]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fefddf9)
add lsm op for checking if an lsm is present/enabled
authorDwight Engen <dwight.engen@oracle.com>
Tue, 15 Oct 2013 17:51:20 +0000 (13:51 -0400)
committerSerge Hallyn <serge.hallyn@ubuntu.com>
Thu, 17 Oct 2013 15:18:52 +0000 (10:18 -0500)
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
src/lxc/lsm/apparmor.c patch | blob | blame | history
src/lxc/lsm/lsm.c patch | blob | blame | history
src/lxc/lsm/lsm.h patch | blob | blame | history
src/lxc/lsm/nop.c patch | blob | blame | history
src/lxc/lsm/selinux.c patch | blob | blame | history

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index c13613a61c7ca9c141c2df66026099d1b3585955..146564fde2180ed60bc3eac629b177508506693d 100644 (file)
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -167,6 +167,7 @@ static int apparmor_process_label_set(const char *label, int use_default)
 
 static struct lsm_drv apparmor_drv = {
        .name = "AppArmor",
+       .enabled           = apparmor_enabled,
        .process_label_get = apparmor_process_label_get,
        .process_label_set = apparmor_process_label_set,
 };
diff --git a/src/lxc/lsm/lsm.c b/src/lxc/lsm/lsm.c
index 3974f11d9e54c79758df5bdf1099bb946ed08088..f022de980adc523903911d74aba6874c6cd57e05 100644 (file)
--- a/src/lxc/lsm/lsm.c
+++ b/src/lxc/lsm/lsm.c
@@ -62,6 +62,13 @@ void lsm_init(void)
        INFO("Initialized LSM security driver %s", drv->name);
 }
 
+int lsm_enabled()
+{
+       if (drv)
+               return drv->enabled();
+       return 0;
+}
+
 char *lsm_process_label_get(pid_t pid)
 {
        if (!drv) {
diff --git a/src/lxc/lsm/lsm.h b/src/lxc/lsm/lsm.h
index 2a82c66d71bdabf56eb5f620af0a8488c00b1a57..ee093da09c896f8b1370af0137344399ec9cab6c 100644 (file)
--- a/src/lxc/lsm/lsm.h
+++ b/src/lxc/lsm/lsm.h
@@ -31,18 +31,21 @@ struct lxc_conf;
 struct lsm_drv {
        const char *name;
 
+       int   (*enabled)(void);
        char *(*process_label_get)(pid_t pid);
        int   (*process_label_set)(const char *label, int use_default);
 };
 
 #if HAVE_APPARMOR || HAVE_SELINUX
 void  lsm_init(void);
+int   lsm_enabled(void);
 char *lsm_process_label_get(pid_t pid);
 int   lsm_process_label_set(const char *label, int use_default);
 int   lsm_proc_mount(struct lxc_conf *lxc_conf);
 void  lsm_proc_unmount(struct lxc_conf *lxc_conf);
 #else
 static inline void  lsm_init(void) { }
+static inline int   lsm_enabled(void) { return 0; }
 static inline char *lsm_process_label_get(pid_t pid) { return NULL; }
 static inline int   lsm_process_label_set(char *label, int use_default) { return 0; }
 static inline int   lsm_proc_mount(struct lxc_conf *lxc_conf) { return 0; }
diff --git a/src/lxc/lsm/nop.c b/src/lxc/lsm/nop.c
index 9184e6b18003f6a73d4ee68dc7081f7c293e8151..e39b0f514992c8fbd37784050940c5e35c716e2d 100644 (file)
--- a/src/lxc/lsm/nop.c
+++ b/src/lxc/lsm/nop.c
@@ -34,8 +34,14 @@ static int nop_process_label_set(const char *label, int use_default)
        return 0;
 }
 
+static int nop_enabled(void)
+{
+       return 0;
+}
+
 static struct lsm_drv nop_drv = {
        .name = "nop",
+       .enabled           = nop_enabled,
        .process_label_get = nop_process_label_get,
        .process_label_set = nop_process_label_set,
 };
diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index 6e44e8b5657b475b6c6bb0167749f1d668ec0f50..ef5beb0b353f108a1755a8719935bcfb7af28031 100644 (file)
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -89,6 +89,7 @@ static int selinux_process_label_set(const char *label, int use_default)
 
 static struct lsm_drv selinux_drv = {
        .name = "SELinux",
+       .enabled           = is_selinux_enabled,
        .process_label_get = selinux_process_label_get,
        .process_label_set = selinux_process_label_set,
 };
Mirror of https://github.com/lxc/lxc.git