Skip to content

L
lxc
Unverified Commit 4f704b76 by Christian Brauner
Options

lsm: hide unnecessary symbols

Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent 528c2bd8
Showing with 117 additions and 47 deletions
src/lxc/Makefile.am
......@@ -361,7 +361,8 @@ lxc_attach_SOURCES = tools/lxc_attach.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_attach_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -397,7 +398,8 @@ lxc_autostart_SOURCES = tools/lxc_autostart.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_autostart_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -433,7 +435,8 @@ lxc_cgroup_SOURCES = tools/lxc_cgroup.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_cgroup_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -469,7 +472,8 @@ lxc_config_SOURCES = tools/lxc_config.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_config_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -505,7 +509,8 @@ lxc_console_SOURCES = tools/lxc_console.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_console_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -541,7 +546,8 @@ lxc_destroy_SOURCES = tools/lxc_destroy.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_destroy_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -577,7 +583,8 @@ lxc_device_SOURCES = tools/lxc_device.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_device_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -613,7 +620,8 @@ lxc_execute_SOURCES = tools/lxc_execute.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_execute_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -649,7 +657,8 @@ lxc_freeze_SOURCES = tools/lxc_freeze.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_freeze_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -685,7 +694,8 @@ lxc_info_SOURCES = tools/lxc_info.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_info_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -722,7 +732,8 @@ lxc_monitor_SOURCES = tools/lxc_monitor.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_monitor_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -759,7 +770,8 @@ lxc_ls_SOURCES = tools/lxc_ls.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_ls_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -796,7 +808,8 @@ lxc_copy_SOURCES = tools/lxc_copy.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_copy_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -832,7 +845,8 @@ lxc_start_SOURCES = tools/lxc_start.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_start_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -868,7 +882,8 @@ lxc_stop_SOURCES = tools/lxc_stop.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_stop_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -904,7 +919,8 @@ lxc_top_SOURCES = tools/lxc_top.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_top_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -940,7 +956,8 @@ lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_unfreeze_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -978,7 +995,8 @@ lxc_unshare_SOURCES = tools/lxc_unshare.c \
syscall_wrappers.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_unshare_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -1014,7 +1032,8 @@ lxc_wait_SOURCES = tools/lxc_wait.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_wait_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -1051,7 +1070,8 @@ lxc_create_SOURCES = tools/lxc_create.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_create_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -1087,7 +1107,8 @@ lxc_snapshot_SOURCES = tools/lxc_snapshot.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_snapshot_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -1123,7 +1144,8 @@ lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \
sync.c sync.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_checkpoint_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -1182,7 +1204,8 @@ lxc_monitord_SOURCES = cmd/lxc_monitord.c \
syscall_numbers.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_monitord_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -1221,7 +1244,8 @@ lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
syscall_wrappers.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_user_nic_SOURCES += seccomp.c lxcseccomp.h
endif
......@@ -1260,7 +1284,8 @@ lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
syscall_wrappers.h \
terminal.c terminal.h \
utils.c utils.h \
uuid.c uuid.h
uuid.c uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_usernsexec_SOURCES += seccomp.c lxcseccomp.h
endif
......
src/lxc/lsm/lsm.h
......@@ -7,6 +7,7 @@ struct lxc_conf;
#include <sys/types.h>
#include "compiler.h"
#include "macro.h"
#include "utils.h"
......@@ -22,17 +23,15 @@ struct lsm_drv {
void (*cleanup)(struct lxc_conf *conf, const char *lxcpath);
};
extern void lsm_init(void);
extern int lsm_enabled(void);
extern const char *lsm_name(void);
extern char *lsm_process_label_get(pid_t pid);
extern int lsm_process_prepare(struct lxc_conf *conf, const char *lxcpath);
extern int lsm_process_label_set(const char *label, struct lxc_conf *conf,
bool on_exec);
extern int lsm_process_label_fd_get(pid_t pid, bool on_exec);
extern int lsm_process_label_set_at(int label_fd, const char *label,
bool on_exec);
extern void lsm_process_cleanup(struct lxc_conf *conf, const char *lxcpath);
extern int lsm_keyring_label_set(char *label);
__hidden extern void lsm_init(void);
__hidden extern int lsm_enabled(void);
__hidden extern const char *lsm_name(void);
__hidden extern char *lsm_process_label_get(pid_t pid);
__hidden extern int lsm_process_prepare(struct lxc_conf *conf, const char *lxcpath);
__hidden extern int lsm_process_label_set(const char *label, struct lxc_conf *conf, bool on_exec);
__hidden extern int lsm_process_label_fd_get(pid_t pid, bool on_exec);
__hidden extern int lsm_process_label_set_at(int label_fd, const char *label, bool on_exec);
__hidden extern void lsm_process_cleanup(struct lxc_conf *conf, const char *lxcpath);
__hidden extern int lsm_keyring_label_set(char *label);
#endif /* __LXC_LSM_H */
src/tests/Makefile.am
......@@ -7,6 +7,18 @@ LDADD = ../lxc/liblxc.la \
@SELINUX_LIBS@ \
@DLOG_LIBS@
LSM_SOURCES = ../lxc/lsm/lsm.c \
../lxc/lsm/lsm.h \
../lxc/lsm/nop.c
if ENABLE_APPARMOR
LSM_SOURCES += ../lxc/lsm/apparmor.c
endif
if ENABLE_SELINUX
LSM_SOURCES += ../lxc/lsm/selinux.c
endif
lxc_test_api_reboot_SOURCES = api_reboot.c \
../lxc/af_unix.c ../lxc/af_unix.h \
../lxc/caps.c ../lxc/caps.h \
......@@ -37,7 +49,8 @@ lxc_test_api_reboot_SOURCES = api_reboot.c \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_api_reboot_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
......@@ -72,7 +85,8 @@ lxc_test_apparmor_SOURCES = aa.c \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_apparmor_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
......@@ -107,7 +121,8 @@ lxc_test_attach_SOURCES = attach.c \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_attach_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
......@@ -143,7 +158,8 @@ lxc_test_cgpath_SOURCES = cgpath.c \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_cgpath_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
......@@ -181,7 +197,8 @@ lxc_test_config_jump_table_SOURCES = config_jump_table.c \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_config_jump_table_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
......@@ -227,7 +244,8 @@ lxc_test_locktests_SOURCES = locktests.c \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_locktests_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
......@@ -265,7 +283,8 @@ lxc_test_mount_injection_SOURCES = mount_injection.c \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_mount_injection_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
......@@ -301,23 +320,49 @@ lxc_test_parse_config_file_SOURCES = parse_config_file.c \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_parse_config_file_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
lxc_test_raw_clone_SOURCES = lxc_raw_clone.c \
lxctest.h \
../lxc/af_unix.c ../lxc/af_unix.h \
../lxc/caps.c ../lxc/caps.h \
../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \
../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \
../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \
../lxc/commands.c ../lxc/commands.h \
../lxc/commands_utils.c ../lxc/commands_utils.h \
../lxc/conf.c ../lxc/conf.h \
../lxc/confile.c ../lxc/confile.h \
../lxc/confile_utils.c ../lxc/confile_utils.h \
../lxc/error.c ../lxc/error.h \
../lxc/file_utils.c ../lxc/file_utils.h \
../lxc/initutils.c ../lxc/initutils.h \
../lxc/log.c ../lxc/log.h \
../lxc/lxclock.c ../lxc/lxclock.h \
../lxc/mainloop.c ../lxc/mainloop.h \
../lxc/monitor.c ../lxc/monitor.h \
../lxc/namespace.c ../lxc/namespace.h \
../lxc/network.c ../lxc/network.h \
../lxc/nl.c ../lxc/nl.h \
../lxc/parse.c ../lxc/parse.h \
../lxc/process_utils.c ../lxc/process_utils.h \
../lxc/ringbuf.c ../lxc/ringbuf.h \
../lxc/start.c ../lxc/start.h \
../lxc/state.c ../lxc/state.h \
../lxc/sync.c ../lxc/sync.h \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/utils.c ../lxc/utils.h
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_raw_clone_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
lxc_test_reboot_SOURCES = reboot.c
lxc_test_saveconfig_SOURCES = saveconfig.c
lxc_test_share_ns_SOURCES = share_ns.c \
......@@ -363,7 +408,8 @@ lxc_test_utils_SOURCES = lxc-test-utils.c \
../lxc/string_utils.c ../lxc/string_utils.h \
../lxc/terminal.c ../lxc/terminal.h \
../lxc/utils.c ../lxc/utils.h \
../lxc/uuid.c ../lxc/uuid.h
../lxc/uuid.c ../lxc/uuid.h \
$(LSM_SOURCES)
if ENABLE_SECCOMP
lxc_test_utils_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h
endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment