For list configuration entries like capabilities and cgroups entries, if there is a 'key =' value (i.e. "lxc.cap.drop =") then clear any loaded entries.
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> --- src/lxc/conf.h | 1 + src/lxc/confile.c | 23 ++++++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/lxc/conf.h b/src/lxc/conf.h index 84ffb20..f272c91 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -353,6 +353,7 @@ extern int lxc_clear_config_keepcaps(struct lxc_conf *c); extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key); extern int lxc_clear_mount_entries(struct lxc_conf *c); extern int lxc_clear_hooks(struct lxc_conf *c, const char *key); +extern int lxc_clear_idmaps(struct lxc_conf *c); /* * Configure the container from inside diff --git a/src/lxc/confile.c b/src/lxc/confile.c index bbb92dd..835153b 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -295,6 +295,9 @@ static int config_network_type(const char *key, const char *value, struct lxc_netdev *netdev; struct lxc_list *list; + if (!value || strlen(value) == 0) + return lxc_clear_config_network(lxc_conf); + netdev = malloc(sizeof(*netdev)); if (!netdev) { SYSERROR("failed to allocate memory"); @@ -865,7 +868,12 @@ static int config_seccomp(const char *key, const char *value, static int config_hook(const char *key, const char *value, struct lxc_conf *lxc_conf) { - char *copy = strdup(value); + char *copy; + + if (!value || strlen(value) == 0) + return lxc_clear_hooks(lxc_conf, key); + + copy = strdup(value); if (!copy) { SYSERROR("failed to dup string '%s'", value); return -1; @@ -1062,6 +1070,9 @@ static int config_cgroup(const char *key, const char *value, struct lxc_list *cglist = NULL; struct lxc_cgroup *cgelem = NULL; + if (!value || strlen(value) == 0) + return lxc_clear_cgroups(lxc_conf, key); + subkey = strstr(key, token); if (!subkey) @@ -1123,6 +1134,9 @@ static int config_idmap(const char *key, const char *value, struct lxc_conf *lxc char type; int ret; + if (!value || strlen(value) == 0) + return lxc_clear_idmaps(lxc_conf); + subkey = strstr(key, token); if (!subkey) @@ -1250,6 +1264,9 @@ static int config_mount(const char *key, const char *value, char *mntelem; struct lxc_list *mntlist; + if (!value || strlen(value) == 0) + return lxc_clear_mount_entries(lxc_conf); + subkey = strstr(key, token); if (!subkey) { @@ -1294,7 +1311,7 @@ static int config_cap_keep(const char *key, const char *value, int ret = -1; if (!strlen(value)) - return -1; + return lxc_clear_config_keepcaps(lxc_conf); keepcaps = strdup(value); if (!keepcaps) { @@ -1340,7 +1357,7 @@ static int config_cap_drop(const char *key, const char *value, int ret = -1; if (!strlen(value)) - return -1; + return lxc_clear_config_caps(lxc_conf); dropcaps = strdup(value); if (!dropcaps) { -- 1.8.3.2 ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel