[systemd-devel] [PATCH 2/2] Add AppArmor profile switching
Lennart Poettering
lennart at poettering.net
Thu Feb 13 16:24:02 PST 2014
On Fri, 03.01.14 17:22, misc at zarb.org (misc at zarb.org) wrote:
Heya!
This patch appears to be unmerged still. Unfortunately it doesn't apply
anymore, but looks good otherwiese! Could you please rebase? I'll merge
it then!
One minor fix though:
> --- a/src/core/execute.c
> +++ b/src/core/execute.c
> @@ -68,6 +68,7 @@
> #include "fileio.h"
> #include "unit.h"
> #include "async.h"
> +#include "apparmor-util.h"
>
> #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
> #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
> @@ -1570,6 +1571,16 @@ int exec_spawn(ExecCommand *command,
> goto fail_child;
> }
> }
> +
> + if (context->apparmor_profile) {
> + if (use_apparmor()) {
Can you merge these two checks into one line, i.e.
if (context->apparmor_profile && use_apparmor())
or so? The nesting is already too deep...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list