Merge pull request #2572 from brauner/2018-08-24/musl_fixes

configure.ac

@@ -611,7 +611,7 @@ AC_CHECK_DECLS([PR_SET_NO_NEW_PRIVS], [], [], [#include <sys/prctl.h>])
 AC_CHECK_DECLS([PR_GET_NO_NEW_PRIVS], [], [], [#include <sys/prctl.h>])
 
 # Check for some headers
-AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/memfd.h sys/personality.h utmpx.h sys/timerfd.h sys/resource.h])
+AC_CHECK_HEADERS([pty.h sys/memfd.h sys/personality.h sys/resource.h sys/signalfd.h sys/timerfd.h utmpx.h])
 
 AC_CHECK_HEADER([ifaddrs.h],
 	AM_CONDITIONAL(HAVE_IFADDRS_H, true)

src/lxc/Makefile.am

@@ -6,6 +6,7 @@ noinst_HEADERS = attach.h \
 		 caps.h \
 		 cgroups/cgroup.h \
 		 cgroups/cgroup_utils.h \
+		 compiler.h \
 		 conf.h \
 		 confile.h \
 		 confile_utils.h \
@@ -39,9 +40,12 @@ noinst_HEADERS = attach.h \
 		 tools/arguments.h \
 		 utils.h
 
+if !HAVE_IFADDRS_H
+noinst_HEADERS += ../include/ifaddrs.h
+endif
+
 if IS_BIONIC
-noinst_HEADERS += ../include/ifaddrs.h \
-		  ../include/lxcmntent.h \
+noinst_HEADERS += ../include/lxcmntent.h \
 		  ../include/openpty.h
 endif
 
@@ -86,6 +90,7 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \
 		    cgroups/cgfsng.c \
 		    cgroups/cgroup.c cgroups/cgroup.h \
 		    cgroups/cgroup_utils.c cgroups/cgroup_utils.h \
+		    compiler.h \
 		    commands.c commands.h \
 		    commands_utils.c commands_utils.h \
 		    conf.c conf.h \
@@ -300,6 +305,7 @@ lxc_freeze_SOURCES = tools/lxc_freeze.c \
 lxc_info_SOURCES = tools/lxc_info.c \
 		   tools/arguments.c tools/arguments.h
 lxc_monitor_SOURCES = tools/lxc_monitor.c \
+		      macro.h \
 		      tools/arguments.c tools/arguments.h
 lxc_ls_SOURCES = tools/lxc_ls.c \
 		 tools/arguments.c tools/arguments.h

src/lxc/caps.c

@@ -39,31 +39,6 @@ lxc_log_define(caps, lxc);
 
 #if HAVE_LIBCAP
 
-#ifndef PR_CAPBSET_READ
-#define PR_CAPBSET_READ 23
-#endif
-
-/* Control the ambient capability set */
-#ifndef PR_CAP_AMBIENT
-#define PR_CAP_AMBIENT 47
-#endif
-
-#ifndef PR_CAP_AMBIENT_IS_SET
-#define PR_CAP_AMBIENT_IS_SET 1
-#endif
-
-#ifndef PR_CAP_AMBIENT_RAISE
-#define PR_CAP_AMBIENT_RAISE 2
-#endif
-
-#ifndef PR_CAP_AMBIENT_LOWER
-#define PR_CAP_AMBIENT_LOWER 3
-#endif
-
-#ifndef PR_CAP_AMBIENT_CLEAR_ALL
-#define PR_CAP_AMBIENT_CLEAR_ALL 4
-#endif
-
 int lxc_caps_down(void)
 {
 	cap_t caps;
@@ -321,10 +296,10 @@ static long int _real_caps_last_cap(void)
 	if (fd >= 0) {
 		ssize_t n;
 		char *ptr;
-		char buf[LXC_NUMSTRLEN64 + 1];
+		char buf[INTTYPE_TO_STRLEN(int)];
 
 	again:
-		n = read(fd, buf, LXC_NUMSTRLEN64);
+		n = read(fd, buf, INTTYPE_TO_STRLEN(int));
 		if (n < 0 && errno == EINTR) {
 			goto again;
 		} else if (n >= 0) {

src/lxc/cgroups/cgfsng.c

@@ -55,6 +55,7 @@
 #include "commands.h"
 #include "conf.h"
 #include "log.h"
+#include "macro.h"
 #include "storage/storage.h"
 #include "utils.h"
 
@@ -314,14 +315,14 @@ static char *lxc_cpumask_to_cpulist(uint32_t *bitarr, size_t nbits)
 	int ret;
 	size_t i;
 	char **cpulist = NULL;
-	char numstr[LXC_NUMSTRLEN64] = {0};
+	char numstr[INTTYPE_TO_STRLEN(size_t)] = {0};
 
 	for (i = 0; i <= nbits; i++) {
 		if (!is_set(i, bitarr))
 			continue;
 
-		ret = snprintf(numstr, LXC_NUMSTRLEN64, "%zu", i);
-		if (ret < 0 || (size_t)ret >= LXC_NUMSTRLEN64) {
+		ret = snprintf(numstr, INTTYPE_TO_STRLEN(size_t), "%zu", i);
+		if (ret < 0 || (size_t)ret >= INTTYPE_TO_STRLEN(size_t)) {
 			lxc_free_array((void **)cpulist, free);
 			return NULL;
 		}

src/lxc/commands.c

@@ -1239,7 +1239,7 @@ out_close:
 int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
 {
 	int fd, len, ret;
-	char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = {0};
+	char path[LXC_AUDS_ADDR_LEN] = {0};
 	char *offset = &path[1];
 
 	/* -2 here because this is an abstract unix socket so it needs a

src/lxc/commands.h

@@ -25,17 +25,12 @@
 #define __LXC_COMMANDS_H
 
 #include <stdio.h>
-#include <unistd.h>
 #include <sys/types.h>
+#include <unistd.h>
 
-#include "state.h"
 #include "lxccontainer.h"
-
-#define LXC_CMD_DATA_MAX (MAXPATHLEN * 2)
-
-/* https://developer.gnome.org/glib/2.28/glib-Type-Conversion-Macros.html */
-#define INT_TO_PTR(n) ((void *)(long)(n))
-#define PTR_TO_INT(p) ((int)(long)(p))
+#include "macro.h"
+#include "state.h"
 
 typedef enum {
 	LXC_CMD_CONSOLE,

src/lxc/commands_utils.c

@@ -162,7 +162,7 @@ int lxc_cmd_connect(const char *name, const char *lxcpath,
 		    const char *hashed_sock_name, const char *suffix)
 {
 	int ret, client_fd;
-	char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = {0};
+	char path[LXC_AUDS_ADDR_LEN] = {0};
 	char *offset = &path[1];
 
 	/* -2 here because this is an abstract unix socket so it needs a

src/lxc/compiler.h

+/* liblxcapi
+ *
+ * Copyright © 2018 Christian Brauner <christian.brauner@ubuntu.com>.
+ * Copyright © 2018 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef __LXC_COMPILER_H
+#define __LXC_COMPILER_H
+
+#include "config.h"
+
+#ifndef thread_local
+#if __STDC_VERSION__ >= 201112L &&    \
+    !(defined(__STDC_NO_THREADS__) || \
+      (defined(__GNU_LIBRARY__) && __GLIBC__ == 2 && __GLIBC_MINOR__ < 16))
+#define thread_local _Thread_local
+#else
+#define thread_local __thread
+#endif
+#endif
+
+#endif /* __LXC_COMPILER_H */

src/lxc/conf.c

@@ -125,7 +125,7 @@ lxc_log_define(conf, lxc);
  * This is used in the error calls.
  */
 #ifdef HAVE_TLS
-__thread struct lxc_conf *current_config;
+thread_local struct lxc_conf *current_config;
 #else
 struct lxc_conf *current_config;
 #endif
@@ -2952,7 +2952,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 	 * +
 	 * strlen(" ") = 1
 	 * +
-	 * LXC_NUMSTRLEN64
+	 * INTTYPE_TO_STRLEN(uint32_t)
 	 * +
 	 * strlen(" ") = 1
 	 *
@@ -2960,7 +2960,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 	 * LXC_IDMAPLEN bytes available for our the {g,u]id mapping.
 	 */
 	int ret = 0, gidmap = 0, uidmap = 0;
-	char mapbuf[9 + 1 + LXC_NUMSTRLEN64 + 1 + LXC_IDMAPLEN] = {0};
+	char mapbuf[9 + 1 + INTTYPE_TO_STRLEN(uint32_t) + 1 + LXC_IDMAPLEN] = {0};
 	bool had_entry = false, use_shadow = false;
 	int hostuid, hostgid;
 

src/lxc/conf.h

@@ -38,6 +38,7 @@
 #include <sys/resource.h>
 #endif
 
+#include "compiler.h"
 #include "list.h"
 #include "ringbuf.h"
 #include "start.h" /* for lxc_handler */
@@ -395,7 +396,7 @@ extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
 			    size_t buf_size);
 
 #ifdef HAVE_TLS
-extern __thread struct lxc_conf *current_config;
+extern thread_local struct lxc_conf *current_config;
 #else
 extern struct lxc_conf *current_config;
 #endif

src/lxc/confile.c

@@ -3236,19 +3236,19 @@ static int get_config_idmaps(const char *key, char *retv, int inlen,
  * +
  * sizeof(" ")
  * +
- * sizeof(uint64_t)
+ * sizeof(uint32_t)
  * +
  * sizeof(" ")
  * +
- * sizeof(uint64_t)
+ * sizeof(uint32_t)
  * +
  * sizeof(" ")
  * +
- * sizeof(uint64_t)
+ * sizeof(uint32_t)
  * +
  * \0
  */
-#define __LXC_IDMAP_STR_BUF (3 * LXC_NUMSTRLEN64 + 3 + 1 + 1)
+#define __LXC_IDMAP_STR_BUF (3 * INTTYPE_TO_STRLEN(uint32_t) + 3 + 1 + 1)
 	char buf[__LXC_IDMAP_STR_BUF];
 
 	if (!retv)
@@ -3257,8 +3257,7 @@ static int get_config_idmaps(const char *key, char *retv, int inlen,
 		memset(retv, 0, inlen);
 
 	listlen = lxc_list_len(&c->id_map);
-	lxc_list_for_each(it, &c->id_map)
-	{
+	lxc_list_for_each(it, &c->id_map) {
 		struct id_map *map = it->elem;
 		ret = snprintf(buf, __LXC_IDMAP_STR_BUF, "%c %lu %lu %lu",
 			       (map->idtype == ID_TYPE_UID) ? 'u' : 'g',
@@ -3706,9 +3705,8 @@ static int get_config_prlimit(const char *key, char *retv, int inlen,
 		return -1;
 
 	lxc_list_for_each(it, &c->limits) {
-		char buf[LXC_NUMSTRLEN64 * 2 + 2]; /* 2 colon separated 64 bit
-						      integers or the word
-						      'unlimited' */
+		/* 2 colon separated 64 bit integers or the word 'unlimited' */
+		char buf[INTTYPE_TO_STRLEN(uint64_t) * 2 + 2];
 		int partlen;
 		struct lxc_limit *lim = it->elem;
 

src/lxc/initutils.c

@@ -28,6 +28,7 @@
 #include "initutils.h"
 #include "log.h"
 #include "macro.h"
+#include "compiler.h"
 
 #ifndef HAVE_STRLCPY
 #include "include/strlcpy.h"
@@ -72,9 +73,9 @@ const char *lxc_global_config_value(const char *option_name)
 
 	/* placed in the thread local storage pool for non-bionic targets */
 #ifdef HAVE_TLS
-	static __thread const char *values[sizeof(options) / sizeof(options[0])] = { 0 };
+	static thread_local const char *values[sizeof(options) / sizeof(options[0])] = {0};
 #else
-	static const char *values[sizeof(options) / sizeof(options[0])] = { 0 };
+	static const char *values[sizeof(options) / sizeof(options[0])] = {0};
 #endif
 
 	/* user_config_path is freed as soon as it is used */

src/lxc/log.c

@@ -53,7 +53,7 @@
  * datatype is currently at maximum a 64bit integer, we have a date string that
  * is of maximum length (2^64 - 1) * 2 = (21 + 21) = 42.
  */
-#define LXC_LOG_TIME_SIZE ((LXC_NUMSTRLEN64)*2)
+#define LXC_LOG_TIME_SIZE ((INTTYPE_TO_STRLEN(uint64_t)) * 2)
 
 int lxc_log_fd = -1;
 static int syslog_enable = 0;
@@ -170,7 +170,7 @@ static int lxc_unix_epoch_to_utc(char *buf, size_t bufsize, const struct timespe
 {
 	int64_t epoch_to_days, z, era, doe, yoe, year, doy, mp, day, month,
 	    d_in_s, hours, h_in_s, minutes, seconds;
-	char nanosec[LXC_NUMSTRLEN64];
+	char nanosec[INTTYPE_TO_STRLEN(int64_t)];
 	int ret;
 
 	/* See https://howardhinnant.github.io/date_algorithms.html for an
@@ -247,8 +247,8 @@ static int lxc_unix_epoch_to_utc(char *buf, size_t bufsize, const struct timespe
 	seconds = (time->tv_sec - d_in_s - h_in_s - (minutes * 60));
 
 	/* Make string from nanoseconds. */
-	ret = snprintf(nanosec, LXC_NUMSTRLEN64, "%"PRId64, (int64_t)time->tv_nsec);
-	if (ret < 0 || ret >= LXC_NUMSTRLEN64)
+	ret = snprintf(nanosec, INTTYPE_TO_STRLEN(int64_t), "%"PRId64, (int64_t)time->tv_nsec);
+	if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int64_t))
 		return -1;
 
 	/* Create final timestamp for the log and shorten nanoseconds to 3

src/lxc/lsm/lsm.h

@@ -28,10 +28,9 @@ struct lxc_conf;
 
 #include <sys/types.h>
 
+#include "macro.h"
 #include "utils.h"
 
-#define LXC_LSMATTRLEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
-
 struct lsm_drv {
 	const char *name;
 

src/lxc/lxccontainer.c

@@ -1037,10 +1037,10 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 	 */
 	if (c->pidfile) {
 		int ret, w;
-		char pidstr[LXC_NUMSTRLEN64];
+		char pidstr[INTTYPE_TO_STRLEN(int)];
 
-		w = snprintf(pidstr, LXC_NUMSTRLEN64, "%d", (int)lxc_raw_getpid());
-		if (w < 0 || (size_t)w >= LXC_NUMSTRLEN64) {
+		w = snprintf(pidstr, INTTYPE_TO_STRLEN(int), "%d", (int)lxc_raw_getpid());
+		if (w < 0 || (size_t)w >= INTTYPE_TO_STRLEN(int)) {
 			free_init_cmd(init_cmd);
 			lxc_free_handler(handler);
 

src/lxc/macro.h

@@ -27,15 +27,23 @@
 #include <linux/loop.h>
 #include <linux/netlink.h>
 #include <linux/rtnetlink.h>
+#include <stdint.h>
+#include <string.h>
 #include <sys/mount.h>
 #include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
 
 /* Define __S_ISTYPE if missing from the C library. */
 #ifndef __S_ISTYPE
 #define __S_ISTYPE(mode, mask) (((mode)&S_IFMT) == (mask))
 #endif
 
-#if HAVE_LIBCAP
+/* capabilities */
+#ifndef CAP_SYS_ADMIN
+#define CAP_SYS_ADMIN 21
+#endif
+
 #ifndef CAP_SETFCAP
 #define CAP_SETFCAP 31
 #endif
@@ -47,11 +55,6 @@
 #ifndef CAP_MAC_ADMIN
 #define CAP_MAC_ADMIN 33
 #endif
-#endif
-
-#ifndef PR_CAPBSET_DROP
-#define PR_CAPBSET_DROP 24
-#endif
 
 #ifndef CAP_SETUID
 #define CAP_SETUID 7
@@ -61,25 +64,45 @@
 #define CAP_SETGID 6
 #endif
 
-/* needed for cgroup automount checks, regardless of whether we
- * have included linux/capability.h or not */
-#ifndef CAP_SYS_ADMIN
-#define CAP_SYS_ADMIN 21
+/* prctl */
+#ifndef PR_CAPBSET_READ
+#define PR_CAPBSET_READ 23
 #endif
 
-#ifndef HAVE_DECL_PR_CAPBSET_DROP
+#ifndef PR_CAPBSET_DROP
 #define PR_CAPBSET_DROP 24
 #endif
 
-/* prctl */
-#ifndef HAVE_DECL_PR_SET_NO_NEW_PRIVS
+/* Control the ambient capability set */
+#ifndef PR_CAP_AMBIENT
+#define PR_CAP_AMBIENT 47
+#endif
+
+#ifndef PR_CAP_AMBIENT_IS_SET
+#define PR_CAP_AMBIENT_IS_SET 1
+#endif
+
+#ifndef PR_CAP_AMBIENT_RAISE
+#define PR_CAP_AMBIENT_RAISE 2
+#endif
+
+#ifndef PR_CAP_AMBIENT_LOWER
+#define PR_CAP_AMBIENT_LOWER 3
+#endif
+
+#ifndef PR_CAP_AMBIENT_CLEAR_ALL
+#define PR_CAP_AMBIENT_CLEAR_ALL 4
+#endif
+
+#ifndef PR_SET_NO_NEW_PRIVS
 #define PR_SET_NO_NEW_PRIVS 38
 #endif
 
-#ifndef HAVE_DECL_PR_GET_NO_NEW_PRIVS
+#ifndef PR_GET_NO_NEW_PRIVS
 #define PR_GET_NO_NEW_PRIVS 39
 #endif
 
+/* filesystem magic values */
 #ifndef CGROUP_SUPER_MAGIC
 #define CGROUP_SUPER_MAGIC 0x27e0eb
 #endif
@@ -92,34 +115,55 @@
 #define NSFS_MAGIC 0x6e736673
 #endif
 
-/* We have two different magic values for overlayfs, yay. */
+/* current overlayfs */
+#ifndef OVERLAY_SUPER_MAGIC
+#define OVERLAY_SUPER_MAGIC 0x794c7630
+#endif
+
+/* legacy overlayfs */
 #ifndef OVERLAYFS_SUPER_MAGIC
 #define OVERLAYFS_SUPER_MAGIC 0x794c764f
 #endif
 
-#ifndef OVERLAY_SUPER_MAGIC
-#define OVERLAY_SUPER_MAGIC 0x794c7630
-#endif
+/* Calculate the number of chars needed to represent a given integer as a C
+ * string. Include room for '-' to indicate negative numbers and the \0 byte.
+ * This is based on systemd.
+ */
+#define INTTYPE_TO_STRLEN(type)                   \
+	(2 + (sizeof(type) <= 1                   \
+		  ? 3                             \
+		  : sizeof(type) <= 2             \
+			? 5                       \
+			: sizeof(type) <= 4       \
+			      ? 10                \
+			      : sizeof(type) <= 8 \
+				    ? 20          \
+				    : sizeof(int[-2 * (sizeof(type) > 8)])))
 
 /* Useful macros */
-/* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */
-#define LXC_NUMSTRLEN64 21
 #define LXC_LINELEN 4096
 #define LXC_IDMAPLEN 4096
 #define LXC_MAX_BUFFER 4096
+
 /* /proc/       =    6
  *                +
- * <pid-as-str> =   LXC_NUMSTRLEN64
+ * <pid-as-str> =   INTTYPE_TO_STRLEN(pid_t)
  *                +
  * /fd/         =    4
  *                +
- * <fd-as-str>  =   LXC_NUMSTRLEN64
+ * <fd-as-str>  =   INTTYPE_TO_STRLEN(int)
  *                +
  * \0           =    1
  */
-#define LXC_PROC_PID_FD_LEN (6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1)
-/* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */
-#define LXC_PROC_STATUS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
+#define LXC_PROC_PID_FD_LEN (6 + INTTYPE_TO_STRLEN(pid_t) + 4 + INTTYPE_TO_STRLEN(int) + 1)
+
+/* /proc/pid-to-str/status\0 = (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) */
+#define LXC_PROC_STATUS_LEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1)
+
+/* /proc/pid-to-str/attr/current = (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) */
+#define LXC_LSMATTRLEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1)
+
+#define LXC_CMD_DATA_MAX (MAXPATHLEN * 2)
 
 /* loop devices */
 #ifndef LO_FLAGS_AUTOCLEAR
@@ -155,14 +199,15 @@
  * though, hence the two different methods.
  */
 #ifndef __OPTIMIZE__
-#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)]))
+#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2 * !!(condition)]))
 #else
 extern int __build_bug_on_failed;
-#define BUILD_BUG_ON(condition)					\
-	do {							\
-		((void)sizeof(char[1 - 2*!!(condition)]));	\
-		if (condition) __build_bug_on_failed = 1;	\
-	} while(0)
+#define BUILD_BUG_ON(condition)                              \
+	do {                                                 \
+		((void)sizeof(char[1 - 2 * !!(condition)])); \
+		if (condition)                               \
+			__build_bug_on_failed = 1;           \
+	} while (0)
 #endif
 
 #define lxc_iterate_parts(__iterator, __splitme, __separators)                  \
@@ -237,6 +282,9 @@ extern int __build_bug_on_failed;
 #define MACVLAN_MODE_PASSTHRU 8
 #endif
 
+/* Length of abstract unix domain socket socket address. */
+#define LXC_AUDS_ADDR_LEN sizeof(((struct sockaddr_un *)0)->sun_path)
+
 /* mount */
 #ifndef MS_REC
 #define MS_REC 16384
@@ -260,4 +308,8 @@ extern int __build_bug_on_failed;
 #define SOCK_CLOEXEC 02000000
 #endif
 
+/* pointer conversion macros */
+#define PTR_TO_INT(p) ((int)((intptr_t)(p)))
+#define INT_TO_PTR(u) ((void *)((intptr_t)(u)))
+
 #endif /* __LXC_MACRO_H */

src/lxc/monitor.c

@@ -46,6 +46,7 @@
 #include "error.h"
 #include "log.h"
 #include "lxclock.h"
+#include "macro.h"
 #include "monitor.h"
 #include "state.h"
 #include "utils.h"
@@ -299,7 +300,7 @@ int lxc_monitord_spawn(const char *lxcpath)
 {
 	int ret;
 	int pipefd[2];
-	char pipefd_str[LXC_NUMSTRLEN64];
+	char pipefd_str[INTTYPE_TO_STRLEN(int)];
 	pid_t pid1, pid2;
 
 	char *const args[] = {
@@ -370,8 +371,8 @@ int lxc_monitord_spawn(const char *lxcpath)
 
 	close(pipefd[0]);
 
-	ret = snprintf(pipefd_str, LXC_NUMSTRLEN64, "%d", pipefd[1]);
-	if (ret < 0 || ret >= LXC_NUMSTRLEN64) {
+	ret = snprintf(pipefd_str, INTTYPE_TO_STRLEN(int), "%d", pipefd[1]);
+	if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int)) {
 		ERROR("Failed to create pid argument to pass to monitord.");
 		_exit(EXIT_FAILURE);
 	}

src/lxc/network.c

@@ -49,6 +49,7 @@
 #include "conf.h"
 #include "config.h"
 #include "log.h"
+#include "macro.h"
 #include "network.h"
 #include "nl.h"
 #include "utils.h"
@@ -2102,7 +2103,7 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna
 	if (child == 0) {
 		int ret;
 		size_t retlen;
-		char pidstr[LXC_NUMSTRLEN64];
+		char pidstr[INTTYPE_TO_STRLEN(pid_t)];
 
 		close(pipefd[0]);
 
@@ -2124,10 +2125,10 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna
 			_exit(EXIT_FAILURE);
 		}
 
-		ret = snprintf(pidstr, LXC_NUMSTRLEN64, "%d", pid);
-		if (ret < 0 || ret >= LXC_NUMSTRLEN64)
+		ret = snprintf(pidstr, sizeof(pidstr), "%d", pid);
+		if (ret < 0 || ret >= sizeof(pidstr))
 			_exit(EXIT_FAILURE);
-		pidstr[LXC_NUMSTRLEN64 - 1] = '\0';
+		pidstr[sizeof(pidstr) - 1] = '\0';
 
 		INFO("Execing lxc-user-nic create %s %s %s veth %s %s", lxcpath,
 		     lxcname, pidstr, netdev_link,
@@ -2329,15 +2330,15 @@ bool lxc_delete_network_unpriv(struct lxc_handler *handler)
 	struct lxc_list *network = &handler->conf->network;
 	/* strlen("/proc/") = 6
 	 * +
-	 * LXC_NUMSTRLEN64
+	 * INTTYPE_TO_STRLEN(pid_t)
 	 * +
 	 * strlen("/fd/") = 4
 	 * +
-	 * LXC_NUMSTRLEN64
+	 * INTTYPE_TO_STRLEN(int)
 	 * +
 	 * \0
 	 */
-	char netns_path[6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1];
+	char netns_path[6 + INTTYPE_TO_STRLEN(pid_t) + 4 + INTTYPE_TO_STRLEN(int) + 1];
 
 	*netns_path = '\0';
 

src/lxc/parse.c

@@ -21,9 +21,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
-#define _GNU_SOURCE
+#include "config.h"
+
 #include <stdio.h>
-#undef _GNU_SOURCE
 #include <dirent.h>
 #include <errno.h>
 #include <stdlib.h>
@@ -31,7 +31,6 @@
 #include <sys/mman.h>
 
 #include "parse.h"
-#include "config.h"
 #include "utils.h"
 #include "log.h"
 

src/lxc/start.c

@@ -53,18 +53,6 @@
 #include <sys/capability.h>
 #endif
 
-#if !HAVE_DECL_PR_CAPBSET_DROP
-#define PR_CAPBSET_DROP 24
-#endif
-
-#if !HAVE_DECL_PR_SET_NO_NEW_PRIVS
-#define PR_SET_NO_NEW_PRIVS 38
-#endif
-
-#if !HAVE_DECL_PR_GET_NO_NEW_PRIVS
-#define PR_GET_NO_NEW_PRIVS 39
-#endif
-
 #include "af_unix.h"
 #include "caps.h"
 #include "cgroup.h"
@@ -79,6 +67,7 @@
 #include "lxccontainer.h"
 #include "lxclock.h"
 #include "lxcseccomp.h"
+#include "macro.h"
 #include "mainloop.h"
 #include "monitor.h"
 #include "namespace.h"

src/lxc/string_utils.c

@@ -43,6 +43,7 @@
 
 #include "log.h"
 #include "lxclock.h"
+#include "macro.h"
 #include "namespace.h"
 #include "parse.h"
 #include "string_utils.h"
@@ -678,7 +679,7 @@ int lxc_safe_uint64(const char *numstr, uint64_t *converted, int base)
 
 	errno = 0;
 	u = strtoull(numstr, &err, base);
-	if (errno == ERANGE && u == ULLONG_MAX)
+	if (errno == ERANGE && u == UINT64_MAX)
 		return -ERANGE;
 
 	if (err == numstr || *err != '\0')
@@ -860,7 +861,7 @@ int parse_byte_size_string(const char *s, int64_t *converted)
 	long long int conv;
 	int64_t mltpl, overflow;
 	char *end;
-	char dup[LXC_NUMSTRLEN64 + 2];
+	char dup[INTTYPE_TO_STRLEN(int64_t)];
 	char suffix[3] = {0};
 
 	if (!s || !strcmp(s, ""))

src/lxc/tools/lxc_monitor.c

@@ -47,6 +47,7 @@
 #include "af_unix.h"
 #include "arguments.h"
 #include "log.h"
+#include "macro.h"
 #include "monitor.h"
 #include "state.h"
 #include "utils.h"
@@ -156,7 +157,7 @@ static int lxc_tool_monitord_spawn(const char *lxcpath)
 {
 	int ret;
 	int pipefd[2];
-	char pipefd_str[LXC_NUMSTRLEN64];
+	char pipefd_str[INTTYPE_TO_STRLEN(int)];
 	pid_t pid1, pid2;
 
 	char *const args[] = {
@@ -223,8 +224,8 @@ static int lxc_tool_monitord_spawn(const char *lxcpath)
 
 	close(pipefd[0]);
 
-	ret = snprintf(pipefd_str, LXC_NUMSTRLEN64, "%d", pipefd[1]);
-	if (ret < 0 || ret >= LXC_NUMSTRLEN64) {
+	ret = snprintf(pipefd_str, INTTYPE_TO_STRLEN(int), "%d", pipefd[1]);
+	if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int)) {
 		ERROR("Failed to create pid argument to pass to monitord");
 		_exit(EXIT_FAILURE);
 	}

src/lxc/utils.c

@@ -1157,7 +1157,7 @@ int lxc_mount_proc_if_needed(const char *rootfs)
 {
 	char path[MAXPATHLEN];
 	int link_to_pid, linklen, mypid, ret;
-	char link[LXC_NUMSTRLEN64] = {0};
+	char link[INTTYPE_TO_STRLEN(pid_t)] = {0};
 
 	ret = snprintf(path, MAXPATHLEN, "%s/proc/self", rootfs);
 	if (ret < 0 || ret >= MAXPATHLEN) {
@@ -1165,7 +1165,7 @@ int lxc_mount_proc_if_needed(const char *rootfs)
 		return -1;
 	}
 
-	linklen = readlink(path, link, LXC_NUMSTRLEN64);
+	linklen = readlink(path, link, INTTYPE_TO_STRLEN(pid_t));
 
 	ret = snprintf(path, MAXPATHLEN, "%s/proc", rootfs);
 	if (ret < 0 || ret >= MAXPATHLEN) {
@@ -1179,7 +1179,7 @@ int lxc_mount_proc_if_needed(const char *rootfs)
 			return -1;
 
 		goto domount;
-	} else if (linklen >= LXC_NUMSTRLEN64) {
+	} else if (linklen >= INTTYPE_TO_STRLEN(pid_t)) {
 		link[linklen - 1] = '\0';
 		ERROR("readlink returned truncated content: \"%s\"", link);
 		return -1;
@@ -1260,7 +1260,7 @@ int null_stdfds(void)
 
 /* Check whether a signal is blocked by a process. */
 /* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */
-#define __PROC_STATUS_LEN (6 + (LXC_NUMSTRLEN64) + 7 + 1)
+#define __PROC_STATUS_LEN (6 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1)
 bool task_blocks_signal(pid_t pid, int signal)
 {
 	int ret;

src/tests/lxc-test-utils.c

@@ -39,6 +39,7 @@
 #include <unistd.h>
 
 #include "lxctest.h"
+#include "macro.h"
 #include "utils.h"
 
 void test_lxc_deslashify(void)
@@ -81,7 +82,7 @@ void test_lxc_deslashify(void)
 }
 
 /* /proc/int_as_str/ns/mnt\0 = (5 + 21 + 7 + 1) */
-#define __MNTNS_LEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
+#define __MNTNS_LEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1)
 void test_detect_ramfs_rootfs(void)
 {
 	size_t i;
@@ -246,19 +247,19 @@ void test_lxc_safe_uint(void)
 {
 	int ret;
 	unsigned int n;
-	char numstr[LXC_NUMSTRLEN64];
+	char numstr[INTTYPE_TO_STRLEN(uint64_t)];
 
 	lxc_test_assert_abort((-EINVAL == lxc_safe_uint("    -123", &n)));
 	lxc_test_assert_abort((-EINVAL == lxc_safe_uint("-123", &n)));
 
-	ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRIu64, (uint64_t)UINT_MAX);
-	if (ret < 0 || ret >= LXC_NUMSTRLEN64)
+	ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)UINT_MAX);
+	if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t))
 		exit(EXIT_FAILURE);
 
 	lxc_test_assert_abort((0 == lxc_safe_uint(numstr, &n)) && n == UINT_MAX);
 
-	ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRIu64, (uint64_t)UINT_MAX + 1);
-	if (ret < 0 || ret >= LXC_NUMSTRLEN64)
+	ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)UINT_MAX + 1);
+	if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t))
 		exit(EXIT_FAILURE);
 
 	lxc_test_assert_abort((-ERANGE == lxc_safe_uint(numstr, &n)));
@@ -282,28 +283,28 @@ void test_lxc_safe_int(void)
 {
 	int ret;
 	signed int n;
-	char numstr[LXC_NUMSTRLEN64];
+	char numstr[INTTYPE_TO_STRLEN(uint64_t)];
 
-	ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRIu64, (uint64_t)INT_MAX);
-	if (ret < 0 || ret >= LXC_NUMSTRLEN64)
+	ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)INT_MAX);
+	if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t))
 		exit(EXIT_FAILURE);
 
 	lxc_test_assert_abort((0 == lxc_safe_int(numstr, &n)) && n == INT_MAX);
 
-	ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRIu64, (uint64_t)INT_MAX + 1);
-	if (ret < 0 || ret >= LXC_NUMSTRLEN64)
+	ret = snprintf(numstr, INTTYPE_TO_STRLEN(uint64_t), "%" PRIu64, (uint64_t)INT_MAX + 1);
+	if (ret < 0 || ret >= INTTYPE_TO_STRLEN(uint64_t))
 		exit(EXIT_FAILURE);
 
 	lxc_test_assert_abort((-ERANGE == lxc_safe_int(numstr, &n)));
 
-	ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRId64, (int64_t)INT_MIN);
-	if (ret < 0 || ret >= LXC_NUMSTRLEN64)
+	ret = snprintf(numstr, INTTYPE_TO_STRLEN(int64_t), "%" PRId64, (int64_t)INT_MIN);
+	if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int64_t))
 		exit(EXIT_FAILURE);
 
 	lxc_test_assert_abort((0 == lxc_safe_int(numstr, &n)) && n == INT_MIN);
 
-	ret = snprintf(numstr, LXC_NUMSTRLEN64, "%" PRId64, (int64_t)INT_MIN - 1);
-	if (ret < 0 || ret >= LXC_NUMSTRLEN64)
+	ret = snprintf(numstr, INTTYPE_TO_STRLEN(int64_t), "%" PRId64, (int64_t)INT_MIN - 1);
+	if (ret < 0 || ret >= INTTYPE_TO_STRLEN(int64_t))
 		exit(EXIT_FAILURE);
 
 	lxc_test_assert_abort((-ERANGE == lxc_safe_int(numstr, &n)));