cmd/{snap-confine,libsnap-confine-private,snap-shutdown}: cleanup low-level C bits

[bboozzoo]

This is a series of cleanups for low level C bits. Notable changes is that warning flags are more strict than they used to be. Namely -Wextra is included now (-Wall is only half of warnings one usually wants) plus some exceptions for warnings that gcc and clang are a bit over eager to raise.

The cleanups come from building with warning flags enabled, and separate runs with clang 5.0.0 and sparse 0.5.1.

I've also ran some tests locally with asan and ubsan. Both were ok.

This is only the first part of cleanups. We should aim to integrate at least clang builds into the CI pipeline.

[codecov-io]

Codecov Report

Merging #4153 into master will decrease coverage by <.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #4153      +/-   ##
==========================================
- Coverage   75.38%   75.38%   -0.01%     
==========================================
  Files         435      435              
  Lines       37724    37724              
==========================================
- Hits        28439    28437       -2     
- Misses       7296     7298       +2     
  Partials     1989     1989

Impacted Files	Coverage Δ
overlord/ifacestate/helpers.go	59.6% <0%> (-0.67%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4839a7d...f352040. Read the comment docs.

[zyga]

Small tweak, otherwise LGTM

As discussed on IRC I think this will bitrot unless we go and actually test a clang-based build. I know you are doing that already.

[zyga]

Gentoo has a policy where those are not added automatically as they tend to break good builds due to new compiler releases. I was wondering if those flags should not be in the unit tests, and instead we could resort to perhaps, just, -Wall

[bboozzoo]

Interesting, do you know if they push -Werror by default? Just having the warnings enabled should not cause build failures.

[zyga]

please change to static void cleanup_fn(int *ptr)

[bboozzoo]

Thanks. I noticed that CHECK_CFLAGS were not set for libsnap-confine-private.a and its unit tests at all, will be fixing this right now.

[zyga]

Two extra suggestions.

[zyga]

Maybe we could just run autogen.sh, this would handle the case of what arguments to pass?

[bboozzoo]

Ack.

[zyga]

I think we now enable seccomp even if apparmor is not enabled.

[bboozzoo]

This is fixed now, we'll calling autogen.sh so it will set whatever flags we have there for any particular platform.

[mvo5]

Thanks for taking this on. I added comments inline, I like the fact that the "int" vs "size_t" issues got cleaned up and there are some other nice fixes. I'm not so sure about f() -> f(void). I understand the technical reason behind it but it makes me sad and I wish there was a way to say -std=c11-dont-be-silly to avoid the need for this.

[mvo5]

I dislike that this needs to be done :/ That is one of my complains about C (one of many ;) - the fact that K&R C from ~1879 requires us to nowdays write clunky (void) like this. Oh well.

[bboozzoo]

I guess you meant 1978, although it does feel like 19th century by modern standards :)

[mvo5]

\o/

[mvo5]

\o/

[mvo5]

\o/

[bboozzoo]

Noticed that there were no CFLAGS being set for libsnap-confine-private.a. Will be pushing a patch shortly.