Skip to content

L
lxc
Unverified Commit d75ddd9b by Stéphane Graber Committed by GitHub
Options

Merge pull request #3766 from brauner/2021-04-02/fixes_2

lsm: fixes
parents 6fde9fb1 8f899a4a
Showing with 74 additions and 4 deletions
src/lxc/confile.c
...@@ -1555,7 +1555,11 @@ static int set_config_tty_dir(const char *key, const char *value, ...@@ -1555,7 +1555,11 @@ static int set_config_tty_dir(const char *key, const char *value,
static int set_config_apparmor_profile(const char *key, const char *value, static int set_config_apparmor_profile(const char *key, const char *value,
struct lxc_conf *lxc_conf, void *data) struct lxc_conf *lxc_conf, void *data)
{ {
#if HAVE_APPARMOR
return set_config_string_item(&lxc_conf->lsm_aa_profile, value); return set_config_string_item(&lxc_conf->lsm_aa_profile, value);
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static int set_config_apparmor_allow_incomplete(const char *key, static int set_config_apparmor_allow_incomplete(const char *key,
...@@ -1563,6 +1567,7 @@ static int set_config_apparmor_allow_incomplete(const char *key, ...@@ -1563,6 +1567,7 @@ static int set_config_apparmor_allow_incomplete(const char *key,
struct lxc_conf *lxc_conf, struct lxc_conf *lxc_conf,
void *data) void *data)
{ {
#if HAVE_APPARMOR
int ret; int ret;
if (lxc_config_value_empty(value)) { if (lxc_config_value_empty(value)) {
...@@ -1578,6 +1583,9 @@ static int set_config_apparmor_allow_incomplete(const char *key, ...@@ -1578,6 +1583,9 @@ static int set_config_apparmor_allow_incomplete(const char *key,
return ret_errno(EINVAL); return ret_errno(EINVAL);
return 0; return 0;
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static int set_config_apparmor_allow_nesting(const char *key, static int set_config_apparmor_allow_nesting(const char *key,
...@@ -1585,6 +1593,7 @@ static int set_config_apparmor_allow_nesting(const char *key, ...@@ -1585,6 +1593,7 @@ static int set_config_apparmor_allow_nesting(const char *key,
struct lxc_conf *lxc_conf, struct lxc_conf *lxc_conf,
void *data) void *data)
{ {
#if HAVE_APPARMOR
int ret; int ret;
if (lxc_config_value_empty(value)) if (lxc_config_value_empty(value))
...@@ -1598,6 +1607,9 @@ static int set_config_apparmor_allow_nesting(const char *key, ...@@ -1598,6 +1607,9 @@ static int set_config_apparmor_allow_nesting(const char *key,
return ret_errno(EINVAL); return ret_errno(EINVAL);
return 0; return 0;
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static int set_config_apparmor_raw(const char *key, static int set_config_apparmor_raw(const char *key,
...@@ -1605,6 +1617,7 @@ static int set_config_apparmor_raw(const char *key, ...@@ -1605,6 +1617,7 @@ static int set_config_apparmor_raw(const char *key,
struct lxc_conf *lxc_conf, struct lxc_conf *lxc_conf,
void *data) void *data)
{ {
#if HAVE_APPARMOR
__do_free char *elem = NULL; __do_free char *elem = NULL;
__do_free struct lxc_list *list = NULL; __do_free struct lxc_list *list = NULL;
...@@ -1623,18 +1636,29 @@ static int set_config_apparmor_raw(const char *key, ...@@ -1623,18 +1636,29 @@ static int set_config_apparmor_raw(const char *key,
lxc_list_add_tail(&lxc_conf->lsm_aa_raw, move_ptr(list)); lxc_list_add_tail(&lxc_conf->lsm_aa_raw, move_ptr(list));
return 0; return 0;
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static int set_config_selinux_context(const char *key, const char *value, static int set_config_selinux_context(const char *key, const char *value,
struct lxc_conf *lxc_conf, void *data) struct lxc_conf *lxc_conf, void *data)
{ {
#if HAVE_SELINUX
return set_config_string_item(&lxc_conf->lsm_se_context, value); return set_config_string_item(&lxc_conf->lsm_se_context, value);
#else
return syserror_set(-EINVAL, "Built without SELinux support");
#endif
} }
static int set_config_selinux_context_keyring(const char *key, const char *value, static int set_config_selinux_context_keyring(const char *key, const char *value,
struct lxc_conf *lxc_conf, void *data) struct lxc_conf *lxc_conf, void *data)
{ {
#if HAVE_SELINUX
return set_config_string_item(&lxc_conf->lsm_se_keyring_context, value); return set_config_string_item(&lxc_conf->lsm_se_keyring_context, value);
#else
return syserror_set(-EINVAL, "Built without SELinux support");
#endif
} }
static int set_config_keyring_session(const char *key, const char *value, static int set_config_keyring_session(const char *key, const char *value,
...@@ -3690,29 +3714,40 @@ static int get_config_tty_dir(const char *key, char *retv, int inlen, ...@@ -3690,29 +3714,40 @@ static int get_config_tty_dir(const char *key, char *retv, int inlen,
static int get_config_apparmor_profile(const char *key, char *retv, int inlen, static int get_config_apparmor_profile(const char *key, char *retv, int inlen,
struct lxc_conf *c, void *data) struct lxc_conf *c, void *data)
{ {
#if HAVE_APPARMOR
return lxc_get_conf_str(retv, inlen, c->lsm_aa_profile); return lxc_get_conf_str(retv, inlen, c->lsm_aa_profile);
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static int get_config_apparmor_allow_incomplete(const char *key, char *retv, static int get_config_apparmor_allow_incomplete(const char *key, char *retv,
int inlen, struct lxc_conf *c, int inlen, struct lxc_conf *c,
void *data) void *data)
{ {
return lxc_get_conf_int(c, retv, inlen, #if HAVE_APPARMOR
c->lsm_aa_allow_incomplete); return lxc_get_conf_int(c, retv, inlen, c->lsm_aa_allow_incomplete);
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static int get_config_apparmor_allow_nesting(const char *key, char *retv, static int get_config_apparmor_allow_nesting(const char *key, char *retv,
int inlen, struct lxc_conf *c, int inlen, struct lxc_conf *c,
void *data) void *data)
{ {
return lxc_get_conf_int(c, retv, inlen, #if HAVE_APPARMOR
c->lsm_aa_allow_nesting); return lxc_get_conf_int(c, retv, inlen, c->lsm_aa_allow_nesting);
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static int get_config_apparmor_raw(const char *key, char *retv, static int get_config_apparmor_raw(const char *key, char *retv,
int inlen, struct lxc_conf *c, int inlen, struct lxc_conf *c,
void *data) void *data)
{ {
#if HAVE_APPARMOR
int len; int len;
struct lxc_list *it; struct lxc_list *it;
int fulllen = 0; int fulllen = 0;
...@@ -3727,18 +3762,29 @@ static int get_config_apparmor_raw(const char *key, char *retv, ...@@ -3727,18 +3762,29 @@ static int get_config_apparmor_raw(const char *key, char *retv,
} }
return fulllen; return fulllen;
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static int get_config_selinux_context(const char *key, char *retv, int inlen, static int get_config_selinux_context(const char *key, char *retv, int inlen,
struct lxc_conf *c, void *data) struct lxc_conf *c, void *data)
{ {
#if HAVE_SELINUX
return lxc_get_conf_str(retv, inlen, c->lsm_se_context); return lxc_get_conf_str(retv, inlen, c->lsm_se_context);
#else
return syserror_set(-EINVAL, "Built without SELinux support");
#endif
} }
static int get_config_selinux_context_keyring(const char *key, char *retv, int inlen, static int get_config_selinux_context_keyring(const char *key, char *retv, int inlen,
struct lxc_conf *c, void *data) struct lxc_conf *c, void *data)
{ {
#if HAVE_SELINUX
return lxc_get_conf_str(retv, inlen, c->lsm_se_keyring_context); return lxc_get_conf_str(retv, inlen, c->lsm_se_keyring_context);
#else
return syserror_set(-EINVAL, "Built without SELinux support");
#endif
} }
static int get_config_keyring_session(const char *key, char *retv, int inlen, static int get_config_keyring_session(const char *key, char *retv, int inlen,
...@@ -4710,45 +4756,69 @@ static inline int clr_config_tty_dir(const char *key, struct lxc_conf *c, ...@@ -4710,45 +4756,69 @@ static inline int clr_config_tty_dir(const char *key, struct lxc_conf *c,
static inline int clr_config_apparmor_profile(const char *key, static inline int clr_config_apparmor_profile(const char *key,
struct lxc_conf *c, void *data) struct lxc_conf *c, void *data)
{ {
#if HAVE_APPARMOR
free_disarm(c->lsm_aa_profile); free_disarm(c->lsm_aa_profile);
return 0; return 0;
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static inline int clr_config_apparmor_allow_incomplete(const char *key, static inline int clr_config_apparmor_allow_incomplete(const char *key,
struct lxc_conf *c, struct lxc_conf *c,
void *data) void *data)
{ {
#if HAVE_APPARMOR
c->lsm_aa_allow_incomplete = 0; c->lsm_aa_allow_incomplete = 0;
return 0; return 0;
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static inline int clr_config_apparmor_allow_nesting(const char *key, static inline int clr_config_apparmor_allow_nesting(const char *key,
struct lxc_conf *c, struct lxc_conf *c,
void *data) void *data)
{ {
#if HAVE_APPARMOR
c->lsm_aa_allow_nesting = 0; c->lsm_aa_allow_nesting = 0;
return 0; return 0;
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static inline int clr_config_apparmor_raw(const char *key, static inline int clr_config_apparmor_raw(const char *key,
struct lxc_conf *c, struct lxc_conf *c,
void *data) void *data)
{ {
#if HAVE_APPARMOR
return lxc_clear_apparmor_raw(c); return lxc_clear_apparmor_raw(c);
#else
return syserror_set(-EINVAL, "Built without AppArmor support");
#endif
} }
static inline int clr_config_selinux_context(const char *key, static inline int clr_config_selinux_context(const char *key,
struct lxc_conf *c, void *data) struct lxc_conf *c, void *data)
{ {
#if HAVE_SELINUX
free_disarm(c->lsm_se_context); free_disarm(c->lsm_se_context);
return 0; return 0;
#else
return syserror_set(-EINVAL, "Built without SELinux support");
#endif
} }
static inline int clr_config_selinux_context_keyring(const char *key, static inline int clr_config_selinux_context_keyring(const char *key,
struct lxc_conf *c, void *data) struct lxc_conf *c, void *data)
{ {
#if HAVE_SELINUX
free_disarm(c->lsm_se_keyring_context); free_disarm(c->lsm_se_keyring_context);
return 0; return 0;
#else
return syserror_set(-EINVAL, "Built without SELinux support");
#endif
} }
static inline int clr_config_keyring_session(const char *key, static inline int clr_config_keyring_session(const char *key,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment