Merge pull request #3925 from brauner/2021-08-09.fixes

lsm/apparmor: small fixes

src/lxc/lsm/apparmor.c

@@ -611,8 +611,8 @@ out:
 
 static bool file_is_yes(const char *path)
 {
+	__do_close int fd = -EBADF;
 	ssize_t rd;
-	int fd;
 	char buf[8]; /* we actually just expect "yes" or "no" */
 
 	fd = open(path, O_RDONLY | O_CLOEXEC);
@@ -620,7 +620,6 @@ static bool file_is_yes(const char *path)
 		return false;
 
 	rd = lxc_read_nointr(fd, buf, sizeof(buf));
-	close(fd);
 
 	return rd >= 4 && strnequal(buf, "yes\n", 4);
 }
@@ -1163,7 +1162,8 @@ static int apparmor_process_label_fd_get(struct lsm_ops *ops, pid_t pid, bool on
 	return __apparmor_process_label_open(ops, pid, O_RDWR, on_exec);
 }
 
-static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd, const char *label, bool on_exec)
+static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd,
+					 const char *label, bool on_exec)
 {
 	__do_free char *command = NULL;
 	int ret = -1;
@@ -1182,9 +1182,12 @@ static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd, cons
 		return -EFBIG;
 
 	ret = lxc_write_nointr(label_fd, command, len - 1);
+	if (ret < 0)
+		return syserror("Failed to write AppArmor profile \"%s\" to %d",
+				label, label_fd);
 
 	INFO("Set AppArmor label to \"%s\"", label);
-	return ret;
+	return 0;
 }
 
 /*