Re: [lxc-devel] [PATCH v2 1/2] add lsm op for getting name of enabled lsm

Serge Hallyn Fri, 18 Oct 2013 11:39:17 -0700

Quoting Dwight Engen (dwight.en...@oracle.com):
> Signed-off-by: Dwight Engen <dwight.en...@oracle.com>


Thanks.  (You're probably right about it having been safe anyway, but
this is more comfortable :)

Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>

> ---
> v2: return "none" when there is no lsm driver
> 
>  src/lxc/lsm/lsm.c |  9 ++++++++-
>  src/lxc/lsm/lsm.h | 26 ++++++++++++++------------
>  2 files changed, 22 insertions(+), 13 deletions(-)
> 
> diff --git a/src/lxc/lsm/lsm.c b/src/lxc/lsm/lsm.c
> index f022de9..066102b 100644
> --- a/src/lxc/lsm/lsm.c
> +++ b/src/lxc/lsm/lsm.c
> @@ -62,13 +62,20 @@ void lsm_init(void)
>       INFO("Initialized LSM security driver %s", drv->name);
>  }
>  
> -int lsm_enabled()
> +int lsm_enabled(void)
>  {
>       if (drv)
>               return drv->enabled();
>       return 0;
>  }
>  
> +const char *lsm_name(void)
> +{
> +     if (drv)
> +             return drv->name;
> +     return "none";
> +}
> +
>  char *lsm_process_label_get(pid_t pid)
>  {
>       if (!drv) {
> diff --git a/src/lxc/lsm/lsm.h b/src/lxc/lsm/lsm.h
> index ee093da..621e1af 100644
> --- a/src/lxc/lsm/lsm.h
> +++ b/src/lxc/lsm/lsm.h
> @@ -37,19 +37,21 @@ struct lsm_drv {
>  };
>  
>  #if HAVE_APPARMOR || HAVE_SELINUX
> -void  lsm_init(void);
> -int   lsm_enabled(void);
> -char *lsm_process_label_get(pid_t pid);
> -int   lsm_process_label_set(const char *label, int use_default);
> -int   lsm_proc_mount(struct lxc_conf *lxc_conf);
> -void  lsm_proc_unmount(struct lxc_conf *lxc_conf);
> +void        lsm_init(void);
> +int         lsm_enabled(void);
> +const char *lsm_name(void);
> +char       *lsm_process_label_get(pid_t pid);
> +int         lsm_process_label_set(const char *label, int use_default);
> +int         lsm_proc_mount(struct lxc_conf *lxc_conf);
> +void        lsm_proc_unmount(struct lxc_conf *lxc_conf);
>  #else
> -static inline void  lsm_init(void) { }
> -static inline int   lsm_enabled(void) { return 0; }
> -static inline char *lsm_process_label_get(pid_t pid) { return NULL; }
> -static inline int   lsm_process_label_set(char *label, int use_default) { 
> return 0; }
> -static inline int   lsm_proc_mount(struct lxc_conf *lxc_conf) { return 0; }
> -static inline void  lsm_proc_unmount(struct lxc_conf *lxc_conf) { }
> +static inline void        lsm_init(void) { }
> +static inline int         lsm_enabled(void) { return 0; }
> +static inline const char *lsm_name(void) { return "none"; }
> +static inline char       *lsm_process_label_get(pid_t pid) { return NULL; }
> +static inline int         lsm_process_label_set(char *label, int 
> use_default) { return 0; }
> +static inline int         lsm_proc_mount(struct lxc_conf *lxc_conf) { return 
> 0; }
> +static inline void        lsm_proc_unmount(struct lxc_conf *lxc_conf) { }
>  #endif
>  
>  #endif
> -- 
> 1.8.3.1
> 

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH v2 1/2] add lsm op for getting name of enabled lsm

Reply via email to