lsm: fix integer comparisons

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2025-08-30 12:22:02 +00:00 · 2021-09-03 10:01:51 +02:00 · 2021-09-03 10:01:51 +02:00 · 961878dac1
commit 961878dac1
parent 7e5a9e11e4
2 changed files with 4 additions and 5 deletions
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@ -406,7 +406,7 @@ static int __apparmor_process_label_open(struct lsm_ops *ops, pid_t pid, int o_f
 	/* first try the apparmor subdir */
 	ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/apparmor/current", pid);
-	if (ret < 0 || ret >= LXC_LSMATTRLEN)
+	if (ret < 0 || (size_t)ret >= LXC_LSMATTRLEN)
 		return -1;
 	labelfd = open(path, o_flags);
@ -417,7 +417,7 @@ static int __apparmor_process_label_open(struct lsm_ops *ops, pid_t pid, int o_f
 	/* fallback to legacy global attr directory */
 	ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/current", pid);
-	if (ret < 0 || ret >= LXC_LSMATTRLEN)
+	if (ret < 0 || (size_t)ret >= LXC_LSMATTRLEN)
 		return -1;
 	labelfd = open(path, o_flags);
@ -721,13 +721,12 @@ static void append_all_remount_rules(char **profile, size_t *size)
 	const size_t buf_append_pos = strlen(buf);
 	const size_t opt_count = ARRAY_SIZE(REMOUNT_OPTIONS);
 	size_t opt_bits;
 	must_append_sized(profile, size,
 			  "# allow various ro-bind-*re*mounts\n",
 			  sizeof("# allow various ro-bind-*re*mounts\n")-1);
-	for (opt_bits = 0; opt_bits != 1 << opt_count; ++opt_bits) {
+	for (size_t opt_bits = 0; opt_bits != (size_t)1 << opt_count; ++opt_bits) {
 		size_t at = buf_append_pos;
 		unsigned bit = 1;
 		size_t o;
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@ -136,7 +136,7 @@ static int selinux_process_label_fd_get(struct lsm_ops *ops, pid_t pid, bool on_
 		ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/exec", pid);
 	else
 		ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/current", pid);
-	if (ret < 0 || ret >= LXC_LSMATTRLEN)
+	if (ret < 0 || (size_t)ret >= LXC_LSMATTRLEN)
 		return -1;
 	labelfd = open(path, O_RDWR);