[systemd-devel] [PATCH] Add AppArmor profile switching
Michael Scherer
misc at zarb.org
Fri Feb 14 05:07:28 PST 2014
Le vendredi 14 février 2014 à 14:05 +0100, Michael Scherer a écrit :
> Le vendredi 14 février 2014 à 12:31 +0100, Lennart Poettering a écrit :
> > On Fri, 14.02.14 12:21, Michael Scherer (misc at zarb.org) wrote:
> > > SD_BUS_PROPERTY("SELinuxContext", "s", NULL, offsetof(ExecContext, selinux_context), SD_BUS_VTABLE_PROPERTY_CONST),
> > > + SD_BUS_PROPERTY("AppArmorProfile", "s", NULL,
> > > offsetof(ExecContext, apparmor_profile),
> > > SD_BUS_VTABLE_PROPERTY_CONST),
> >
> > Hmm, so thinking about this, we should normalize both these options and
> > turn the "s" signature into "(bs)", i.e. a structure made of a bool and
> > the label, where the bool inidcates whether a non-existing label shall
> > be ignored or not. We have the same split up when serializing exec
> > commands, and we should do that here too...
>
> So, you want a 2nd property SELinuxcontextIgnore/AppArmorProfileIgnore
> that would be True when SELinuxContext/AppArmorProfile is prefixed by
> '-', or also when SELinux/AppArmor is disabled ?
Mhh no,
you want 1 single property, but with a struct rather than 1 string,
forget about that, I misread.
--
Michael Scherer
More information about the systemd-devel
mailing list