[systemd-devel] [PATCH 1/2] Add switch_apparmor_profile helper, to switch the profile of the next command to run. This can be used to load a custom apparmor profile for a unit.
misc at zarb.org
misc at zarb.org
Fri Jan 3 08:22:42 PST 2014
From: Michael Scherer <misc at zarb.org>
---
src/shared/apparmor-util.c | 15 +++++++++++++++
src/shared/apparmor-util.h | 1 +
2 files changed, 16 insertions(+)
diff --git a/src/shared/apparmor-util.c b/src/shared/apparmor-util.c
index 2b85da1..a75bec4 100644
--- a/src/shared/apparmor-util.c
+++ b/src/shared/apparmor-util.c
@@ -39,3 +39,18 @@ bool use_apparmor(void) {
return use_apparmor_cached;
}
+
+int switch_apparmor_profile(const char * profile) {
+ _cleanup_free_ char *filename = NULL;
+ _cleanup_fclose_ FILE *proc = NULL;
+
+ if (asprintf (&filename, "/proc/%d/attr/exec", getpid()) <0)
+ return -ENOMEM;
+
+ proc = fopen (filename, "w");
+ if (! proc)
+ return -errno;
+
+ fprintf (proc, "exec %s\n", profile);
+ return 0;
+}
diff --git a/src/shared/apparmor-util.h b/src/shared/apparmor-util.h
index 4b056a1..f27608d 100644
--- a/src/shared/apparmor-util.h
+++ b/src/shared/apparmor-util.h
@@ -24,3 +24,4 @@
#include <stdbool.h>
bool use_apparmor(void);
+int switch_apparmor_profile(const char * profile);
--
1.8.4.2
More information about the systemd-devel
mailing list