
  * to nla_end_nested.
  */
-struct rtattr *nla_begin_nested(struct nlmsg *nlmsg, int attr);
+__hidden extern struct rtattr *nla_begin_nested(struct nlmsg *nlmsg, int attr);
 
 /*
  * nla_end_nested: end the nesting attribute
@@ -188,7 +189,7 @@ struct rtattr *nla_begin_nested(struct nlmsg *nlmsg, int attr);
  *
  * Returns the current
  */
-void nla_end_nested(struct nlmsg *nlmsg, struct rtattr *attr);
+__hidden extern void nla_end_nested(struct nlmsg *nlmsg, struct rtattr *attr);
 
 /*
  * nlmsg_allocate : allocate a netlink message. The netlink format message
@@ -205,7 +206,7 @@ void nla_end_nested(struct nlmsg *nlmsg, struct rtattr *attr);
  *
  * Returns a pointer to the newly allocated netlink message, NULL otherwise
  */
-struct nlmsg *nlmsg_alloc(size_t size);
+__hidden extern struct nlmsg *nlmsg_alloc(size_t size);
 
 /*
  * nlmsg_alloc_reserve: like nlmsg_alloc(), but reserve the whole payload
@@ -214,7 +215,7 @@ struct nlmsg *nlmsg_alloc(size_t size);
  *
  * @size: the capacity of the payload to be allocated.
  */
-struct nlmsg *nlmsg_alloc_reserve(size_t size);
+__hidden extern struct nlmsg *nlmsg_alloc_reserve(size_t size);
 
 /*
  * Reserve room for additional data at the tail of a netlink message
@@ -224,14 +225,14 @@ struct nlmsg *nlmsg_alloc_reserve(size_t size);
  *
  * Returns a pointer to newly reserved room or NULL
  */
-void *nlmsg_reserve(struct nlmsg *nlmsg, size_t len);
+__hidden extern void *nlmsg_reserve(struct nlmsg *nlmsg, size_t len);
 
 /*
  * nlmsg_free : free a previously allocate message
  *
  * @nlmsg: the netlink message to be freed
  */
-void nlmsg_free(struct nlmsg *nlmsg);
+__hidden extern void nlmsg_free(struct nlmsg *nlmsg);
 define_cleanup_function(struct nlmsg *, nlmsg_free);
 
 /*
@@ -241,9 +242,9 @@ define_cleanup_function(struct nlmsg *, nlmsg_free);
  *
  * Returns a pointer to the netlink data or NULL if there is no data
  */
-void *nlmsg_data(struct nlmsg *nlmsg);
+__hidden extern void *nlmsg_data(struct nlmsg *nlmsg);
 
-extern int addattr(struct nlmsghdr *n, size_t maxlen, int type,
-		   const void *data, size_t alen);
+__hidden extern int addattr(struct nlmsghdr *n, size_t maxlen, int type,
+			    const void *data, size_t alen);
 
 #endif

src/lxc/rtnl.c

@@ -16,12 +16,12 @@
 #include "nl.h"
 #include "rtnl.h"
 
-extern int rtnetlink_open(struct rtnl_handler *handler)
+int rtnetlink_open(struct rtnl_handler *handler)
 {
 	return netlink_open(&handler->nlh, NETLINK_ROUTE);
 }
 
-extern void rtnetlink_close(struct rtnl_handler *handler)
+void rtnetlink_close(struct rtnl_handler *handler)
 {
 	netlink_close(&handler->nlh);
 }
@@ -29,20 +29,19 @@ extern void rtnetlink_close(struct rtnl_handler *handler)
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wcast-align"
 
-extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg)
+int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg)
 {
 	return netlink_rcv(&handler->nlh, (struct nlmsg *)&rtnlmsg->nlmsghdr);
 }
 
-extern int rtnetlink_send(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg)
+int rtnetlink_send(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg)
 {
 
 	return netlink_send(&handler->nlh, (struct nlmsg *)&rtnlmsg->nlmsghdr);
 }
 
-extern int rtnetlink_transaction(struct rtnl_handler *handler,
-				 struct rtnlmsg *request,
-				 struct rtnlmsg *answer)
+int rtnetlink_transaction(struct rtnl_handler *handler, struct rtnlmsg *request,
+			  struct rtnlmsg *answer)
 {
 	return netlink_transaction(&handler->nlh,
 				   (struct nlmsg *)&request->nlmsghdr,
@@ -51,7 +50,7 @@ extern int rtnetlink_transaction(struct rtnl_handler *handler,
 
 #pragma GCC diagnostic pop
 
-extern struct rtnlmsg *rtnlmsg_alloc(size_t size)
+struct rtnlmsg *rtnlmsg_alloc(size_t size)
 {
 	/*
 	size_t len;
@@ -63,4 +62,4 @@ extern struct rtnlmsg *rtnlmsg_alloc(size_t size)
 	return NULL;
 }
 
-extern void rtnlmsg_free(struct rtnlmsg *rtnlmsg) { free(rtnlmsg); }
+void rtnlmsg_free(struct rtnlmsg *rtnlmsg) { free(rtnlmsg); }

src/lxc/rtnl.h

@@ -3,6 +3,8 @@
 #ifndef __LXC_RTNL_H
 #define __LXC_RTNL_H
 
+#include <compiler.h>
+
 /*
  * Use this as a good size to allocate route netlink messages
  */
@@ -38,14 +40,14 @@ struct rtnlmsg {
  *
  * Returns 0 on success, < 0 otherwise
  */
-extern int rtnetlink_open(struct rtnl_handler *handler);
+__hidden extern int rtnetlink_open(struct rtnl_handler *handler);
 
 /*
  * genetlink_close : close a route netlink socket
  *
  * @handler: the handler of the socket to be closed
  */
-extern void rtnetlink_close(struct rtnl_handler *handler);
+__hidden extern void rtnetlink_close(struct rtnl_handler *handler);
 
 /*
  * rtnetlink_rcv : receive a route netlink socket, it is up
@@ -56,7 +58,7 @@ extern void rtnetlink_close(struct rtnl_handler *handler);
  *
  * Returns 0 on success, < 0 otherwise
  */
-extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg);
+__hidden extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg);
 
 /*
  * rtnetlink_send : send a route netlink socket, it is up
@@ -67,12 +69,11 @@ extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg);
  *
  * Returns 0 on success, < 0 otherwise
  */
-extern int rtnetlink_send(struct rtnl_handler *handler,
-			  struct rtnlmsg *rtnlmsg);
+__hidden extern int rtnetlink_send(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg);
 
-struct genlmsg *genlmsg_alloc(size_t size);
+__hidden struct genlmsg *genlmsg_alloc(size_t size);
 
-extern void rtnlmsg_free(struct rtnlmsg *rtnlmsg);
+__hidden extern void rtnlmsg_free(struct rtnlmsg *rtnlmsg);
 
 /*
  * rtnetlink_transaction : send and receive a route netlink message in one shot
@@ -83,8 +84,9 @@ extern void rtnlmsg_free(struct rtnlmsg *rtnlmsg);
  *
  * Returns 0 on success, < 0 otherwise
  */
-extern int rtnetlink_transaction(struct rtnl_handler *handler,
-				 struct rtnlmsg *request,
-				 struct rtnlmsg *answer);
+__hidden extern int rtnetlink_transaction(struct rtnl_handler *handler, struct rtnlmsg *request,
+					  struct rtnlmsg *answer);
+
+__hidden struct rtnlmsg *rtnlmsg_alloc(size_t size);
 
 #endif /* __LXC_RTNL_H */

src/lxc/string_utils.h

@@ -15,18 +15,17 @@
 #endif
 
 /* convert variadic argument lists to arrays (for execl type argument lists) */
-extern char **lxc_va_arg_list_to_argv(va_list ap, size_t skip, int do_strdup);
-extern const char **lxc_va_arg_list_to_argv_const(va_list ap, size_t skip);
+__hidden extern char **lxc_va_arg_list_to_argv(va_list ap, size_t skip, int do_strdup);
+__hidden extern const char **lxc_va_arg_list_to_argv_const(va_list ap, size_t skip);
 
 /*
  * Some simple string functions; if they return pointers, they are allocated
  * buffers.
  */
-extern char *lxc_string_replace(const char *needle, const char *replacement,
-				const char *haystack);
-extern bool lxc_string_in_array(const char *needle, const char **haystack);
-extern char *lxc_string_join(const char *sep, const char **parts,
-			     bool use_as_prefix);
+__hidden extern char *lxc_string_replace(const char *needle, const char *replacement,
+					 const char *haystack);
+__hidden extern bool lxc_string_in_array(const char *needle, const char **haystack);
+__hidden extern char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix);
 /*
  * Normalize and split path: Leading and trailing / are removed, multiple
  * / are compactified, .. and . are resolved (.. on the top level is considered
@@ -38,71 +37,70 @@ extern char *lxc_string_join(const char *sep, const char **parts,
  *     ./bar/baz/.. ->   { bar, NULL }
  *     foo//bar     ->   { foo, bar, NULL }
  */
-extern char **lxc_normalize_path(const char *path);
+__hidden extern char **lxc_normalize_path(const char *path);
 
 /* remove multiple slashes from the path, e.g. ///foo//bar -> /foo/bar */
-extern char *lxc_deslashify(const char *path);
-extern char *lxc_append_paths(const char *first, const char *second);
+__hidden extern char *lxc_deslashify(const char *path);
+__hidden extern char *lxc_append_paths(const char *first, const char *second);
 
 /*
  * Note: the following two functions use strtok(), so they will never
  *       consider an empty element, even if two delimiters are next to
  *       each other.
  */
-extern bool lxc_string_in_list(const char *needle, const char *haystack,
-			       char sep);
-extern char **lxc_string_split(const char *string, char sep);
-extern char **lxc_string_split_and_trim(const char *string, char sep);
-extern char **lxc_string_split_quoted(char *string);
+__hidden extern bool lxc_string_in_list(const char *needle, const char *haystack, char sep);
+__hidden extern char **lxc_string_split(const char *string, char sep);
+__hidden extern char **lxc_string_split_and_trim(const char *string, char sep);
+__hidden extern char **lxc_string_split_quoted(char *string);
 
 /* Append string to NULL-terminated string array. */
-extern int lxc_append_string(char ***list, char *entry);
+__hidden extern int lxc_append_string(char ***list, char *entry);
 
 /* Some simple array manipulation utilities */
 typedef void (*lxc_free_fn)(void *);
 typedef void *(*lxc_dup_fn)(void *);
-extern int lxc_grow_array(void ***array, size_t *capacity, size_t new_size,
-			  size_t capacity_increment);
-extern void lxc_free_array(void **array, lxc_free_fn element_free_fn);
-extern size_t lxc_array_len(void **array);
+__hidden extern int lxc_grow_array(void ***array, size_t *capacity, size_t new_size,
+				   size_t capacity_increment);
+__hidden extern void lxc_free_array(void **array, lxc_free_fn element_free_fn);
+__hidden extern size_t lxc_array_len(void **array);
 
-extern void **lxc_append_null_to_array(void **array, size_t count);
-extern void remove_trailing_newlines(char *l);
+__hidden extern void **lxc_append_null_to_array(void **array, size_t count);
+__hidden extern void remove_trailing_newlines(char *l);
 
 /* Helper functions to parse numbers. */
-extern int lxc_safe_uint(const char *numstr, unsigned int *converted);
-extern int lxc_safe_int(const char *numstr, int *converted);
-extern int lxc_safe_long(const char *numstr, long int *converted);
-extern int lxc_safe_long_long(const char *numstr, long long int *converted);
-extern int lxc_safe_ulong(const char *numstr, unsigned long *converted);
-extern int lxc_safe_uint64(const char *numstr, uint64_t *converted, int base);
-extern int lxc_safe_int64_residual(const char *numstr, int64_t *converted, int base, char *residual,
-				   size_t residual_len);
+__hidden extern int lxc_safe_uint(const char *numstr, unsigned int *converted);
+__hidden extern int lxc_safe_int(const char *numstr, int *converted);
+__hidden extern int lxc_safe_long(const char *numstr, long int *converted);
+__hidden extern int lxc_safe_long_long(const char *numstr, long long int *converted);
+__hidden extern int lxc_safe_ulong(const char *numstr, unsigned long *converted);
+__hidden extern int lxc_safe_uint64(const char *numstr, uint64_t *converted, int base);
+__hidden extern int lxc_safe_int64_residual(const char *numstr, int64_t *converted, int base,
+					    char *residual, size_t residual_len);
 /* Handles B, kb, MB, GB. Detects overflows and reports -ERANGE. */
-extern int parse_byte_size_string(const char *s, int64_t *converted);
+__hidden extern int parse_byte_size_string(const char *s, int64_t *converted);
 
 /*
  * Concatenate all passed-in strings into one path. Do not fail. If any piece
  * is not prefixed with '/', add a '/'.
  */
-__attribute__((sentinel)) extern char *must_concat(size_t *len, const char *first, ...);
-__attribute__((sentinel)) extern char *must_make_path(const char *first, ...);
-__attribute__((sentinel)) extern char *must_append_path(char *first, ...);
+__hidden __attribute__((sentinel)) extern char *must_concat(size_t *len, const char *first, ...);
+__hidden __attribute__((sentinel)) extern char *must_make_path(const char *first, ...);
+__hidden __attribute__((sentinel)) extern char *must_append_path(char *first, ...);
 
 /* Return copy of string @entry. Do not fail. */
-extern char *must_copy_string(const char *entry);
+__hidden extern char *must_copy_string(const char *entry);
 
 /* Re-allocate a pointer, do not fail */
-extern void *must_realloc(void *orig, size_t sz);
+__hidden extern void *must_realloc(void *orig, size_t sz);
 
-extern int lxc_char_left_gc(const char *buffer, size_t len);
+__hidden extern int lxc_char_left_gc(const char *buffer, size_t len);
 
-extern int lxc_char_right_gc(const char *buffer, size_t len);
+__hidden extern int lxc_char_right_gc(const char *buffer, size_t len);
 
-extern char *lxc_trim_whitespace_in_place(char *buffer);
+__hidden extern char *lxc_trim_whitespace_in_place(char *buffer);
 
-extern int lxc_is_line_empty(const char *line);
-extern void remove_trailing_slashes(char *p);
+__hidden extern int lxc_is_line_empty(const char *line);
+__hidden extern void remove_trailing_slashes(char *p);
 
 static inline bool is_empty_string(const char *s)
 {

src/tests/Makefile.am

@@ -6,7 +6,11 @@ lxc_test_api_reboot_SOURCES = api_reboot.c
 lxc_test_apparmor_SOURCES = aa.c
 lxc_test_attach_SOURCES = attach.c
 lxc_test_basic_SOURCES = basic.c
-lxc_test_cgpath_SOURCES = cgpath.c
+lxc_test_cgpath_SOURCES = cgpath.c \
+			  ../lxc/af_unix.c ../lxc/af_unix.h \
+			  ../lxc/commands.c ../lxc/commands.h \
+			  ../lxc/commands_utils.c ../lxc/commands_utils.h \
+			  ../lxc/string_utils.c ../lxc/string_utils.h
 lxc_test_clonetest_SOURCES = clonetest.c
 lxc_test_concurrent_SOURCES = concurrent.c
 lxc_test_config_jump_table_SOURCES = config_jump_table.c lxctest.h
@@ -31,7 +35,8 @@ lxc_test_raw_clone_SOURCES = lxc_raw_clone.c \
 			     lxctest.h \
 			     ../lxc/namespace.c ../lxc/namespace.h \
 			     ../lxc/process_utils.c ../lxc/process_utils.h
-			     ../lxc/utils.c ../lxc/utils.h
+			     ../lxc/utils.c ../lxc/utils.h \
+			     ../lxc/string_utils.c ../lxc/string_utils.h
 lxc_test_reboot_SOURCES = reboot.c
 lxc_test_saveconfig_SOURCES = saveconfig.c
 lxc_test_share_ns_SOURCES = share_ns.c \
@@ -44,7 +49,8 @@ lxc_test_startone_SOURCES = startone.c
 lxc_test_state_server_SOURCES = state_server.c \
 				lxctest.h \
 				../lxc/compiler.h
-lxc_test_utils_SOURCES = lxc-test-utils.c lxctest.h
+lxc_test_utils_SOURCES = lxc-test-utils.c lxctest.h \
+			 ../lxc/string_utils.c ../lxc/string_utils.h
 
 AM_CFLAGS=-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
 	  -DLXCPATH=\"$(LXCPATH)\" \