lsm: non-functional changes

author Christian Brauner <christian.brauner@ubuntu.com>

Mon, 22 Jan 2018 09:48:56 +0000 (10:48 +0100)

committer Christian Brauner <christian.brauner@ubuntu.com>

Tue, 6 Feb 2018 12:32:00 +0000 (13:32 +0100)
author Christian Brauner <christian.brauner@ubuntu.com>
Mon, 22 Jan 2018 09:48:56 +0000 (10:48 +0100)
committer Christian Brauner <christian.brauner@ubuntu.com>
Tue, 6 Feb 2018 12:32:00 +0000 (13:32 +0100)
diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c

index 7ba284240fa30ae1ff01b06ba714fb85d795a146..6106ddd0880ed0f11527c3e486f58120d67b46fb 100644 (file)
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -172,7 +172,7 @@ static bool aa_needs_transition(char *curlabel)
   * Notes: This relies on /proc being available.
   */
  static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf,
-                                     int use_default, int on_exec)
+                                     bool use_default, bool on_exec)
  {
         const char *label = inlabel ? inlabel : conf->lsm_aa_profile;
         char *curlabel;
diff --git a/src/lxc/lsm/lsm.c b/src/lxc/lsm/lsm.c

index 79f837fc60050f2631c845145f6567f89ea2d3a4..75f20f13b4da63ba933f0e05ed23aadee4320f78 100644 (file)
--- a/src/lxc/lsm/lsm.c
+++ b/src/lxc/lsm/lsm.c
@@ -86,7 +86,7 @@ char *lsm_process_label_get(pid_t pid)
  }
  
  int lsm_process_label_set(const char *label, struct lxc_conf *conf,
-               int use_default, int on_exec)
+                         bool use_default, bool on_exec)
  {
         if (!drv) {
                 ERROR("LSM driver not inited");
diff --git a/src/lxc/lsm/lsm.h b/src/lxc/lsm/lsm.h

index b915e8ddd355f5abc437d1f4e55a0ec073d15515..3b08b3be732b1c01ce7b0dcb63d88b6f915be804 100644 (file)
--- a/src/lxc/lsm/lsm.h
+++ b/src/lxc/lsm/lsm.h
@@ -28,29 +28,52 @@ struct lxc_conf;
  
  #include <sys/types.h>
  
+#include "../utils.h"
+
+#define LXC_LSMATTRLEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
+
  struct lsm_drv {
         const char *name;
  
-       int   (*enabled)(void);
+       int (*enabled)(void);
         char *(*process_label_get)(pid_t pid);
-       int   (*process_label_set)(const char *label, struct lxc_conf *conf,
-                                  int use_default, int on_exec);
+       int (*process_label_set)(const char *label, struct lxc_conf *conf,
+                                bool use_default, bool on_exec);
  };
  
  #if HAVE_APPARMOR || HAVE_SELINUX
-void        lsm_init(void);
-int         lsm_enabled(void);
-const char *lsm_name(void);
-char       *lsm_process_label_get(pid_t pid);
-int         lsm_process_label_set(const char *label, struct lxc_conf *conf,
-               int use_default, int on_exec);
+extern void lsm_init(void);
+extern int lsm_enabled(void);
+extern const char *lsm_name(void);
+extern char *lsm_process_label_get(pid_t pid);
+extern int lsm_process_label_set(const char *label, struct lxc_conf *conf,
+                                bool use_default, bool on_exec);
  #else
-static inline void        lsm_init(void) { }
-static inline int         lsm_enabled(void) { return 0; }
-static inline const char *lsm_name(void) { return "none"; }
-static inline char       *lsm_process_label_get(pid_t pid) { return NULL; }
-static inline int         lsm_process_label_set(const char *label,
-               struct lxc_conf *conf, int use_default, int on_exec) { return 0; }
+static inline void lsm_init(void)
+{
+       return;
+}
+
+static inline int lsm_enabled(void) {
+       return 0;
+}
+
+static inline const char *lsm_name(void)
+{
+       return "none";
+}
+
+static inline char *lsm_process_label_get(pid_t pid)
+{
+       return NULL;
+}
+
+static inline int lsm_process_label_set(const char *label,
+                                       struct lxc_conf *conf, bool use_default,
+                                       bool on_exec)
+{
+       return 0;
+}
  #endif
  
  #endif
diff --git a/src/lxc/lsm/nop.c b/src/lxc/lsm/nop.c

index c13d8f528e09fd89158ae777a21bec7113337abb..7bb8121b8ee6da6af720b652165c14285954943c 100644 (file)
--- a/src/lxc/lsm/nop.c
+++ b/src/lxc/lsm/nop.c
@@ -30,7 +30,7 @@ static char *nop_process_label_get(pid_t pid)
  }
  
  static int nop_process_label_set(const char *label, struct lxc_conf *conf,
-               int use_default, int on_exec)
+                                bool use_default, bool on_exec)
  {
         return 0;
  }
diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c

index 46554d84c5cd3425ccf238459fa584b6f1779f95..857fe29a8d1246f5f9572f91b0a574d0af5f15c0 100644 (file)
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -72,7 +72,7 @@ static char *selinux_process_label_get(pid_t pid)
   * Notes: This relies on /proc being available.
   */
  static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf,
-                                    int use_default, int on_exec)
+                                    bool use_default, bool on_exec)
  {
         const char *label = inlabel ? inlabel : conf->lsm_se_context;
         if (!label) {
author	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 22 Jan 2018 09:48:56 +0000 (10:48 +0100)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Tue, 6 Feb 2018 12:32:00 +0000 (13:32 +0100)
src/lxc/lsm/apparmor.c		patch \| blob \| blame \| history
src/lxc/lsm/lsm.c		patch \| blob \| blame \| history
src/lxc/lsm/lsm.h		patch \| blob \| blame \| history
src/lxc/lsm/nop.c		patch \| blob \| blame \| history
src/lxc/lsm/selinux.c		patch \| blob \| blame \| history