[lxc-devel] [PATCH 1/2] add lsm op for getting name of enabled lsm
Dwight Engen
dwight.engen at oracle.com
Fri Oct 18 17:31:20 UTC 2013
On Fri, 18 Oct 2013 11:19:20 -0500
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Dwight Engen (dwight.engen at oracle.com):
> > Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> > ---
> > src/lxc/lsm/lsm.c | 9 ++++++++-
> > src/lxc/lsm/lsm.h | 26 ++++++++++++++------------
> > 2 files changed, 22 insertions(+), 13 deletions(-)
> >
> > diff --git a/src/lxc/lsm/lsm.c b/src/lxc/lsm/lsm.c
> > index f022de9..508d640 100644
> > --- a/src/lxc/lsm/lsm.c
> > +++ b/src/lxc/lsm/lsm.c
> > @@ -62,13 +62,20 @@ void lsm_init(void)
> > INFO("Initialized LSM security driver %s", drv->name);
> > }
> >
> > -int lsm_enabled()
> > +int lsm_enabled(void)
> > {
> > if (drv)
> > return drv->enabled();
> > return 0;
> > }
> >
> > +const char *lsm_name(void)
> > +{
> > + if (drv)
> > + return drv->name;
> > + return NULL;
>
> I think it should return "none" here. (I'm not sure your use of the
> NULL return in the attach testcase is safe.)
I'm fine with "none" or "nop". I think the attach testcase is safe
because it won't use the name unless lsm_enabled() is true, which it
won't be if the driver is nop or there is no driver.
More information about the lxc-devel
mailing list