From 8dae48d74e5b55d57fe6b65837e18cd861e4fc5c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 22 Jan 2018 10:48:56 +0100 Subject: [PATCH] lsm: non-functional changes Signed-off-by: Christian Brauner --- src/lxc/lsm/apparmor.c | 2 +- src/lxc/lsm/lsm.c | 2 +- src/lxc/lsm/lsm.h | 53 ++++++++++++++++++++++++++++++------------ src/lxc/lsm/nop.c | 2 +- src/lxc/lsm/selinux.c | 2 +- 5 files changed, 42 insertions(+), 19 deletions(-) diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c index 7ba284240..6106ddd08 100644 --- a/src/lxc/lsm/apparmor.c +++ b/src/lxc/lsm/apparmor.c @@ -172,7 +172,7 @@ static bool aa_needs_transition(char *curlabel) * Notes: This relies on /proc being available. */ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf, - int use_default, int on_exec) + bool use_default, bool on_exec) { const char *label = inlabel ? inlabel : conf->lsm_aa_profile; char *curlabel; diff --git a/src/lxc/lsm/lsm.c b/src/lxc/lsm/lsm.c index 79f837fc6..75f20f13b 100644 --- a/src/lxc/lsm/lsm.c +++ b/src/lxc/lsm/lsm.c @@ -86,7 +86,7 @@ char *lsm_process_label_get(pid_t pid) } int lsm_process_label_set(const char *label, struct lxc_conf *conf, - int use_default, int on_exec) + bool use_default, bool on_exec) { if (!drv) { ERROR("LSM driver not inited"); diff --git a/src/lxc/lsm/lsm.h b/src/lxc/lsm/lsm.h index b915e8ddd..3b08b3be7 100644 --- a/src/lxc/lsm/lsm.h +++ b/src/lxc/lsm/lsm.h @@ -28,29 +28,52 @@ struct lxc_conf; #include +#include "../utils.h" + +#define LXC_LSMATTRLEN (5 + (LXC_NUMSTRLEN64) + 7 + 1) + struct lsm_drv { const char *name; - int (*enabled)(void); + int (*enabled)(void); char *(*process_label_get)(pid_t pid); - int (*process_label_set)(const char *label, struct lxc_conf *conf, - int use_default, int on_exec); + int (*process_label_set)(const char *label, struct lxc_conf *conf, + bool use_default, bool on_exec); }; #if HAVE_APPARMOR || HAVE_SELINUX -void lsm_init(void); -int lsm_enabled(void); -const char *lsm_name(void); -char *lsm_process_label_get(pid_t pid); -int lsm_process_label_set(const char *label, struct lxc_conf *conf, - int use_default, int on_exec); +extern void lsm_init(void); +extern int lsm_enabled(void); +extern const char *lsm_name(void); +extern char *lsm_process_label_get(pid_t pid); +extern int lsm_process_label_set(const char *label, struct lxc_conf *conf, + bool use_default, bool on_exec); #else -static inline void lsm_init(void) { } -static inline int lsm_enabled(void) { return 0; } -static inline const char *lsm_name(void) { return "none"; } -static inline char *lsm_process_label_get(pid_t pid) { return NULL; } -static inline int lsm_process_label_set(const char *label, - struct lxc_conf *conf, int use_default, int on_exec) { return 0; } +static inline void lsm_init(void) +{ + return; +} + +static inline int lsm_enabled(void) { + return 0; +} + +static inline const char *lsm_name(void) +{ + return "none"; +} + +static inline char *lsm_process_label_get(pid_t pid) +{ + return NULL; +} + +static inline int lsm_process_label_set(const char *label, + struct lxc_conf *conf, bool use_default, + bool on_exec) +{ + return 0; +} #endif #endif diff --git a/src/lxc/lsm/nop.c b/src/lxc/lsm/nop.c index c13d8f528..7bb8121b8 100644 --- a/src/lxc/lsm/nop.c +++ b/src/lxc/lsm/nop.c @@ -30,7 +30,7 @@ static char *nop_process_label_get(pid_t pid) } static int nop_process_label_set(const char *label, struct lxc_conf *conf, - int use_default, int on_exec) + bool use_default, bool on_exec) { return 0; } diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c index 46554d84c..857fe29a8 100644 --- a/src/lxc/lsm/selinux.c +++ b/src/lxc/lsm/selinux.c @@ -72,7 +72,7 @@ static char *selinux_process_label_get(pid_t pid) * Notes: This relies on /proc being available. */ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf, - int use_default, int on_exec) + bool use_default, bool on_exec) { const char *label = inlabel ? inlabel : conf->lsm_se_context; if (!label) { -- 2.47.2