Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
libvirt
提交
3cbc0501
L
libvirt
项目概览
openeuler
/
libvirt
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
libvirt
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
3cbc0501
编写于
11月 13, 2009
作者:
J
Jamie Strandboge
提交者:
Daniel Veillard
11月 13, 2009
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
AppArmor code cleanups
* src/security/security_apparmor.c: a few code cleanups following a review on the list
上级
d0d4b8ad
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
25 addition
and
25 deletion
+25
-25
src/security/security_apparmor.c
src/security/security_apparmor.c
+25
-25
未找到文件。
src/security/security_apparmor.c
浏览文件 @
3cbc0501
...
...
@@ -74,8 +74,6 @@ profile_status(const char *str, const int check_enforcing)
virReportSystemError
(
NULL
,
errno
,
_
(
"Failed to read AppArmor profiles list "
"
\'
%s
\'
"
),
APPARMOR_PROFILES_PATH
);
if
(
check_enforcing
!=
0
)
VIR_FREE
(
etmp
);
goto
clean
;
}
...
...
@@ -84,12 +82,12 @@ profile_status(const char *str, const int check_enforcing)
if
(
check_enforcing
!=
0
)
{
if
(
rc
==
0
&&
strstr
(
content
,
etmp
)
!=
NULL
)
rc
=
1
;
/* return '1' if loaded and enforcing */
VIR_FREE
(
etmp
);
}
VIR_FREE
(
content
);
clean:
VIR_FREE
(
tmp
);
VIR_FREE
(
etmp
);
return
rc
;
}
...
...
@@ -107,32 +105,30 @@ profile_loaded(const char *str)
static
int
profile_status_file
(
const
char
*
str
)
{
char
profile
[
PATH_MAX
]
;
char
*
profile
=
NULL
;
char
*
content
=
NULL
;
char
*
tmp
=
NULL
;
int
rc
=
-
1
;
int
len
;
if
(
snprintf
(
profile
,
PATH_MAX
,
"%s/%s"
,
APPARMOR_DIR
"/libvirt"
,
str
)
>
PATH_MAX
-
1
)
{
virSecurityReportError
(
NULL
,
VIR_ERR_INTERNAL_ERROR
,
"%s"
,
_
(
"profile name exceeds maximum length"
));
}
if
(
!
virFileExists
(
profile
))
{
if
(
virAsprintf
(
&
profile
,
"%s/%s"
,
APPARMOR_DIR
"/libvirt"
,
str
)
==
-
1
)
{
virReportOOMError
(
NULL
);
return
rc
;
}
if
(
!
virFileExists
(
profile
))
goto
failed
;
if
((
len
=
virFileReadAll
(
profile
,
MAX_FILE_LEN
,
&
content
))
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
_
(
"Failed to read
\'
%s
\'
"
),
profile
);
return
rc
;
goto
failed
;
}
/* create string that is ' <str> flags=(complain)\0' */
if
(
virAsprintf
(
&
tmp
,
" %s flags=(complain)"
,
str
)
==
-
1
)
{
virReportOOMError
(
NULL
);
goto
clean
;
goto
failed
;
}
if
(
strstr
(
content
,
tmp
)
!=
NULL
)
...
...
@@ -140,8 +136,9 @@ profile_status_file(const char *str)
else
rc
=
1
;
failed:
VIR_FREE
(
tmp
);
clean:
VIR_FREE
(
profile
);
VIR_FREE
(
content
);
return
rc
;
...
...
@@ -167,7 +164,7 @@ load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
xml
=
virDomainDefFormat
(
conn
,
vm
->
def
,
VIR_DOMAIN_XML_SECURE
);
if
(
!
xml
)
goto
failed
;
goto
clean
;
if
(
profile_status_file
(
profile
)
>=
0
)
create
=
false
;
...
...
@@ -217,7 +214,6 @@ load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm,
clean:
VIR_FREE
(
xml
);
failed:
if
(
pipefd
[
0
]
>
0
)
close
(
pipefd
[
0
]);
if
(
pipefd
[
1
]
>
0
)
...
...
@@ -284,26 +280,30 @@ use_apparmor(void)
static
int
AppArmorSecurityDriverProbe
(
void
)
{
char
template
[
PATH_MAX
];
char
*
template
=
NULL
;
int
rc
=
SECURITY_DRIVER_DISABLE
;
if
(
use_apparmor
()
<
0
)
return
SECURITY_DRIVER_DISABLE
;
return
rc
;
/* see if template file exists */
if
(
snprintf
(
template
,
PATH_MAX
,
"%s/TEMPLATE"
,
APPARMOR_DIR
"/libvirt"
)
>
PATH_MAX
-
1
)
{
virSecurityReportError
(
NULL
,
VIR_ERR_INTERNAL_ERROR
,
"%s"
,
_
(
"template too large"
));
return
SECURITY_DRIVER_DISABLE
;
if
(
virAsprintf
(
&
template
,
"%s/TEMPLATE"
,
APPARMOR_DIR
"/libvirt"
)
==
-
1
)
{
virReportOOMError
(
NULL
);
return
rc
;
}
if
(
!
virFileExists
(
template
))
{
virSecurityReportError
(
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"template
\'
%s
\'
does not exist"
),
template
);
return
SECURITY_DRIVER_DISABLE
;
goto
clean
;
}
rc
=
SECURITY_DRIVER_ENABLE
;
return
SECURITY_DRIVER_ENABLE
;
clean:
VIR_FREE
(
template
);
return
rc
;
}
/* Security driver initialization. DOI is for 'Domain of Interpretation' and is
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录