]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f14d72b)
lsm/apparmor: log failure to write AppArmor profile
authorChristian Brauner <christian.brauner@ubuntu.com>
Mon, 9 Aug 2021 13:58:53 +0000 (15:58 +0200)
committerChristian Brauner <christian.brauner@ubuntu.com>
Mon, 9 Aug 2021 13:58:53 +0000 (15:58 +0200)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/lsm/apparmor.c patch | blob | blame | history

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index 3e4aa40d7200d8fb6b385b3b2704ca3a8592c4d0..6bf6c6eea783cb4c02f01010d738fc3b61c77171 100644 (file)
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -1163,7 +1163,8 @@ static int apparmor_process_label_fd_get(struct lsm_ops *ops, pid_t pid, bool on
        return __apparmor_process_label_open(ops, pid, O_RDWR, on_exec);
 }
 
-static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd, const char *label, bool on_exec)
+static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd,
+                                        const char *label, bool on_exec)
 {
        __do_free char *command = NULL;
        int ret = -1;
@@ -1182,9 +1183,12 @@ static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd, cons
                return -EFBIG;
 
        ret = lxc_write_nointr(label_fd, command, len - 1);
+       if (ret < 0)
+               return syserror("Failed to write AppArmor profile \"%s\" to %d",
+                               label, label_fd);
 
        INFO("Set AppArmor label to \"%s\"", label);
-       return ret;
+       return 0;
 }
 
 /*
Mirror of https://github.com/lxc/lxc.git