Fix build after 47e5b5ae3262f140955abd57bbb13337c65a3497

The patch described above introduced two problems caught by the compiler
and thus breaking the build.

One of the problems was comparison of unsigned with < 0 and the second
one jumped a variable init.

diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 572caca9a4de5536bcd795603c312896913b4c4d..1e96d72e15c21e2b89065cad36b75ebb357a1d34 100644 (file)
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -337,6 +337,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
 static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def,
                                       virCgroupPtr cgroup)
 {
+    int capMknod = def->caps_features[VIR_DOMAIN_CAPS_FEATURE_MKNOD];
     int ret = -1;
     size_t i;
     static virLXCCgroupDevicePolicy devices[] = {
@@ -354,7 +355,6 @@ static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def,
         goto cleanup;
 
     /* white list mknod if CAP_MKNOD has to be kept */
-    int capMknod = def->caps_features[VIR_DOMAIN_CAPS_FEATURE_MKNOD];
     if (capMknod == VIR_DOMAIN_FEATURE_STATE_ON) {
         if (virCgroupAllowAllDevices(cgroup,
                                     VIR_CGROUP_DEVICE_MKNOD) < 0)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 49028bea65aa34997ee7df898f076cbb0e4ca680..81ef9613cc3d662f45a66cac918ddb5c8934b398 100644 (file)
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1899,43 +1899,43 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def,
     int policy = def->features[VIR_DOMAIN_FEATURE_CAPABILITIES];
 
     /* Maps virDomainCapsFeature to CAPS_* */
-    static unsigned int capsMapping[] = {CAP_AUDIT_CONTROL,
-                                         CAP_AUDIT_WRITE,
-                                         CAP_BLOCK_SUSPEND,
-                                         CAP_CHOWN,
-                                         CAP_DAC_OVERRIDE,
-                                         CAP_DAC_READ_SEARCH,
-                                         CAP_FOWNER,
-                                         CAP_FSETID,
-                                         CAP_IPC_LOCK,
-                                         CAP_IPC_OWNER,
-                                         CAP_KILL,
-                                         CAP_LEASE,
-                                         CAP_LINUX_IMMUTABLE,
-                                         CAP_MAC_ADMIN,
-                                         CAP_MAC_OVERRIDE,
-                                         CAP_MKNOD,
-                                         CAP_NET_ADMIN,
-                                         CAP_NET_BIND_SERVICE,
-                                         CAP_NET_BROADCAST,
-                                         CAP_NET_RAW,
-                                         CAP_SETGID,
-                                         CAP_SETFCAP,
-                                         CAP_SETPCAP,
-                                         CAP_SETUID,
-                                         CAP_SYS_ADMIN,
-                                         CAP_SYS_BOOT,
-                                         CAP_SYS_CHROOT,
-                                         CAP_SYS_MODULE,
-                                         CAP_SYS_NICE,
-                                         CAP_SYS_PACCT,
-                                         CAP_SYS_PTRACE,
-                                         CAP_SYS_RAWIO,
-                                         CAP_SYS_RESOURCE,
-                                         CAP_SYS_TIME,
-                                         CAP_SYS_TTY_CONFIG,
-                                         CAP_SYSLOG,
-                                         CAP_WAKE_ALARM};
+    static int capsMapping[] = {CAP_AUDIT_CONTROL,
+                                CAP_AUDIT_WRITE,
+                                CAP_BLOCK_SUSPEND,
+                                CAP_CHOWN,
+                                CAP_DAC_OVERRIDE,
+                                CAP_DAC_READ_SEARCH,
+                                CAP_FOWNER,
+                                CAP_FSETID,
+                                CAP_IPC_LOCK,
+                                CAP_IPC_OWNER,
+                                CAP_KILL,
+                                CAP_LEASE,
+                                CAP_LINUX_IMMUTABLE,
+                                CAP_MAC_ADMIN,
+                                CAP_MAC_OVERRIDE,
+                                CAP_MKNOD,
+                                CAP_NET_ADMIN,
+                                CAP_NET_BIND_SERVICE,
+                                CAP_NET_BROADCAST,
+                                CAP_NET_RAW,
+                                CAP_SETGID,
+                                CAP_SETFCAP,
+                                CAP_SETPCAP,
+                                CAP_SETUID,
+                                CAP_SYS_ADMIN,
+                                CAP_SYS_BOOT,
+                                CAP_SYS_CHROOT,
+                                CAP_SYS_MODULE,
+                                CAP_SYS_NICE,
+                                CAP_SYS_PACCT,
+                                CAP_SYS_PTRACE,
+                                CAP_SYS_RAWIO,
+                                CAP_SYS_RESOURCE,
+                                CAP_SYS_TIME,
+                                CAP_SYS_TTY_CONFIG,
+                                CAP_SYSLOG,
+                                CAP_WAKE_ALARM};
 
     capng_get_caps_process();