Merge pull request #2637 from brauner/2018-09-22/bugfixes

src/lxc/caps.c

@@ -299,7 +299,7 @@ static long int _real_caps_last_cap(void)
 		char buf[INTTYPE_TO_STRLEN(int)] = {0};
 
 	again:
-		n = read(fd, buf, sizeof(buf) - 1);
+		n = read(fd, buf, STRARRAYLEN(buf));
 		if (n < 0 && errno == EINTR) {
 			goto again;
 		} else if (n >= 0) {

src/lxc/cgroups/cgfsng.c

@@ -67,8 +67,6 @@
 #include "include/strlcat.h"
 #endif
 
-#define __cgfsng_ops__
-
 lxc_log_define(cgfsng, cgroup);
 
 static void free_string_list(char **clist)
@@ -136,8 +134,9 @@ static char *cg_legacy_must_prefix_named(char *entry)
 	len = strlen(entry);
 	prefixed = must_alloc(len + 6);
 
-	memcpy(prefixed, "name=", sizeof("name=") - 1);
-	memcpy(prefixed + sizeof("name=") - 1, entry, len);
+
+	memcpy(prefixed, "name=", STRLITERALLEN("name="));
+	memcpy(prefixed + STRLITERALLEN("name="), entry, len);
 	prefixed[len + 5] = '\0';
 	return prefixed;
 }
@@ -1103,7 +1102,7 @@ static int cgroup_rmdir_wrapper(void *data)
 	return cgroup_rmdir(arg->hierarchies, arg->container_cgroup);
 }
 
-__cgfsng_ops__ static void cgfsng_destroy(struct cgroup_ops *ops, struct lxc_handler *handler)
+__cgfsng_ops static void cgfsng_destroy(struct cgroup_ops *ops, struct lxc_handler *handler)
 {
 	int ret;
 	struct generic_userns_exec_data wrap;
@@ -1260,7 +1259,7 @@ static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname, bool mo
 		h->container_full_path = NULL;
 }
 
-__cgfsng_ops__ static inline bool cgfsng_monitor_create(struct cgroup_ops *ops,
+__cgfsng_ops static inline bool cgfsng_monitor_create(struct cgroup_ops *ops,
 							struct lxc_handler *handler)
 {
 	char *monitor_cgroup;
@@ -1299,7 +1298,7 @@ on_error:
 /* Try to create the same cgroup in all hierarchies. Start with cgroup_pattern;
  * next cgroup_pattern-1, -2, ..., -999.
  */
-__cgfsng_ops__ static inline bool cgfsng_payload_create(struct cgroup_ops *ops,
+__cgfsng_ops static inline bool cgfsng_payload_create(struct cgroup_ops *ops,
 							struct lxc_handler *handler)
 {
 	int i;
@@ -1374,7 +1373,7 @@ out_free:
 	return false;
 }
 
-__cgfsng_ops__ static bool __do_cgroup_enter(struct cgroup_ops *ops, pid_t pid,
+__cgfsng_ops static bool __do_cgroup_enter(struct cgroup_ops *ops, pid_t pid,
 					     bool monitor)
 {
 	int len;
@@ -1406,7 +1405,7 @@ __cgfsng_ops__ static bool __do_cgroup_enter(struct cgroup_ops *ops, pid_t pid,
 	return true;
 }
 
-__cgfsng_ops__ static bool cgfsng_monitor_enter(struct cgroup_ops *ops, pid_t pid)
+__cgfsng_ops static bool cgfsng_monitor_enter(struct cgroup_ops *ops, pid_t pid)
 {
 	return __do_cgroup_enter(ops, pid, true);
 }
@@ -1515,7 +1514,7 @@ static int chown_cgroup_wrapper(void *data)
 	return 0;
 }
 
-__cgfsng_ops__ static bool cgfsng_chown(struct cgroup_ops *ops,
+__cgfsng_ops static bool cgfsng_chown(struct cgroup_ops *ops,
 					struct lxc_conf *conf)
 {
 	struct generic_userns_exec_data wrap;
@@ -1665,7 +1664,7 @@ static inline int cg_mount_cgroup_full(int type, struct hierarchy *h,
 	return __cg_mount_direct(type, h, controllerpath);
 }
 
-__cgfsng_ops__ static bool cgfsng_mount(struct cgroup_ops *ops,
+__cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 					struct lxc_handler *handler,
 					const char *root, int type)
 {
@@ -1816,7 +1815,7 @@ static int recursive_count_nrtasks(char *dirname)
 	return count;
 }
 
-__cgfsng_ops__ static int cgfsng_nrtasks(struct cgroup_ops *ops)
+__cgfsng_ops static int cgfsng_nrtasks(struct cgroup_ops *ops)
 {
 	int count;
 	char *path;
@@ -1831,7 +1830,7 @@ __cgfsng_ops__ static int cgfsng_nrtasks(struct cgroup_ops *ops)
 }
 
 /* Only root needs to escape to the cgroup of its init. */
-__cgfsng_ops__ static bool cgfsng_escape(const struct cgroup_ops *ops,
+__cgfsng_ops static bool cgfsng_escape(const struct cgroup_ops *ops,
 					 struct lxc_conf *conf)
 {
 	int i;
@@ -1858,7 +1857,7 @@ __cgfsng_ops__ static bool cgfsng_escape(const struct cgroup_ops *ops,
 	return true;
 }
 
-__cgfsng_ops__ static int cgfsng_num_hierarchies(struct cgroup_ops *ops)
+__cgfsng_ops static int cgfsng_num_hierarchies(struct cgroup_ops *ops)
 {
 	int i;
 
@@ -1868,7 +1867,7 @@ __cgfsng_ops__ static int cgfsng_num_hierarchies(struct cgroup_ops *ops)
 	return i;
 }
 
-__cgfsng_ops__ static bool cgfsng_get_hierarchies(struct cgroup_ops *ops, int n, char ***out)
+__cgfsng_ops static bool cgfsng_get_hierarchies(struct cgroup_ops *ops, int n, char ***out)
 {
 	int i;
 
@@ -1888,7 +1887,7 @@ __cgfsng_ops__ static bool cgfsng_get_hierarchies(struct cgroup_ops *ops, int n,
 /* TODO: If the unified cgroup hierarchy grows a freezer controller this needs
  * to be adapted.
  */
-__cgfsng_ops__ static bool cgfsng_unfreeze(struct cgroup_ops *ops)
+__cgfsng_ops static bool cgfsng_unfreeze(struct cgroup_ops *ops)
 {
 	int ret;
 	char *fullpath;
@@ -1907,7 +1906,7 @@ __cgfsng_ops__ static bool cgfsng_unfreeze(struct cgroup_ops *ops)
 	return true;
 }
 
-__cgfsng_ops__ static const char *cgfsng_get_cgroup(struct cgroup_ops *ops,
+__cgfsng_ops static const char *cgfsng_get_cgroup(struct cgroup_ops *ops,
 						    const char *controller)
 {
 	struct hierarchy *h;
@@ -1967,8 +1966,8 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
 
 	free(full_path);
 
-	len = strlen(base_path) + sizeof("/lxc-1000") - 1 +
-	      sizeof("/cgroup-procs") - 1;
+	len = strlen(base_path) + STRLITERALLEN("/lxc-1000") +
+	      STRLITERALLEN("/cgroup-procs");
 	full_path = must_alloc(len + 1);
 	do {
 		if (idx)
@@ -2006,7 +2005,7 @@ on_error:
 	return fret;
 }
 
-__cgfsng_ops__ static bool cgfsng_attach(struct cgroup_ops *ops, const char *name,
+__cgfsng_ops static bool cgfsng_attach(struct cgroup_ops *ops, const char *name,
 					 const char *lxcpath, pid_t pid)
 {
 	int i, len, ret;
@@ -2053,7 +2052,7 @@ __cgfsng_ops__ static bool cgfsng_attach(struct cgroup_ops *ops, const char *nam
  * don't have a cgroup_data set up, so we ask the running container through the
  * commands API for the cgroup path.
  */
-__cgfsng_ops__ static int cgfsng_get(struct cgroup_ops *ops, const char *filename,
+__cgfsng_ops static int cgfsng_get(struct cgroup_ops *ops, const char *filename,
 				     char *value, size_t len, const char *name,
 				     const char *lxcpath)
 {
@@ -2092,7 +2091,7 @@ __cgfsng_ops__ static int cgfsng_get(struct cgroup_ops *ops, const char *filenam
  * don't have a cgroup_data set up, so we ask the running container through the
  * commands API for the cgroup path.
  */
-__cgfsng_ops__ static int cgfsng_set(struct cgroup_ops *ops,
+__cgfsng_ops static int cgfsng_set(struct cgroup_ops *ops,
 				     const char *filename, const char *value,
 				     const char *name, const char *lxcpath)
 {
@@ -2327,7 +2326,7 @@ static bool __cg_unified_setup_limits(struct cgroup_ops *ops,
 	return true;
 }
 
-__cgfsng_ops__ static bool cgfsng_setup_limits(struct cgroup_ops *ops,
+__cgfsng_ops static bool cgfsng_setup_limits(struct cgroup_ops *ops,
 					       struct lxc_conf *conf,
 					       bool do_devices)
 {
@@ -2639,7 +2638,7 @@ static bool cg_init(struct cgroup_ops *ops, struct lxc_conf *conf)
 	return cg_hybrid_init(ops, relative);
 }
 
-__cgfsng_ops__ static bool cgfsng_data_init(struct cgroup_ops *ops)
+__cgfsng_ops static bool cgfsng_data_init(struct cgroup_ops *ops)
 {
 	const char *cgroup_pattern;
 

src/lxc/cmd/lxc_init.c

@@ -467,7 +467,7 @@ out:
 	exit(exit_with);
 }
 
-__noreturn__ static void print_usage_exit(const struct option longopts[])
+__noreturn static void print_usage_exit(const struct option longopts[])
 
 {
 	fprintf(stderr, "Usage: lxc-init [-n|--name=NAME] [-h|--help] [--usage] [--version]\n\
@@ -475,7 +475,7 @@ __noreturn__ static void print_usage_exit(const struct option longopts[])
 	exit(0);
 }
 
-__noreturn__ static void print_version_exit(void)
+__noreturn static void print_version_exit(void)
 {
 	printf("%s\n", LXC_VERSION);
 	exit(0);

src/lxc/compiler.h

@@ -33,17 +33,19 @@
 #endif
 
 #if defined(__GNUC__) && __GNUC__ >= 7 || defined(__clang__)
-#define __fallthrough__ __attribute__((fallthrough))
+#define __fallthrough __attribute__((fallthrough))
 #else
-#define __fallthrough__
+#define __fallthrough
 #endif
 
 #ifndef _noreturn_
 #if __STDC_VERSION__ >= 201112L
-#define __noreturn__ _Noreturn
+#define __noreturn _Noreturn
 #else
-#define __noreturn__ __attribute__((noreturn))
+#define __noreturn __attribute__((noreturn))
 #endif
 #endif
 
+#define __cgfsng_ops
+
 #endif /* __LXC_COMPILER_H */

src/lxc/conf.c

@@ -372,7 +372,8 @@ int run_script_argv(const char *name, unsigned int hook_version,
 	for (i = 0; argv && argv[i]; i++)
 		size += strlen(argv[i]) + 1;
 
-	size += sizeof("exec");
+	size += STRLITERALLEN("exec");
+	size++;
 	size += strlen(script);
 	size++;
 
@@ -510,7 +511,7 @@ int run_script(const char *name, const char *section, const char *script, ...)
 		size += strlen(p) + 1;
 	va_end(ap);
 
-	size += strlen("exec");
+	size += STRLITERALLEN("exec");
 	size += strlen(script);
 	size += strlen(name);
 	size += strlen(section);
@@ -1663,13 +1664,13 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
 	mntopt_sets[0] = devpts_mntopts;
 
 	/* !gid=5 && max= */
-	mntopt_sets[1] = devpts_mntopts + sizeof("gid=5");
+	mntopt_sets[1] = devpts_mntopts + STRLITERALLEN("gid=5") + 1;
 
 	/* gid=5 && !max= */
 	mntopt_sets[2] = default_devpts_mntopts;
 
 	/* !gid=5 && !max= */
-	mntopt_sets[3] = default_devpts_mntopts + sizeof("gid=5");
+	mntopt_sets[3] = default_devpts_mntopts + STRLITERALLEN("gid=5") + 1;
 
 	/* end */
 	mntopt_sets[4] = NULL;
@@ -2405,8 +2406,7 @@ static int setup_mount(const struct lxc_conf *conf,
  */
 static const char nesting_helpers[] =
 "proc dev/.lxc/proc proc create=dir,optional\n"
-"sys dev/.lxc/sys sysfs create=dir,optional\n"
-;
+"sys dev/.lxc/sys sysfs create=dir,optional\n";
 
 FILE *make_anonymous_mount_file(struct lxc_list *mount,
 				bool include_nesting_helpers)
@@ -2453,8 +2453,8 @@ FILE *make_anonymous_mount_file(struct lxc_list *mount,
 
 	if (include_nesting_helpers) {
 		ret = lxc_write_nointr(fd, nesting_helpers,
-				       sizeof(nesting_helpers) - 1);
-		if (ret != sizeof(nesting_helpers) - 1)
+				       STRARRAYLEN(nesting_helpers));
+		if (ret != STRARRAYLEN(nesting_helpers))
 			goto on_error;
 	}
 
@@ -2834,7 +2834,7 @@ int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
 		}
 
 		if (fd >= 0) {
-			buflen = sizeof("deny\n") - 1;
+			buflen = STRLITERALLEN("deny\n");
 			errno = 0;
 			ret = lxc_write_nointr(fd, "deny\n", buflen);
 			close(fd);
@@ -3863,12 +3863,12 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
 	if (version == CGROUP2_SUPER_MAGIC) {
 		global_token = "lxc.cgroup2";
 		namespaced_token = "lxc.cgroup2.";
-		namespaced_token_len = sizeof("lxc.cgroup2.") - 1;
+		namespaced_token_len = STRLITERALLEN("lxc.cgroup2.");
 		list = &c->cgroup2;
 	} else if (version == CGROUP_SUPER_MAGIC) {
 		global_token = "lxc.cgroup";
 		namespaced_token = "lxc.cgroup.";
-		namespaced_token_len = sizeof("lxc.cgroup.") - 1;
+		namespaced_token_len = STRLITERALLEN("lxc.cgroup.");
 		list = &c->cgroup;
 	} else {
 		return -EINVAL;
@@ -3876,7 +3876,7 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
 
 	if (strcmp(key, global_token) == 0)
 		all = true;
-	else if (strncmp(key, namespaced_token, sizeof(namespaced_token) - 1) == 0)
+	else if (strncmp(key, namespaced_token, namespaced_token_len) == 0)
 		k += namespaced_token_len;
 	else
 		return -EINVAL;
@@ -3905,10 +3905,10 @@ int lxc_clear_limits(struct lxc_conf *c, const char *key)
 
 	if (strcmp(key, "lxc.limit") == 0 || strcmp(key, "lxc.prlimit") == 0)
 		all = true;
-	else if (strncmp(key, "lxc.limit.", sizeof("lxc.limit.") - 1) == 0)
-		k = key + sizeof("lxc.limit.") - 1;
-	else if (strncmp(key, "lxc.prlimit.", sizeof("lxc.prlimit.") - 1) == 0)
-		k = key + sizeof("lxc.prlimit.") - 1;
+	else if (strncmp(key, "lxc.limit.", STRLITERALLEN("lxc.limit.")) == 0)
+		k = key + STRLITERALLEN("lxc.limit.");
+	else if (strncmp(key, "lxc.prlimit.", STRLITERALLEN("lxc.prlimit.")) == 0)
+		k = key + STRLITERALLEN("lxc.prlimit.");
 	else
 		return -1;
 
@@ -3935,8 +3935,8 @@ int lxc_clear_sysctls(struct lxc_conf *c, const char *key)
 
 	if (strcmp(key, "lxc.sysctl") == 0)
 		all = true;
-	else if (strncmp(key, "lxc.sysctl.", sizeof("lxc.sysctl.") - 1) == 0)
-		k = key + sizeof("lxc.sysctl.") - 1;
+	else if (strncmp(key, "lxc.sysctl.", STRLITERALLEN("lxc.sysctl.")) == 0)
+		k = key + STRLITERALLEN("lxc.sysctl.");
 	else
 		return -1;
 
@@ -3964,8 +3964,8 @@ int lxc_clear_procs(struct lxc_conf *c, const char *key)
 
 	if (strcmp(key, "lxc.proc") == 0)
 		all = true;
-	else if (strncmp(key, "lxc.proc.", sizeof("lxc.proc.") - 1) == 0)
-		k = key + sizeof("lxc.proc.") - 1;
+	else if (strncmp(key, "lxc.proc.", STRLITERALLEN("lxc.proc.")) == 0)
+		k = key + STRLITERALLEN("lxc.proc.");
 	else
 		return -1;
 
@@ -4039,8 +4039,8 @@ int lxc_clear_hooks(struct lxc_conf *c, const char *key)
 
 	if (strcmp(key, "lxc.hook") == 0)
 		all = true;
-	else if (strncmp(key, "lxc.hook.", sizeof("lxc.hook.") - 1) == 0)
-		k = key + sizeof("lxc.hook.") - 1;
+	else if (strncmp(key, "lxc.hook.", STRLITERALLEN("lxc.hook.")) == 0)
+		k = key + STRLITERALLEN("lxc.hook.");
 	else
 		return -1;
 

src/lxc/confile.c

@@ -1437,10 +1437,10 @@ static int set_config_prlimit(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return lxc_clear_limits(lxc_conf, key);
 
-	if (strncmp(key, "lxc.prlimit.", sizeof("lxc.prlimit.") - 1) != 0)
+	if (strncmp(key, "lxc.prlimit.", STRLITERALLEN("lxc.prlimit.")) != 0)
 		return -1;
 
-	key += sizeof("lxc.prlimit.") - 1;
+	key += STRLITERALLEN("lxc.prlimit.");
 
 	/* soft limit comes first in the value */
 	if (!parse_limit_value(&value, &limit_value))
@@ -1526,10 +1526,10 @@ static int set_config_sysctl(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_sysctl(key, lxc_conf, NULL);
 
-	if (strncmp(key, "lxc.sysctl.", sizeof("lxc.sysctl.") - 1) != 0)
+	if (strncmp(key, "lxc.sysctl.", STRLITERALLEN("lxc.sysctl.")) != 0)
 		return -1;
 
-	key += sizeof("lxc.sysctl.") - 1;
+	key += STRLITERALLEN("lxc.sysctl.");
 
 	/* find existing list element */
 	lxc_list_for_each(iter, &lxc_conf->sysctls) {
@@ -1591,10 +1591,10 @@ static int set_config_proc(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_proc(key, lxc_conf, NULL);
 
-	if (strncmp(key, "lxc.proc.", sizeof("lxc.proc.") -1) != 0)
+	if (strncmp(key, "lxc.proc.", STRLITERALLEN("lxc.proc.")) != 0)
 		return -1;
 
-	subkey = key + sizeof("lxc.proc.") - 1;
+	subkey = key + STRLITERALLEN("lxc.proc.");
 	if (*subkey == '\0')
 		return -EINVAL;
 
@@ -1761,7 +1761,7 @@ static int set_config_mount_auto(const char *key, const char *value,
 				break;
 
 			if (strcmp("shmounts:", allowed_auto_mounts[i].token) == 0 &&
-			    strncmp("shmounts:", token, sizeof("shmounts:") - 1) == 0) {
+			    strncmp("shmounts:", token, STRLITERALLEN("shmounts:")) == 0) {
 				is_shmounts = true;
 				break;
 			}
@@ -1775,7 +1775,7 @@ static int set_config_mount_auto(const char *key, const char *value,
 		lxc_conf->auto_mounts &= ~allowed_auto_mounts[i].mask;
 		lxc_conf->auto_mounts |= allowed_auto_mounts[i].flag;
 		if (is_shmounts) {
-			lxc_conf->shmount.path_host = strdup(token + (sizeof("shmounts:") - 1));
+			lxc_conf->shmount.path_host = strdup(token + STRLITERALLEN("shmounts:"));
 			if (!lxc_conf->shmount.path_host) {
 				SYSERROR("Failed to copy shmounts host path");
 				goto on_error;
@@ -2331,7 +2331,7 @@ static int set_config_namespace_share(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_namespace_share(key, lxc_conf, data);
 
-	namespace = key + sizeof("lxc.namespace.share.") - 1;
+	namespace = key + STRLITERALLEN("lxc.namespace.share.");
 	ns_idx = lxc_namespace_2_ns_idx(namespace);
 	if (ns_idx < 0)
 		return ns_idx;
@@ -3177,11 +3177,11 @@ static int __get_config_cgroup_controller(const char *key, char *retv,
 	if (version == CGROUP2_SUPER_MAGIC) {
 		global_token = "lxc.cgroup2";
 		namespaced_token = "lxc.cgroup2.";
-		namespaced_token_len = sizeof("lxc.cgroup2.") - 1;;
+		namespaced_token_len = STRLITERALLEN("lxc.cgroup2.");
 	} else if (version == CGROUP_SUPER_MAGIC) {
 		global_token = "lxc.cgroup";
 		namespaced_token = "lxc.cgroup.";
-		namespaced_token_len = sizeof("lxc.cgroup.") - 1;;
+		namespaced_token_len = STRLITERALLEN("lxc.cgroup.");
 	} else {
 		return -1;
 	}
@@ -3743,8 +3743,8 @@ static int get_config_prlimit(const char *key, char *retv, int inlen,
 		struct lxc_limit *lim = it->elem;
 
 		if (lim->limit.rlim_cur == RLIM_INFINITY) {
-			memcpy(buf, "unlimited", sizeof("unlimited"));
-			partlen = sizeof("unlimited") - 1;
+			memcpy(buf, "unlimited", STRLITERALLEN("unlimited") + 1);
+			partlen = STRLITERALLEN("unlimited");
 		} else {
 			partlen = sprintf(buf, "%" PRIu64,
 					  (uint64_t)lim->limit.rlim_cur);
@@ -3752,7 +3752,7 @@ static int get_config_prlimit(const char *key, char *retv, int inlen,
 		if (lim->limit.rlim_cur != lim->limit.rlim_max) {
 			if (lim->limit.rlim_max == RLIM_INFINITY)
 				memcpy(buf + partlen, ":unlimited",
-				       sizeof(":unlimited"));
+				       STRLITERALLEN(":unlimited") + 1);
 			else
 				sprintf(buf + partlen, ":%" PRIu64,
 					(uint64_t)lim->limit.rlim_max);
@@ -3788,8 +3788,8 @@ static int get_config_sysctl(const char *key, char *retv, int inlen,
 
 	if (strcmp(key, "lxc.sysctl") == 0)
 		get_all = true;
-	else if (strncmp(key, "lxc.sysctl.", sizeof("lxc.sysctl.") - 1) == 0)
-		key += sizeof("lxc.sysctl.") - 1;
+	else if (strncmp(key, "lxc.sysctl.", STRLITERALLEN("lxc.sysctl.")) == 0)
+		key += STRLITERALLEN("lxc.sysctl.");
 	else
 		return -1;
 
@@ -3821,8 +3821,8 @@ static int get_config_proc(const char *key, char *retv, int inlen,
 
 	if (strcmp(key, "lxc.proc") == 0)
 		get_all = true;
-	else if (strncmp(key, "lxc.proc.", sizeof("lxc.proc.") - 1) == 0)
-		key += sizeof("lxc.proc.") - 1;
+	else if (strncmp(key, "lxc.proc.", STRLITERALLEN("lxc.proc.")) == 0)
+		key += STRLITERALLEN("lxc.proc.");
 	else
 		return -1;
 
@@ -3890,7 +3890,7 @@ static int get_config_namespace_share(const char *key, char *retv, int inlen,
 	else
 		memset(retv, 0, inlen);
 
-	namespace = key + sizeof("lxc.namespace.share.") - 1;
+	namespace = key + STRLITERALLEN("lxc.namespace.share.");
 	ns_idx = lxc_namespace_2_ns_idx(namespace);
 	if (ns_idx < 0)
 		return ns_idx;
@@ -4335,7 +4335,7 @@ static int clr_config_namespace_share(const char *key,
 	int ns_idx;
 	const char *namespace;
 
-	namespace = key + sizeof("lxc.namespace.share.") - 1;
+	namespace = key + STRLITERALLEN("lxc.namespace.share.");
 	ns_idx = lxc_namespace_2_ns_idx(namespace);
 	if (ns_idx < 0)
 		return ns_idx;

src/lxc/confile_utils.c

@@ -736,9 +736,9 @@ bool parse_limit_value(const char **value, rlim_t *res)
 {
 	char *endptr = NULL;
 
-	if (strncmp(*value, "unlimited", sizeof("unlimited") - 1) == 0) {
+	if (strncmp(*value, "unlimited", STRLITERALLEN("unlimited")) == 0) {
 		*res = RLIM_INFINITY;
-		*value += sizeof("unlimited") - 1;
+		*value += STRLITERALLEN("unlimited");
 		return true;
 	}
 

src/lxc/log.c

@@ -347,7 +347,7 @@ static int log_append_logfile(const struct lxc_log_appender *appender,
 	if (n < 0)
 		return n;
 
-	if ((size_t)n < (sizeof(buffer) - 1)) {
+	if ((size_t)n < STRARRAYLEN(buffer)) {
 		ret = vsnprintf(buffer + n, sizeof(buffer) - n, event->fmt, *event->vap);
 		if (ret < 0)
 			return 0;
@@ -356,7 +356,7 @@ static int log_append_logfile(const struct lxc_log_appender *appender,
 	}
 
 	if ((size_t)n >= sizeof(buffer))
-		n = sizeof(buffer) - 1;
+		n = STRARRAYLEN(buffer);
 
 	buffer[n] = '\n';
 
@@ -835,7 +835,7 @@ inline const char *lxc_log_get_file(void)
 
 inline void lxc_log_set_prefix(const char *prefix)
 {
-	/* We don't care if thte prefix is truncated. */
+	/* We don't care if the prefix is truncated. */
 	(void)strlcpy(log_prefix, prefix, sizeof(log_prefix));
 }
 

src/lxc/lsm/apparmor.c

@@ -667,21 +667,21 @@ static char *get_apparmor_profile_content(struct lxc_conf *conf, const char *lxc
 	size = strlen(profile);
 
 	must_append_sized(&profile, &size, AA_PROFILE_BASE,
-	                  sizeof(AA_PROFILE_BASE) - 1);
+	                  STRARRAYLEN(AA_PROFILE_BASE));
 
 	if (aa_supports_unix)
 		must_append_sized(&profile, &size, AA_PROFILE_UNIX_SOCKETS,
-		                  sizeof(AA_PROFILE_UNIX_SOCKETS) - 1);
+		                  STRARRAYLEN(AA_PROFILE_UNIX_SOCKETS));
 
 	if (file_exists("/proc/self/ns/cgroup"))
 		must_append_sized(&profile, &size, AA_PROFILE_CGROUP_NAMESPACES,
-		                  sizeof(AA_PROFILE_CGROUP_NAMESPACES) - 1);
+		                  STRARRAYLEN(AA_PROFILE_CGROUP_NAMESPACES));
 
 	if (aa_can_stack && !aa_is_stacked) {
 		char *namespace, *temp;
 
 		must_append_sized(&profile, &size, AA_PROFILE_STACKING_BASE,
-		                  sizeof(AA_PROFILE_STACKING_BASE) - 1);
+		                  STRARRAYLEN(AA_PROFILE_STACKING_BASE));
 
 		namespace = apparmor_namespace(conf->name, lxcpath);
 		temp = must_concat("  change_profile -> \":", namespace, ":*\",\n"
@@ -693,12 +693,12 @@ static char *get_apparmor_profile_content(struct lxc_conf *conf, const char *lxc
 		free(temp);
 	} else {
 		must_append_sized(&profile, &size, AA_PROFILE_NO_STACKING,
-		                  sizeof(AA_PROFILE_NO_STACKING) - 1);
+		                  STRARRAYLEN(AA_PROFILE_NO_STACKING));
 	}
 
 	if (conf->lsm_aa_allow_nesting) {
 		must_append_sized(&profile, &size, AA_PROFILE_NESTING_BASE,
-		                  sizeof(AA_PROFILE_NESTING_BASE) - 1);
+		                  STRARRAYLEN(AA_PROFILE_NESTING_BASE));
 
 		if (!aa_can_stack || aa_is_stacked) {
 			char *temp;
@@ -712,7 +712,7 @@ static char *get_apparmor_profile_content(struct lxc_conf *conf, const char *lxc
 
 	if (!is_privileged(conf) || am_host_unpriv())
 		must_append_sized(&profile, &size, AA_PROFILE_UNPRIVILEGED,
-		                  sizeof(AA_PROFILE_UNPRIVILEGED) - 1);
+		                  STRARRAYLEN(AA_PROFILE_UNPRIVILEGED));
 
 	lxc_list_for_each(it, &conf->lsm_aa_raw) {
 		const char *line = it->elem;
@@ -999,9 +999,9 @@ static int apparmor_prepare(struct lxc_conf *conf, const char *lxcpath)
 		if (aa_can_stack && !aa_is_stacked) {
 			char *namespace = apparmor_namespace(conf->name, lxcpath);
 			size_t llen = strlen(genlabel);
-			must_append_sized(&genlabel, &llen, "//&:", sizeof("//&:") - 1);
+			must_append_sized(&genlabel, &llen, "//&:", STRARRAYLEN("//&:"));
 			must_append_sized(&genlabel, &llen, namespace, strlen(namespace));
-			must_append_sized(&genlabel, &llen, ":", sizeof(":")); /* with the nul byte */
+			must_append_sized(&genlabel, &llen, ":", STRARRAYLEN(":") + 1); /* with the nul byte */
 			free(namespace);
 		}
 

src/lxc/lxclock.c

@@ -106,7 +106,7 @@ static char *lxclock_name(const char *p, const char *n)
 	 */
 
 	/* length of "/lxc/lock/" + $lxcpath + "/" + "." + $lxcname + '\0' */
-	len = (sizeof("/lxc/lock/") - 1) + strlen(n) + strlen(p) + 3;
+	len = STRLITERALLEN("/lxc/lock/") + strlen(n) + strlen(p) + 3;
 
 	rundir = get_rundir();
 	if (!rundir)

src/lxc/macro.h

@@ -348,4 +348,7 @@ extern int __build_bug_on_failed;
 #define LXC_INVALID_UID ((uid_t)-1)
 #define LXC_INVALID_GID ((gid_t)-1)
 
+#define STRLITERALLEN(x) (sizeof(""x"") - 1)
+#define STRARRAYLEN(x) (sizeof(x) - 1)
+
 #endif /* __LXC_MACRO_H */

src/lxc/storage/overlay.c

@@ -31,6 +31,7 @@
 #include "confile.h"
 #include "log.h"
 #include "lxccontainer.h"
+#include "macro.h"
 #include "overlay.h"
 #include "rsync.h"
 #include "storage.h"
@@ -94,7 +95,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			return -22;
 		}
 
-		if (strlen(lastslash) < (sizeof("/rootfs") - 1)) {
+		if (strlen(lastslash) < STRLITERALLEN("/rootfs")) {
 			ERROR("Failed to detect \"/rootfs\" in string \"%s\"",
 			      new->dest);
 			return -22;
@@ -110,8 +111,8 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 		}
 
 		memcpy(delta, new->dest, lastslashidx + 1);
-		memcpy(delta + lastslashidx, "delta0", sizeof("delta0") - 1);
-		delta[lastslashidx + sizeof("delta0") - 1] = '\0';
+		memcpy(delta + lastslashidx, "delta0", STRLITERALLEN("delta0"));
+		delta[lastslashidx + STRLITERALLEN("delta0")] = '\0';
 
 		ret = mkdir(delta, 0755);
 		if (ret < 0 && errno != EEXIST) {
@@ -142,8 +143,8 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 		}
 
 		memcpy(work, new->dest, lastslashidx + 1);
-		memcpy(work + lastslashidx, "olwork", sizeof("olwork") - 1);
-		work[lastslashidx + sizeof("olwork") - 1] = '\0';
+		memcpy(work + lastslashidx, "olwork", STRLITERALLEN("olwork"));
+		work[lastslashidx + STRLITERALLEN("olwork")] = '\0';
 
 		ret = mkdir(work, 0755);
 		if (ret < 0) {
@@ -253,8 +254,8 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 		}
 
 		memcpy(work, ndelta, lastslashidx + 1);
-		memcpy(work + lastslashidx, "olwork", sizeof("olwork") - 1);
-		work[lastslashidx + sizeof("olwork") - 1] = '\0';
+		memcpy(work + lastslashidx, "olwork", STRLITERALLEN("olwork"));
+		work[lastslashidx + STRLITERALLEN("olwork")] = '\0';
 
 		ret = mkdir(work, 0755);
 		if (ret < 0 && errno != EEXIST) {
@@ -335,11 +336,11 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			return -1;
 		}
 
-		if (!strncmp(s1, "/snaps", sizeof("/snaps") - 1)) {
+		if (!strncmp(s1, "/snaps", STRLITERALLEN("/snaps"))) {
 			s1 = clean_new_path;
 			s2 = clean_old_path;
 			s3 = (char *)cname;
-		} else if (!strncmp(s2, "/snaps", sizeof("/snaps") - 1)) {
+		} else if (!strncmp(s2, "/snaps", STRLITERALLEN("/snaps"))) {
 			s1 = clean_old_path;
 			s2 = clean_new_path;
 			s3 = (char *)oldname;
@@ -415,7 +416,7 @@ int ovl_create(struct lxc_storage *bdev, const char *dest, const char *n,
 		ERROR("Failed to allocate memory");
 		return -1;
 	}
-	memcpy(delta + len - 6, "delta0", sizeof("delta0") - 1);
+	memcpy(delta + len - 6, "delta0", STRLITERALLEN("delta0"));
 
 	ret = mkdir_p(delta, 0755);
 	if (ret < 0) {
@@ -568,8 +569,8 @@ int ovl_mount(struct lxc_storage *bdev)
 	}
 
 	memcpy(work, upper, lastslashidx + 1);
-	memcpy(work + lastslashidx, "olwork", sizeof("olwork") - 1);
-	work[lastslashidx + sizeof("olwork") - 1] = '\0';
+	memcpy(work + lastslashidx, "olwork", STRLITERALLEN("olwork"));
+	work[lastslashidx + STRLITERALLEN("olwork")] = '\0';
 
 	ret = parse_mntopts(bdev->mntopts, &mntflags, &mntdata);
 	if (ret < 0) {

src/lxc/tools/arguments.c

@@ -88,7 +88,7 @@ is2big:
 	return -1;
 }
 
-__noreturn__ static void print_usage_exit(const struct option longopts[],
+__noreturn static void print_usage_exit(const struct option longopts[],
 					  const struct lxc_arguments *a_args)
 
 {
@@ -135,13 +135,13 @@ __noreturn__ static void print_usage_exit(const struct option longopts[],
 	exit(0);
 }
 
-__noreturn__ static void print_version_exit()
+__noreturn static void print_version_exit()
 {
 	printf("%s\n", lxc_get_version());
 	exit(0);
 }
 
-__noreturn__ static void print_help_exit(const struct lxc_arguments *args,
+__noreturn static void print_help_exit(const struct lxc_arguments *args,
 					 int code)
 {
 	fprintf(stderr, "\