lxcseccomp: hide unnecessary symbols

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxcseccomp: hide unnecessary symbols
66e8f7a8 · Christian Brauner · 4f6b5266 · 66e8f7a8 · 66e8f7a8 · 66e8f7a8
Unverified Commit 66e8f7a8 authored Jul 20, 2020 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 146 additions and 17 deletions

Makefile.am src/lxc/Makefile.am +103 -1

lxcseccomp.h src/lxc/lxcseccomp.h +14 -15

Makefile.am src/tests/Makefile.am +29 -1

No files found.
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -183,7 +183,7 @@ endif
 endif

 if ENABLE_SECCOMP
-liblxc_la_SOURCES += seccomp.c
+liblxc_la_SOURCES += seccomp.c lxcseccomp.h
 endif

 if !HAVE_STRLCPY
@@ -341,6 +341,10 @@ lxc_attach_SOURCES = tools/lxc_attach.c \
 		     log.c log.h \
 		     rexec.c rexec.h \
 		     string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_attach_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_autostart_SOURCES = tools/lxc_autostart.c \
 			tools/arguments.c tools/arguments.h \
 			af_unix.c af_unix.h \
@@ -352,6 +356,10 @@ lxc_autostart_SOURCES = tools/lxc_autostart.c \
 			initutils.c initutils.h \
 			log.c log.h \
 			string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_autostart_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_cgroup_SOURCES = tools/lxc_cgroup.c \
 		     tools/arguments.c tools/arguments.h \
 		     af_unix.c af_unix.h \
@@ -363,6 +371,10 @@ lxc_cgroup_SOURCES = tools/lxc_cgroup.c \
 		     initutils.c initutils.h \
 		     log.c log.h \
 		     string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_cgroup_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_config_SOURCES = tools/lxc_config.c \
 		     tools/arguments.c tools/arguments.h \
 		     af_unix.c af_unix.h \
@@ -374,6 +386,10 @@ lxc_config_SOURCES = tools/lxc_config.c \
 		     initutils.c initutils.h \
 		     log.c log.h \
 		     string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_config_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_console_SOURCES = tools/lxc_console.c \
 		      tools/arguments.c tools/arguments.h \
 		      af_unix.c af_unix.h \
@@ -385,6 +401,10 @@ lxc_console_SOURCES = tools/lxc_console.c \
 		      initutils.c initutils.h \
 		      log.c log.h \
 		      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_console_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_destroy_SOURCES = tools/lxc_destroy.c \
 		      tools/arguments.c tools/arguments.h \
 		      af_unix.c af_unix.h \
@@ -396,6 +416,10 @@ lxc_destroy_SOURCES = tools/lxc_destroy.c \
 		      initutils.c initutils.h \
 		      log.c log.h \
 		      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_destroy_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_device_SOURCES = tools/lxc_device.c \
 		     tools/arguments.c tools/arguments.h \
 		     af_unix.c af_unix.h \
@@ -407,6 +431,10 @@ lxc_device_SOURCES = tools/lxc_device.c \
 		     initutils.c initutils.h \
 		     log.c log.h \
 		     string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_device_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_execute_SOURCES = tools/lxc_execute.c \
 		      tools/arguments.c tools/arguments.h \
 		      af_unix.c af_unix.h \
@@ -418,6 +446,10 @@ lxc_execute_SOURCES = tools/lxc_execute.c \
 		      initutils.c initutils.h \
 		      log.c log.h \
 		      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_execute_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_freeze_SOURCES = tools/lxc_freeze.c \
 		     tools/arguments.c tools/arguments.h \
 		     af_unix.c af_unix.h \
@@ -429,6 +461,10 @@ lxc_freeze_SOURCES = tools/lxc_freeze.c \
 		     initutils.c initutils.h \
 		     log.c log.h \
 		     string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_freeze_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_info_SOURCES = tools/lxc_info.c \
 		   tools/arguments.c tools/arguments.h \
 		   af_unix.c af_unix.h \
@@ -440,6 +476,10 @@ lxc_info_SOURCES = tools/lxc_info.c \
 		   initutils.c initutils.h \
 		   log.c log.h \
 		   string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_info_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_monitor_SOURCES = tools/lxc_monitor.c \
 		      tools/arguments.c tools/arguments.h \
 		      af_unix.c af_unix.h \
@@ -452,6 +492,10 @@ lxc_monitor_SOURCES = tools/lxc_monitor.c \
 		      log.c log.h \
 		      macro.h \
 		      string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_monitor_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_ls_SOURCES = tools/lxc_ls.c \
 		 tools/arguments.c tools/arguments.h \
 		 af_unix.c af_unix.h \
@@ -464,6 +508,10 @@ lxc_ls_SOURCES = tools/lxc_ls.c \
 		 log.c log.h \
 		 memory_utils.h \
 		 string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_ls_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_copy_SOURCES = tools/lxc_copy.c \
 		   tools/arguments.c tools/arguments.h \
 		   af_unix.c af_unix.h \
@@ -476,6 +524,10 @@ lxc_copy_SOURCES = tools/lxc_copy.c \
 		   log.c log.h \
 		   storage/storage_utils.c storage/storage_utils.h \
 		   string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_copy_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_start_SOURCES = tools/lxc_start.c \
 		    tools/arguments.c tools/arguments.h \
 		    af_unix.c af_unix.h \
@@ -487,6 +539,10 @@ lxc_start_SOURCES = tools/lxc_start.c \
 		    initutils.c initutils.h \
 		    log.c log.h \
 		    string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_start_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_stop_SOURCES = tools/lxc_stop.c \
 		   tools/arguments.c tools/arguments.h \
 		   af_unix.c af_unix.h \
@@ -498,6 +554,10 @@ lxc_stop_SOURCES = tools/lxc_stop.c \
 		   initutils.c initutils.h \
 		   log.c log.h \
 		   string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_stop_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_top_SOURCES = tools/lxc_top.c \
 		  tools/arguments.c tools/arguments.h \
 		  af_unix.c af_unix.h \
@@ -509,6 +569,10 @@ lxc_top_SOURCES = tools/lxc_top.c \
 		  initutils.c initutils.h \
 		  log.c log.h \
 		  string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_top_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \
 		       tools/arguments.c tools/arguments.h \
 		       af_unix.c af_unix.h \
@@ -520,6 +584,10 @@ lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \
 		       initutils.c initutils.h \
 		       log.c log.h \
 		       string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_unfreeze_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_unshare_SOURCES = tools/lxc_unshare.c \
 		      tools/arguments.c tools/arguments.h \
 		      af_unix.c af_unix.h \
@@ -533,6 +601,10 @@ lxc_unshare_SOURCES = tools/lxc_unshare.c \
 		      string_utils.c string_utils.h \
 		      syscall_numbers.h \
 		      syscall_wrappers.h
+if ENABLE_SECCOMP
+lxc_unshare_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_wait_SOURCES = tools/lxc_wait.c \
 		   tools/arguments.c tools/arguments.h \
 		   af_unix.c af_unix.h \
@@ -544,6 +616,10 @@ lxc_wait_SOURCES = tools/lxc_wait.c \
 		   initutils.c initutils.h \
 		   log.c log.h \
 		   string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_wait_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_create_SOURCES = tools/lxc_create.c \
 		     tools/arguments.c tools/arguments.h \
 		     af_unix.c af_unix.h \
@@ -556,6 +632,10 @@ lxc_create_SOURCES = tools/lxc_create.c \
 		     log.c log.h \
 		     storage/storage_utils.c storage/storage_utils.h \
 		     string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_create_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_snapshot_SOURCES = tools/lxc_snapshot.c \
 		       tools/arguments.c tools/arguments.h \
 		       af_unix.c af_unix.h \
@@ -567,6 +647,10 @@ lxc_snapshot_SOURCES = tools/lxc_snapshot.c \
 		       initutils.c initutils.h \
 		       log.c log.h \
 		       string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_snapshot_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \
 			 tools/arguments.c tools/arguments.h \
 			 af_unix.c af_unix.h \
@@ -578,6 +662,10 @@ lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \
 			 initutils.c initutils.h \
 			 log.c log.h \
 			 string_utils.c string_utils.h
+if ENABLE_SECCOMP
+lxc_checkpoint_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 endif

 if ENABLE_COMMANDS
@@ -594,6 +682,9 @@ init_lxc_SOURCES = cmd/lxc_init.c \
 		   process_utils.c process_utils.h \
 		   syscall_numbers.h \
 		   string_utils.c string_utils.h
+if ENABLE_SECCOMP
+init_lxc_SOURCES += seccomp.c lxcseccomp.h
+endif

 init_lxc_LDFLAGS = -pthread

@@ -612,6 +703,10 @@ lxc_monitord_SOURCES = cmd/lxc_monitord.c \
 		       string_utils.c string_utils.h \
 		       syscall_numbers.h \
 		       utils.c utils.h
+if ENABLE_SECCOMP
+lxc_monitord_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
 		       ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \
 		       af_unix.c af_unix.h \
@@ -630,6 +725,10 @@ lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
 		       syscall_numbers.h \
 		       string_utils.c string_utils.h \
 		       syscall_wrappers.h
+if ENABLE_SECCOMP
+lxc_user_nic_SOURCES += seccomp.c lxcseccomp.h
+endif
+
 lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
 			 af_unix.c af_unix.h \
 			 caps.c caps.h \
@@ -645,6 +744,9 @@ lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
 			 string_utils.c string_utils.h \
 			 syscall_wrappers.h \
 			 utils.c utils.h
+if ENABLE_SECCOMP
+lxc_usernsexec_SOURCES += seccomp.c lxcseccomp.h
+endif
 endif



--- a/src/lxc/lxcseccomp.h
+++ b/src/lxc/lxcseccomp.h
@@ -16,6 +16,7 @@
 #include <sys/un.h>
 #endif

+#include "compiler.h"
 #include "conf.h"
 #include "config.h"
 #include "memory_utils.h"
@@ -77,21 +78,19 @@ struct lxc_seccomp {
 #endif /* HAVE_DECL_SECCOMP_NOTIFY_FD */
 };

-extern int lxc_seccomp_load(struct lxc_conf *conf);
-extern int lxc_read_seccomp_config(struct lxc_conf *conf);
-extern void lxc_seccomp_free(struct lxc_seccomp *seccomp);
-extern int seccomp_notify_handler(int fd, uint32_t events, void *data,
-				  struct lxc_epoll_descr *descr);
-extern void seccomp_conf_init(struct lxc_conf *conf);
-extern int lxc_seccomp_setup_proxy(struct lxc_seccomp *seccomp,
-				   struct lxc_epoll_descr *descr,
-				   struct lxc_handler *handler);
-extern int lxc_seccomp_send_notifier_fd(struct lxc_seccomp *seccomp,
-					int socket_fd);
-extern int lxc_seccomp_recv_notifier_fd(struct lxc_seccomp *seccomp,
-					int socket_fd);
-extern int lxc_seccomp_add_notifier(const char *name, const char *lxcpath,
-				    struct lxc_seccomp *seccomp);
+__hidden extern int lxc_seccomp_load(struct lxc_conf *conf);
+__hidden extern int lxc_read_seccomp_config(struct lxc_conf *conf);
+__hidden extern void lxc_seccomp_free(struct lxc_seccomp *seccomp);
+__hidden extern int seccomp_notify_handler(int fd, uint32_t events, void *data,
+					   struct lxc_epoll_descr *descr);
+__hidden extern void seccomp_conf_init(struct lxc_conf *conf);
+__hidden extern int lxc_seccomp_setup_proxy(struct lxc_seccomp *seccomp,
+					    struct lxc_epoll_descr *descr,
+					    struct lxc_handler *handler);
+__hidden extern int lxc_seccomp_send_notifier_fd(struct lxc_seccomp *seccomp, int socket_fd);
+__hidden extern int lxc_seccomp_recv_notifier_fd(struct lxc_seccomp *seccomp, int socket_fd);
+__hidden extern int lxc_seccomp_add_notifier(const char *name, const char *lxcpath,
+					     struct lxc_seccomp *seccomp);
 static inline int lxc_seccomp_get_notify_fd(struct lxc_seccomp *seccomp)
 {
 #if HAVE_DECL_SECCOMP_NOTIFY_FD

--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
 if ENABLE_TESTS

-LDADD = ../lxc/liblxc.la
+LDADD = ../lxc/liblxc.la \
+	@CAP_LIBS@ \
+	@OPENSSL_LIBS@ \
+	@SECCOMP_LIBS@ \
+	@SELINUX_LIBS@ \
+	@DLOG_LIBS@

 lxc_test_api_reboot_SOURCES = api_reboot.c \
 			      ../lxc/af_unix.c ../lxc/af_unix.h \
@@ -16,6 +21,10 @@ lxc_test_api_reboot_SOURCES = api_reboot.c \
 			      ../lxc/network.c ../lxc/network.h \
 			      ../lxc/nl.c ../lxc/nl.h \
 			      ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_api_reboot_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
 lxc_test_apparmor_SOURCES = aa.c
 lxc_test_attach_SOURCES = attach.c \
 			  ../lxc/af_unix.c ../lxc/af_unix.h \
@@ -31,6 +40,10 @@ lxc_test_attach_SOURCES = attach.c \
 			  ../lxc/network.c ../lxc/network.h \
 			  ../lxc/nl.c ../lxc/nl.h \
 			  ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_attach_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
 lxc_test_basic_SOURCES = basic.c
 lxc_test_cgpath_SOURCES = cgpath.c \
 			  ../lxc/af_unix.c ../lxc/af_unix.h \
@@ -46,6 +59,10 @@ lxc_test_cgpath_SOURCES = cgpath.c \
 			  ../lxc/network.c ../lxc/network.h \
 			  ../lxc/nl.c ../lxc/nl.h \
 			  ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_cgpath_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
 lxc_test_clonetest_SOURCES = clonetest.c
 lxc_test_concurrent_SOURCES = concurrent.c
 lxc_test_config_jump_table_SOURCES = config_jump_table.c \
@@ -63,6 +80,10 @@ lxc_test_config_jump_table_SOURCES = config_jump_table.c \
 				     ../lxc/network.c ../lxc/network.h \
 				     ../lxc/nl.c ../lxc/nl.h \
 				     ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_config_jump_table_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
 lxc_test_console_SOURCES = console.c
 lxc_test_console_log_SOURCES = console_log.c lxctest.h
 lxc_test_containertests_SOURCES = containertests.c
@@ -99,6 +120,10 @@ lxc_test_parse_config_file_SOURCES = parse_config_file.c \
 				     ../lxc/network.c ../lxc/network.h \
 				     ../lxc/nl.c ../lxc/nl.h \
 				     ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_parse_config_file_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif
+
 lxc_test_raw_clone_SOURCES = lxc_raw_clone.c \
 			     lxctest.h \
 			     ../lxc/caps.c ../lxc/caps.h \
@@ -137,6 +162,9 @@ lxc_test_utils_SOURCES = lxc-test-utils.c \
 			  ../lxc/network.c ../lxc/network.h \
 			  ../lxc/nl.c ../lxc/nl.h \
 			  ../lxc/string_utils.c ../lxc/string_utils.h
+if ENABLE_SECCOMP
+lxc_test_utils_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
+endif

 AM_CFLAGS=-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
 	  -DLXCPATH=\"$(LXCPATH)\" \