[CRIU] [PATCH 2/2] lsm: get host lsm type from the host mntns

Andrey Vagin avagin at openvz.org
Mon May 18 11:50:39 PDT 2015 

We check files in /sys, so we must do this from host mount namespaces.

Signed-off-by: Andrew Vagin <avagin at openvz.org>
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 include/lsm.h |  5 +++++
 kerndat.c     |  5 +++++
 lsm.c         | 11 +----------
 3 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/include/lsm.h b/include/lsm.h
index d3b0c97..05737ff 100644
--- a/include/lsm.h
+++ b/include/lsm.h
@@ -10,6 +10,11 @@
 extern Lsmtype host_lsm_type();
 
 /*
+ * Initilize the Lsmtype for the current host
+ */
+extern void kerndat_lsm();
+
+/*
  * Read the LSM profile for the pstree item
  */
 extern int collect_lsm_profile(pid_t, CredsEntry *);
diff --git a/kerndat.c b/kerndat.c
index 65e2c75..54ba8c7 100644
--- a/kerndat.c
+++ b/kerndat.c
@@ -18,6 +18,7 @@
 #include "asm/types.h"
 #include "cr_options.h"
 #include "util.h"
+#include "lsm.h"
 
 struct kerndat_s kdat = {
 	.tcp_max_rshare = 3U << 20,
@@ -323,6 +324,8 @@ int kerndat_init(void)
 	if (!ret)
 		ret = kerndat_fdinfo_has_lock();
 
+	kerndat_lsm();
+
 	return ret;
 }
 
@@ -342,5 +345,7 @@ int kerndat_init_rst(void)
 	if (!ret)
 		ret = kerndat_has_memfd_create();
 
+	kerndat_lsm();
+
 	return ret;
 }
diff --git a/lsm.c b/lsm.c
index 90b395f..5acaa42 100644
--- a/lsm.c
+++ b/lsm.c
@@ -102,7 +102,7 @@ static int selinux_get_label(pid_t pid, char **output)
 }
 #endif
 
-static void get_host_lsm()
+void kerndat_lsm()
 {
 	if (access("/sys/kernel/security/apparmor", F_OK) == 0) {
 		get_label = apparmor_get_label;
@@ -132,17 +132,11 @@ static void get_host_lsm()
 
 Lsmtype host_lsm_type()
 {
-	if (name == NULL)
-		get_host_lsm();
-
 	return lsmtype;
 }
 
 int collect_lsm_profile(pid_t pid, CredsEntry *ce)
 {
-	if (name == NULL)
-		get_host_lsm();
-
 	ce->lsm_profile = NULL;
 
 	if (lsmtype == LSMTYPE__NO_LSM)
@@ -162,9 +156,6 @@ extern Lsmtype image_lsm;
 
 int validate_lsm(CredsEntry *ce)
 {
-	if (name == NULL)
-		get_host_lsm();
-
 	if (image_lsm == LSMTYPE__NO_LSM || image_lsm == lsmtype)
 		return 0;
 
-- 
2.1.0

More information about the CRIU mailing list