[systemd-devel] [PATCH 2/2] Add AppArmor profile switching
Michael Scherer
misc at zarb.org
Fri Feb 14 00:05:08 PST 2014
Le vendredi 14 février 2014 à 01:24 +0100, Lennart Poettering a écrit :
> On Fri, 03.01.14 17:22, misc at zarb.org (misc at zarb.org) wrote:
>
> Heya!
>
> This patch appears to be unmerged still. Unfortunately it doesn't apply
> anymore, but looks good otherwiese! Could you please rebase? I'll merge
> it then!
Yep, but I will first have to make at least 1 test run.
I also wanted to see if this couldn't be refactored a bit with the
SElinux one (since that's "look if some function return true, load some
config, skip if start with '-', then apply another function taking a
parameter ), and this would permit to at least test part this part of
the logic without issue.
> One minor fix though:
>
> > --- a/src/core/execute.c
> > +++ b/src/core/execute.c
> > @@ -68,6 +68,7 @@
> > #include "fileio.h"
> > #include "unit.h"
> > #include "async.h"
> > +#include "apparmor-util.h"
> >
> > #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
> > #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
> > @@ -1570,6 +1571,16 @@ int exec_spawn(ExecCommand *command,
> > goto fail_child;
> > }
> > }
> > +
> > + if (context->apparmor_profile) {
> > + if (use_apparmor()) {
>
> Can you merge these two checks into one line, i.e.
>
> if (context->apparmor_profile && use_apparmor())
>
> or so? The nesting is already too deep...
Will do.
--
Michael Scherer
More information about the systemd-devel
mailing list