Skip to content

L
lxc
Commit 919a04ed by Serge Hallyn
Options

apparmor: recognize 'unconfined' as unconfined.

Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
parent babccc20
Showing with 3 additions and 2 deletions
src/lxc/lsm/apparmor.c
...@@ -150,8 +150,10 @@ static bool aa_stacking_supported(void) { ...@@ -150,8 +150,10 @@ static bool aa_stacking_supported(void) {
static bool in_aa_confined_container(void) { static bool in_aa_confined_container(void) {
char *p = apparmor_process_label_get(getpid()); char *p = apparmor_process_label_get(getpid());
bool ret = false; bool ret = false;
if (p && strcmp(p, "/usr/bin/lxc-start") != 0) if (p && strcmp(p, "/usr/bin/lxc-start") != 0 && strcmp(p, "unconfined") != 0) {
INFO("Already apparmor-confined under %s", p);
ret = true; ret = true;
}
free(p); free(p);
return ret; return ret;
} }
...@@ -191,7 +193,6 @@ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf ...@@ -191,7 +193,6 @@ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf
ERROR("already apparmor confined, but new label requested."); ERROR("already apparmor confined, but new label requested.");
return -1; return -1;
} }
INFO("Already apparmor-confined");
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment