[lxc-devel] [PATCH 3/3] support setting lsm label at exec or immediately
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Oct 16 18:17:08 UTC 2013
Quoting Dwight Engen (dwight.engen at oracle.com):
> - Add attach test cases
>
> - Moved setting of LSM label later to avoid failure of IPC between parent
> and child during attach
...
> diff --git a/src/tests/attach.c b/src/tests/attach.c
> new file mode 100644
> index 0000000..76a1f1f
> --- /dev/null
> +++ b/src/tests/attach.c
> @@ -0,0 +1,380 @@
> +/* liblxcapi
> + *
> + * Copyright © 2013 Oracle.
> + *
> + * Authors:
> + * Dwight Engen <dwight.engen at oracle.com>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2, as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + */
> +
> +#include <lxc/lxccontainer.h>
> +#include <lxc/utils.h>
> +#include <lxc/lsm/lsm.h>
> +
> +#include <errno.h>
> +#include <unistd.h>
> +
> +#define TSTNAME "lxc-attach-test"
> +#define TSTERR(fmt, ...) do { \
> + fprintf(stderr, "%s:%d " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \
> +} while (0)
> +
> +#if HAVE_APPARMOR
> +#define LSM_CONFIG_KEY "lxc.aa_profile"
> +#define LSM_LABEL "lxc-container-default"
> +#endif
> +
> +#if HAVE_SELINUX
> +#define LSM_CONFIG_KEY "lxc.se_context"
> +#define LSM_LABEL "unconfined_u:unconfined_r:lxc_t:s0-s0:c0.c1023"
> +#endif
This breaks builds for me because both HAVE_APPARMOR and HAVE_SELINUX are
set.
More information about the lxc-devel
mailing list