[lxc-devel] [PATCH v2 1/2] add lsm op for getting name of enabled lsm

Serge Hallyn serge.hallyn at ubuntu.com
Fri Oct 18 18:36:56 UTC 2013 

Quoting Dwight Engen (dwight.engen at oracle.com):
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>

Thanks.  (You're probably right about it having been safe anyway, but
this is more comfortable :)

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

> ---
> v2: return "none" when there is no lsm driver
> 
>  src/lxc/lsm/lsm.c |  9 ++++++++-
>  src/lxc/lsm/lsm.h | 26 ++++++++++++++------------
>  2 files changed, 22 insertions(+), 13 deletions(-)
> 
> diff --git a/src/lxc/lsm/lsm.c b/src/lxc/lsm/lsm.c
> index f022de9..066102b 100644
> --- a/src/lxc/lsm/lsm.c
> +++ b/src/lxc/lsm/lsm.c
> @@ -62,13 +62,20 @@ void lsm_init(void)
>  	INFO("Initialized LSM security driver %s", drv->name);
>  }
>  
> -int lsm_enabled()
> +int lsm_enabled(void)
>  {
>  	if (drv)
>  		return drv->enabled();
>  	return 0;
>  }
>  
> +const char *lsm_name(void)
> +{
> +	if (drv)
> +		return drv->name;
> +	return "none";
> +}
> +
>  char *lsm_process_label_get(pid_t pid)
>  {
>  	if (!drv) {
> diff --git a/src/lxc/lsm/lsm.h b/src/lxc/lsm/lsm.h
> index ee093da..621e1af 100644
> --- a/src/lxc/lsm/lsm.h
> +++ b/src/lxc/lsm/lsm.h
> @@ -37,19 +37,21 @@ struct lsm_drv {
>  };
>  
>  #if HAVE_APPARMOR || HAVE_SELINUX
> -void  lsm_init(void);
> -int   lsm_enabled(void);
> -char *lsm_process_label_get(pid_t pid);
> -int   lsm_process_label_set(const char *label, int use_default);
> -int   lsm_proc_mount(struct lxc_conf *lxc_conf);
> -void  lsm_proc_unmount(struct lxc_conf *lxc_conf);
> +void        lsm_init(void);
> +int         lsm_enabled(void);
> +const char *lsm_name(void);
> +char       *lsm_process_label_get(pid_t pid);
> +int         lsm_process_label_set(const char *label, int use_default);
> +int         lsm_proc_mount(struct lxc_conf *lxc_conf);
> +void        lsm_proc_unmount(struct lxc_conf *lxc_conf);
>  #else
> -static inline void  lsm_init(void) { }
> -static inline int   lsm_enabled(void) { return 0; }
> -static inline char *lsm_process_label_get(pid_t pid) { return NULL; }
> -static inline int   lsm_process_label_set(char *label, int use_default) { return 0; }
> -static inline int   lsm_proc_mount(struct lxc_conf *lxc_conf) { return 0; }
> -static inline void  lsm_proc_unmount(struct lxc_conf *lxc_conf) { }
> +static inline void        lsm_init(void) { }
> +static inline int         lsm_enabled(void) { return 0; }
> +static inline const char *lsm_name(void) { return "none"; }
> +static inline char       *lsm_process_label_get(pid_t pid) { return NULL; }
> +static inline int         lsm_process_label_set(char *label, int use_default) { return 0; }
> +static inline int         lsm_proc_mount(struct lxc_conf *lxc_conf) { return 0; }
> +static inline void        lsm_proc_unmount(struct lxc_conf *lxc_conf) { }
>  #endif
>  
>  #endif
> -- 
> 1.8.3.1
>

More information about the lxc-devel mailing list