[CRIU] [PATCH 2/2] lsm: get host lsm type from the host mntns

Mon May 18 12:25:01 PDT 2015

2015-05-18 21:50 GMT+03:00 Andrey Vagin <avagin at openvz.org>:
> We check files in /sys, so we must do this from host mount namespaces.

Tycho, could you take a look at this patch.

>
> Signed-off-by: Andrew Vagin <avagin at openvz.org>
> Signed-off-by: Andrey Vagin <avagin at openvz.org>
> ---
>  include/lsm.h |  5 +++++
>  kerndat.c     |  5 +++++
>  lsm.c         | 11 +----------
>  3 files changed, 11 insertions(+), 10 deletions(-)
>
> diff --git a/include/lsm.h b/include/lsm.h
> index d3b0c97..05737ff 100644
> --- a/include/lsm.h
> +++ b/include/lsm.h
> @@ -10,6 +10,11 @@
>  extern Lsmtype host_lsm_type();
>
>  /*
> + * Initilize the Lsmtype for the current host
> + */
> +extern void kerndat_lsm();
> +
> +/*
>   * Read the LSM profile for the pstree item
>   */
>  extern int collect_lsm_profile(pid_t, CredsEntry *);
> diff --git a/kerndat.c b/kerndat.c
> index 65e2c75..54ba8c7 100644
> --- a/kerndat.c
> +++ b/kerndat.c
> @@ -18,6 +18,7 @@
>  #include "asm/types.h"
>  #include "cr_options.h"
>  #include "util.h"
> +#include "lsm.h"
>
>  struct kerndat_s kdat = {
>         .tcp_max_rshare = 3U << 20,
> @@ -323,6 +324,8 @@ int kerndat_init(void)
>         if (!ret)
>                 ret = kerndat_fdinfo_has_lock();
>
> +       kerndat_lsm();
> +
>         return ret;
>  }
>
> @@ -342,5 +345,7 @@ int kerndat_init_rst(void)
>         if (!ret)
>                 ret = kerndat_has_memfd_create();
>
> +       kerndat_lsm();
> +
>         return ret;
>  }
> diff --git a/lsm.c b/lsm.c
> index 90b395f..5acaa42 100644
> --- a/lsm.c
> +++ b/lsm.c
> @@ -102,7 +102,7 @@ static int selinux_get_label(pid_t pid, char **output)
>  }
>  #endif
>
> -static void get_host_lsm()
> +void kerndat_lsm()
>  {
>         if (access("/sys/kernel/security/apparmor", F_OK) == 0) {
>                 get_label = apparmor_get_label;
> @@ -132,17 +132,11 @@ static void get_host_lsm()
>
>  Lsmtype host_lsm_type()
>  {
> -       if (name == NULL)
> -               get_host_lsm();
> -
>         return lsmtype;
>  }
>
>  int collect_lsm_profile(pid_t pid, CredsEntry *ce)
>  {
> -       if (name == NULL)
> -               get_host_lsm();
> -
>         ce->lsm_profile = NULL;
>
>         if (lsmtype == LSMTYPE__NO_LSM)
> @@ -162,9 +156,6 @@ extern Lsmtype image_lsm;
>
>  int validate_lsm(CredsEntry *ce)
>  {
> -       if (name == NULL)
> -               get_host_lsm();
> -
>         if (image_lsm == LSMTYPE__NO_LSM || image_lsm == lsmtype)
>                 return 0;
>
> --
> 2.1.0
>