[CRIU] [PATCH v4 4/7] check: add a feature test for apparmor_stacking
Tycho Andersen
tycho.andersen at canonical.com
Thu Oct 27 15:54:58 PDT 2016
v2: fail the check if apparmor isn't the current LSM too. This means that
we can use the feature check feature in the test framework, and since
the warning is listed as non-fatal hopefully it won't freak people out
:)
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
criu/cr-check.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/criu/cr-check.c b/criu/cr-check.c
index 6456486..17f985c 100644
--- a/criu/cr-check.c
+++ b/criu/cr-check.c
@@ -43,10 +43,14 @@
#include "tun.h"
#include "namespaces.h"
#include "pstree.h"
+#include "lsm.h"
+#include "apparmor.h"
#include "cr_options.h"
#include "libnetlink.h"
#include "net.h"
+#include "images/inventory.pb-c.h"
+
static char *feature_name(int (*func)());
static int check_tty(void)
@@ -990,6 +994,14 @@ out:
return ret;
}
+static int check_apparmor_stacking(void)
+{
+ if (!check_aa_ns_dumping())
+ return -1;
+
+ return 0;
+}
+
static int (*chk_feature)(void);
/*
@@ -1091,6 +1103,7 @@ int cr_check(void)
ret |= check_cgroupns();
ret |= check_tcp_window();
ret |= check_nsid_manip();
+ ret |= check_apparmor_stacking();
}
/*
@@ -1171,6 +1184,7 @@ static struct feature_list feature_list[] = {
{ "cgroupns", check_cgroupns },
{ "autofs", check_autofs },
{ "nsid_manip", check_nsid_manip },
+ { "apparmor_stacking", check_apparmor_stacking },
{ NULL, NULL },
};
--
2.9.3
More information about the CRIU
mailing list