proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-06 07:11:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

apparmor: recognize 'unconfined' as unconfined.

Browse Source 
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Serge Hallyn 2016-01-06 11:45:38 -08:00
parent babccc20e8
commit 919a04ed23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/lxc/lsm/apparmor.c
View File

@ -150,8 +150,10 @@ static bool aa_stacking_supported(void) {
static bool in_aa_confined_container(void) {
char *p = apparmor_process_label_get(getpid());
bool ret = false;
if (p && strcmp(p, "/usr/bin/lxc-start") != 0)
if (p && strcmp(p, "/usr/bin/lxc-start") != 0 && strcmp(p, "unconfined") != 0) {
INFO("Already apparmor-confined under %s", p);
ret = true;
}
free(p);
return ret;
}
@ -191,7 +193,6 @@ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf
ERROR("already apparmor confined, but new label requested.");
return -1;
}
INFO("Already apparmor-confined");
return 0;
}