lockc-project · vadorovsky · Jan 31, 2022 · Jan 31, 2022
diff --git a/lockc/build.rs b/lockc/build.rs
@@ -80,7 +80,7 @@ fn build_ebpf<P: Clone + AsRef<Path>>(out_path: P, include_path: P) -> Result<()
     println!("cargo:rerun-if-changed={}", HEADER_STRUTILS);
     println!("cargo:rerun-if-changed={}", MODULE_BPF);
 
-    extract_libbpf_headers(include_path.clone())?;
+    extract_libbpf_headers(&include_path)?;
 
     let bpf_dir = Path::new("src").join("bpf");
     let src = bpf_dir.join("lockc.bpf.c");
@@ -143,11 +143,11 @@ fn generate_bindings<P: AsRef<Path>>(out_path: P) -> Result<()> {
 fn main() -> Result<()> {
     let out_path = PathBuf::from(env::var("OUT_DIR")?);
     let include_path = out_path.join("include");
-    fs::create_dir_all(include_path.clone())?;
+    fs::create_dir_all(&include_path)?;
 
-    generate_vmlinux(include_path.clone())?;
-    build_ebpf(out_path.clone(), include_path)?;
-    generate_bindings(out_path)?;
+    generate_vmlinux(&include_path)?;
+    build_ebpf(&out_path, &include_path)?;
+    generate_bindings(&out_path)?;
 
     Ok(())
 }
diff --git a/lockc/src/bin/lockcd.rs b/lockc/src/bin/lockcd.rs
@@ -58,7 +58,7 @@ async fn ebpf(
 
     std::fs::create_dir_all(&path_base)?;
 
-    let mut bpf = load_bpf(path_base.clone())?;
+    let mut bpf = load_bpf(&path_base)?;
 
     init_allowed_paths(&mut bpf)?;
     debug!("allowed paths initialized");

diff --git a/lockc/src/runc.rs b/lockc/src/runc.rs
@@ -46,7 +46,7 @@ enum KubernetesContainerType {
     Unknown,
 }
 
-fn kubernetes_type(annotations: HashMap<String, String>) -> KubernetesContainerType {
+fn kubernetes_type(annotations: &HashMap<String, String>) -> KubernetesContainerType {
     if annotations.contains_key(ANNOTATION_CONTAINERD_LOG_DIRECTORY) {
         return KubernetesContainerType::ContainerdMain;
     } else if annotations.contains_key(ANNOTATION_CONTAINERD_SANDBOX_ID) {
@@ -95,7 +95,7 @@ fn container_type_data<P: AsRef<std::path::Path>>(
 ) -> Result<(ContainerType, Option<std::string::String>), ContainerError> {
     let bundle_path = container_bundle.as_ref();
     let config_path = bundle_path.join("config.json");
-    let f = fs::File::open(config_path.clone())?;
+    let f = fs::File::open(&config_path)?;
     let r = io::BufReader::new(f);
 
     let config: ContainerConfig = serde_json::from_reader(r)?;
@@ -107,7 +107,7 @@ fn container_type_data<P: AsRef<std::path::Path>>(
             config = ?config_path,
             "detected kubernetes container",
         );
-        match kubernetes_type(annotations.clone()) {
+        match kubernetes_type(&annotations) {
             KubernetesContainerType::ContainerdMain => {
                 // containerd doesn't expose k8s namespaces directly. They have
                 // to be parsed from the log directory path, where the first

diff --git a/lockc/src/sysutils.rs b/lockc/src/sysutils.rs
@@ -40,18 +40,18 @@ mod tests {
     fn check_bpf_lsm_enabled_when_correct() {
         let dir = tempdir().unwrap();
         let sys_lsm_path = dir.path().join("lsm");
-        let mut f = File::create(sys_lsm_path.clone()).unwrap();
+        let mut f = File::create(&sys_lsm_path).unwrap();
         f.write_all(b"lockdown,capability,bpf").unwrap();
-        assert!(check_bpf_lsm_enabled(sys_lsm_path).is_ok());
+        assert!(check_bpf_lsm_enabled(&sys_lsm_path).is_ok());
     }
 
     #[test]
     fn check_bpf_lsm_enabled_should_return_error() {
         let dir = tempdir().unwrap();
         let sys_lsm_path = dir.path().join("lsm");
-        let mut f = File::create(sys_lsm_path.clone()).unwrap();
+        let mut f = File::create(&sys_lsm_path).unwrap();
         f.write_all(b"lockdown,capability,selinux").unwrap();
-        let res = check_bpf_lsm_enabled(sys_lsm_path);
+        let res = check_bpf_lsm_enabled(&sys_lsm_path);
         assert!(res.is_err());
         assert!(matches!(res.unwrap_err(), CheckBpfLsmError::BpfLsmDisabled));
     }

diff --git a/xtask/src/bintar.rs b/xtask/src/bintar.rs
@@ -50,9 +50,9 @@ impl BinTar {
         .do_install()?;
 
         let tar_gz_path = Path::new("target")
-            .join(self.opts.profile.clone())
+            .join(&self.opts.profile)
             .join("lockc.tar.gz");
-        let tar_gz = File::create(tar_gz_path.clone())?;
+        let tar_gz = File::create(&tar_gz_path)?;
         let enc = GzEncoder::new(tar_gz, Compression::default());
         let mut tar = tar::Builder::new(enc);
         tar.append_dir_all("", dir.path())?;

diff --git a/xtask/src/install.rs b/xtask/src/install.rs
@@ -20,15 +20,15 @@ enum EscalateIfNotOwnedError {
     SudoError,
 }
 
-fn mkdir_if_not_exists(p: path::PathBuf) -> Result<(), io::Error> {
+fn mkdir_if_not_exists(p: &path::Path) -> Result<(), io::Error> {
     if !p.exists() {
         fs::create_dir_all(p)?;
     }
 
     Ok(())
 }
 
-fn escalate_if_not_owned(p: path::PathBuf) -> Result<(), EscalateIfNotOwnedError> {
+fn escalate_if_not_owned(p: &path::Path) -> Result<(), EscalateIfNotOwnedError> {
     if p.metadata()?.uid() == 0 {
         match sudo::escalate_if_needed() {
             Ok(_) => {}
@@ -215,12 +215,12 @@ impl Installer {
     }
 
     fn install_binaries(&self) -> Result<(), InstallBinariesError> {
-        let bindir_full = self.install_dirs.bindir_full.clone();
+        let bindir_full = &self.install_dirs.bindir_full;
 
-        mkdir_if_not_exists(bindir_full.clone())?;
-        escalate_if_not_owned(bindir_full.clone())?;
+        mkdir_if_not_exists(bindir_full)?;
+        escalate_if_not_owned(bindir_full)?;
 
-        let target_path = path::Path::new("target").join(self.opts.profile.clone());
+        let target_path = path::Path::new("target").join(&self.opts.profile);
         if !target_path.exists() {
             return Err(InstallBinariesError::NotBuilt);
         }
@@ -256,10 +256,10 @@ impl Installer {
     }
 
     fn install_config(&self) -> Result<(), InstallConfigError> {
-        let sysconfdir_full = self.install_dirs.sysconfdir_full.clone();
+        let sysconfdir_full = &self.install_dirs.sysconfdir_full;
 
-        mkdir_if_not_exists(sysconfdir_full.clone())?;
-        escalate_if_not_owned(sysconfdir_full.clone())?;
+        mkdir_if_not_exists(sysconfdir_full)?;
+        escalate_if_not_owned(sysconfdir_full)?;
 
         let config_path = path::Path::new("contrib").join("etc");
         if !config_path.exists() {
@@ -282,7 +282,7 @@ impl Installer {
 
     fn __install_and_template_units(
         &self,
-        unit_path: path::PathBuf,
+        unit_path: &path::Path,
         file_name: &OsStr,
     ) -> Result<(), InstallUnitsError> {
         // Remove ".in" suffix.
@@ -298,7 +298,7 @@ impl Installer {
             &Context::from_serialize(&self.install_dirs)?,
         )?;
 
-        let mut file_dst = fs::File::create(path_dest.clone())?;
+        let mut file_dst = fs::File::create(&path_dest)?;
         println!(
             "Templating and installing systemd unit {} to {}",
             file_name.to_string_lossy(),
@@ -311,7 +311,7 @@ impl Installer {
 
     fn __install_units(
         &self,
-        path_cur: path::PathBuf,
+        path_cur: &path::Path,
         file_name: &OsStr,
     ) -> Result<(), InstallUnitsError> {
         let path_dest = self.install_dirs.unitdir_full.clone().join(file_name);
@@ -326,17 +326,17 @@ impl Installer {
     }
 
     fn install_units(&self) -> Result<(), InstallUnitsError> {
-        let unitdir_full = self.install_dirs.unitdir_full.clone();
+        let unitdir_full = &self.install_dirs.unitdir_full;
 
-        mkdir_if_not_exists(unitdir_full.clone())?;
+        mkdir_if_not_exists(unitdir_full)?;
         escalate_if_not_owned(unitdir_full)?;
 
         let unit_path = path::Path::new("contrib").join("systemd");
         if !unit_path.exists() {
             return Ok(());
         }
 
-        for entry in fs::read_dir(unit_path.clone())? {
+        for entry in fs::read_dir(&unit_path)? {
             let path_cur = entry?.path();
             let metadata = path_cur.metadata()?;
 
@@ -350,13 +350,13 @@ impl Installer {
             match path_cur.extension() {
                 Some(ext) => {
                     if ext == "in" {
-                        self.__install_and_template_units(unit_path.clone(), file_name)?;
+                        self.__install_and_template_units(&unit_path, file_name)?;
                     } else {
-                        self.__install_units(path_cur.clone(), file_name)?;
+                        self.__install_units(&path_cur, file_name)?;
                     }
                 }
                 None => {
-                    self.__install_units(path_cur.clone(), file_name)?;
+                    self.__install_units(&path_cur, file_name)?;
                 }
             }
         }