[CRIU] [PATCH 2/2] lsm: get host lsm type from the host mntns
Tycho Andersen
tycho.andersen at canonical.com
Tue May 19 05:24:59 PDT 2015
On Mon, May 18, 2015 at 09:50:39PM +0300, Andrey Vagin wrote:
> We check files in /sys, so we must do this from host mount namespaces.
Doesn't this get initialized in write_img_inventory, which is called
in the same sequence as kerndat_init()? I'm confused as to what this
changes.
Tycho
> Signed-off-by: Andrew Vagin <avagin at openvz.org>
> Signed-off-by: Andrey Vagin <avagin at openvz.org>
> ---
> include/lsm.h | 5 +++++
> kerndat.c | 5 +++++
> lsm.c | 11 +----------
> 3 files changed, 11 insertions(+), 10 deletions(-)
>
> diff --git a/include/lsm.h b/include/lsm.h
> index d3b0c97..05737ff 100644
> --- a/include/lsm.h
> +++ b/include/lsm.h
> @@ -10,6 +10,11 @@
> extern Lsmtype host_lsm_type();
>
> /*
> + * Initilize the Lsmtype for the current host
> + */
> +extern void kerndat_lsm();
> +
> +/*
> * Read the LSM profile for the pstree item
> */
> extern int collect_lsm_profile(pid_t, CredsEntry *);
> diff --git a/kerndat.c b/kerndat.c
> index 65e2c75..54ba8c7 100644
> --- a/kerndat.c
> +++ b/kerndat.c
> @@ -18,6 +18,7 @@
> #include "asm/types.h"
> #include "cr_options.h"
> #include "util.h"
> +#include "lsm.h"
>
> struct kerndat_s kdat = {
> .tcp_max_rshare = 3U << 20,
> @@ -323,6 +324,8 @@ int kerndat_init(void)
> if (!ret)
> ret = kerndat_fdinfo_has_lock();
>
> + kerndat_lsm();
> +
> return ret;
> }
>
> @@ -342,5 +345,7 @@ int kerndat_init_rst(void)
> if (!ret)
> ret = kerndat_has_memfd_create();
>
> + kerndat_lsm();
> +
> return ret;
> }
> diff --git a/lsm.c b/lsm.c
> index 90b395f..5acaa42 100644
> --- a/lsm.c
> +++ b/lsm.c
> @@ -102,7 +102,7 @@ static int selinux_get_label(pid_t pid, char **output)
> }
> #endif
>
> -static void get_host_lsm()
> +void kerndat_lsm()
> {
> if (access("/sys/kernel/security/apparmor", F_OK) == 0) {
> get_label = apparmor_get_label;
> @@ -132,17 +132,11 @@ static void get_host_lsm()
>
> Lsmtype host_lsm_type()
> {
> - if (name == NULL)
> - get_host_lsm();
> -
> return lsmtype;
> }
>
> int collect_lsm_profile(pid_t pid, CredsEntry *ce)
> {
> - if (name == NULL)
> - get_host_lsm();
> -
> ce->lsm_profile = NULL;
>
> if (lsmtype == LSMTYPE__NO_LSM)
> @@ -162,9 +156,6 @@ extern Lsmtype image_lsm;
>
> int validate_lsm(CredsEntry *ce)
> {
> - if (name == NULL)
> - get_host_lsm();
> -
> if (image_lsm == LSMTYPE__NO_LSM || image_lsm == lsmtype)
> return 0;
>
> --
> 2.1.0
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
More information about the CRIU
mailing list