Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
---
src/lxc/lsm/apparmor.c | 1 +
src/lxc/lsm/lsm.c | 7 +++++++
src/lxc/lsm/lsm.h | 3 +++
src/lxc/lsm/nop.c | 6 ++++++
src/lxc/lsm/selinux.c | 1 +
5 files changed, 18 insertions(+)
diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index c13613a..146564f 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -167,6 +167,7 @@ static int apparmor_process_label_set(const char *label,
int use_default)
static struct lsm_drv apparmor_drv = {
.name = "AppArmor",
+ .enabled = apparmor_enabled,
.process_label_get = apparmor_process_label_get,
.process_label_set = apparmor_process_label_set,
};
diff --git a/src/lxc/lsm/lsm.c b/src/lxc/lsm/lsm.c
index 3974f11..f022de9 100644
--- a/src/lxc/lsm/lsm.c
+++ b/src/lxc/lsm/lsm.c
@@ -62,6 +62,13 @@ void lsm_init(void)
INFO("Initialized LSM security driver %s", drv->name);
}
+int lsm_enabled()
+{
+ if (drv)
+ return drv->enabled();
+ return 0;
+}
+
char *lsm_process_label_get(pid_t pid)
{
if (!drv) {
diff --git a/src/lxc/lsm/lsm.h b/src/lxc/lsm/lsm.h
index 2a82c66..ee093da 100644
--- a/src/lxc/lsm/lsm.h
+++ b/src/lxc/lsm/lsm.h
@@ -31,18 +31,21 @@ struct lxc_conf;
struct lsm_drv {
const char *name;
+ int (*enabled)(void);
char *(*process_label_get)(pid_t pid);
int (*process_label_set)(const char *label, int use_default);
};
#if HAVE_APPARMOR || HAVE_SELINUX
void lsm_init(void);
+int lsm_enabled(void);
char *lsm_process_label_get(pid_t pid);
int lsm_process_label_set(const char *label, int use_default);
int lsm_proc_mount(struct lxc_conf *lxc_conf);
void lsm_proc_unmount(struct lxc_conf *lxc_conf);
#else
static inline void lsm_init(void) { }
+static inline int lsm_enabled(void) { return 0; }
static inline char *lsm_process_label_get(pid_t pid) { return NULL; }
static inline int lsm_process_label_set(char *label, int use_default) {
return 0; }
static inline int lsm_proc_mount(struct lxc_conf *lxc_conf) { return 0; }
diff --git a/src/lxc/lsm/nop.c b/src/lxc/lsm/nop.c
index 9184e6b..e39b0f5 100644
--- a/src/lxc/lsm/nop.c
+++ b/src/lxc/lsm/nop.c
@@ -34,8 +34,14 @@ static int nop_process_label_set(const char *label, int
use_default)
return 0;
}
+static int nop_enabled(void)
+{
+ return 0;
+}
+
static struct lsm_drv nop_drv = {
.name = "nop",
+ .enabled = nop_enabled,
.process_label_get = nop_process_label_get,
.process_label_set = nop_process_label_set,
};
diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index 6e44e8b..ef5beb0 100644
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -89,6 +89,7 @@ static int selinux_process_label_set(const char *label, int
use_default)
static struct lsm_drv selinux_drv = {
.name = "SELinux",
+ .enabled = is_selinux_enabled,
.process_label_get = selinux_process_label_get,
.process_label_set = selinux_process_label_set,
};
--
1.8.3.1
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
