proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-06 13:25:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #3925 from brauner/2021-08-09.fixes

Browse Source 
lsm/apparmor: small fixes
This commit is contained in:
Stéphane Graber 2021-08-09 10:25:07 -04:00 committed by GitHub
commit 99ada0efc9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/lxc/lsm/apparmor.c
View File

@ -611,8 +611,8 @@ out:
static bool file_is_yes(const char *path)
{
__do_close int fd = -EBADF;
ssize_t rd;
int fd;
char buf[8]; /* we actually just expect "yes" or "no" */
fd = open(path, O_RDONLY | O_CLOEXEC);
@ -620,7 +620,6 @@ static bool file_is_yes(const char *path)
return false;
rd = lxc_read_nointr(fd, buf, sizeof(buf));
close(fd);
return rd >= 4 && strnequal(buf, "yes\n", 4);
}
@ -1163,7 +1162,8 @@ static int apparmor_process_label_fd_get(struct lsm_ops *ops, pid_t pid, bool on
return __apparmor_process_label_open(ops, pid, O_RDWR, on_exec);
}
static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd, const char *label, bool on_exec)
static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd,
const char *label, bool on_exec)
{
__do_free char *command = NULL;
int ret = -1;
@ -1182,9 +1182,12 @@ static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd, cons
return -EFBIG;
ret = lxc_write_nointr(label_fd, command, len - 1);
if (ret < 0)
return syserror("Failed to write AppArmor profile \"%s\" to %d",
label, label_fd);
INFO("Set AppArmor label to \"%s\"", label);
return ret;
return 0;
}
/*