Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
libvirt.1263
a1bdf04b-apparmor-dominfo.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File a1bdf04b-apparmor-dominfo.patch of Package libvirt.1263
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 16b8f87..2cf333d 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -66,10 +66,11 @@ struct SDPDOP { }; /* - * profile_status returns '-1' on error, '0' if loaded + * profile_status returns '-2' on error, '-1' if not loaded, '0' if loaded * - * If check_enforcing is set to '1', then returns '-1' on error, '0' if - * loaded in complain mode, and '1' if loaded in enforcing mode. + * If check_enforcing is set to '1', then returns '-2' on error, '-1' if + * not loaded, '0' if loaded in complain mode, and '1' if loaded in + * enforcing mode. */ static int profile_status(const char *str, const int check_enforcing) @@ -77,7 +78,7 @@ profile_status(const char *str, const int check_enforcing) char *content = NULL; char *tmp = NULL; char *etmp = NULL; - int rc = -1; + int rc = -2; /* create string that is '<str> \0' for accurate matching */ if (virAsprintf(&tmp, "%s ", str) == -1) @@ -100,6 +101,8 @@ profile_status(const char *str, const int check_enforcing) if (strstr(content, tmp) != NULL) rc = 0; + else + rc = -1; /* return -1 if not loaded */ if (check_enforcing != 0) { if (rc == 0 && strstr(content, etmp) != NULL) rc = 1; /* return '1' if loaded and enforcing */ @@ -262,6 +265,9 @@ use_apparmor(void) goto cleanup; rc = profile_status(libvirt_daemon, 1); + /* Error or unconfined should all result in -1*/ + if (rc < 0) + rc = -1; cleanup: VIR_FREE(libvirt_daemon); @@ -517,23 +523,29 @@ AppArmorGetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virSecurityLabelPtr sec) { int rc = -1; + int status; char *profile_name = NULL; if ((profile_name = get_profile_name(def)) == NULL) return rc; - if (virStrcpy(sec->label, profile_name, - VIR_SECURITY_LABEL_BUFLEN) == NULL) { + status = profile_status(profile_name, 1); + if (status < -1) { virReportError(VIR_ERR_INTERNAL_ERROR, - "%s", _("error copying profile name")); + "%s", _("error getting profile status")); goto cleanup; + } else if (status == -1) { + profile_name[0] = '\0'; } - if ((sec->enforcing = profile_status(profile_name, 1)) < 0) { + if (virStrcpy(sec->label, profile_name, + VIR_SECURITY_LABEL_BUFLEN) == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, - "%s", _("error calling profile_status()")); + "%s", _("error copying profile name")); goto cleanup; } + + sec->enforcing = status == 1; rc = 0; cleanup:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor