lsm: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lsm: non-functional changes
e6e89974 · Christian Brauner · 95220ee6 · e6e89974 · e6e89974 · e6e89974
Unverified Commit e6e89974 authored Jan 22, 2018 by Christian Brauner
Showing with 42 additions and 19 deletions

apparmor.c src/lxc/lsm/apparmor.c +1 -1

lsm.c src/lxc/lsm/lsm.c +1 -1

lsm.h src/lxc/lsm/lsm.h +38 -15

nop.c src/lxc/lsm/nop.c +1 -1

selinux.c src/lxc/lsm/selinux.c +1 -1

No files found.
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -172,7 +172,7 @@ static bool aa_needs_transition(char *curlabel)
 * Notes: This relies on /proc being available.
 */
 static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf,
-				      int use_default, int on_exec)
+				      bool use_default, bool on_exec)
 {
 	const char *label = inlabel ? inlabel : conf->lsm_aa_profile;
 	char *curlabel;

--- a/src/lxc/lsm/lsm.c
+++ b/src/lxc/lsm/lsm.c
@@ -86,7 +86,7 @@ char *lsm_process_label_get(pid_t pid)
 }

 int lsm_process_label_set(const char *label, struct lxc_conf *conf,
-		int use_default, int on_exec)
+			  bool use_default, bool on_exec)
 {
 	if (!drv) {
 		ERROR("LSM driver not inited");

--- a/src/lxc/lsm/lsm.h
+++ b/src/lxc/lsm/lsm.h
@@ -28,29 +28,52 @@ struct lxc_conf;

 #include <sys/types.h>

+#include "../utils.h"
+
+#define LXC_LSMATTRLEN (5 + (LXC_NUMSTRLEN64) + 7 + 1)
+
 struct lsm_drv {
 	const char *name;

-	int   (*enabled)(void);
+	int (*enabled)(void);
 	char *(*process_label_get)(pid_t pid);
-	int   (*process_label_set)(const char *label, struct lxc_conf *conf,
-				   int use_default, int on_exec);
+	int (*process_label_set)(const char *label, struct lxc_conf *conf,
+				 bool use_default, bool on_exec);
 };

 #if HAVE_APPARMOR || HAVE_SELINUX
-void        lsm_init(void);
-int         lsm_enabled(void);
-const char *lsm_name(void);
-char       *lsm_process_label_get(pid_t pid);
-int         lsm_process_label_set(const char *label, struct lxc_conf *conf,
-		int use_default, int on_exec);
+extern void lsm_init(void);
+extern int lsm_enabled(void);
+extern const char *lsm_name(void);
+extern char *lsm_process_label_get(pid_t pid);
+extern int lsm_process_label_set(const char *label, struct lxc_conf *conf,
+				 bool use_default, bool on_exec);
 #else
-static inline void        lsm_init(void) { }
-static inline int         lsm_enabled(void) { return 0; }
-static inline const char *lsm_name(void) { return "none"; }
-static inline char       *lsm_process_label_get(pid_t pid) { return NULL; }
-static inline int         lsm_process_label_set(const char *label,
-		struct lxc_conf *conf, int use_default, int on_exec) { return 0; }
+static inline void lsm_init(void)
+{
+	return;
+}
+
+static inline int lsm_enabled(void) {
+	return 0;
+}
+
+static inline const char *lsm_name(void)
+{
+	return "none";
+}
+
+static inline char *lsm_process_label_get(pid_t pid)
+{
+	return NULL;
+}
+
+static inline int lsm_process_label_set(const char *label,
+					struct lxc_conf *conf, bool use_default,
+					bool on_exec)
+{
+	return 0;
+}
 #endif

 #endif
--- a/src/lxc/lsm/nop.c
+++ b/src/lxc/lsm/nop.c
@@ -30,7 +30,7 @@ static char *nop_process_label_get(pid_t pid)
 }

 static int nop_process_label_set(const char *label, struct lxc_conf *conf,
-		int use_default, int on_exec)
+				 bool use_default, bool on_exec)
 {
 	return 0;
 }

--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -72,7 +72,7 @@ static char *selinux_process_label_get(pid_t pid)
 * Notes: This relies on /proc being available.
 */
 static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf,
-				     int use_default, int on_exec)
+				     bool use_default, bool on_exec)
 {
 	const char *label = inlabel ? inlabel : conf->lsm_se_context;
 	if (!label) {