On Wed, Nov 25, 2015 at 08:45:08PM +0000, Serge Hallyn wrote: > In which case lxc will not update the apparmor profile at all. > > Signed-off-by: Serge Hallyn <[email protected]>
Acked-by: Stéphane Graber <[email protected]> > --- > src/lxc/lsm/apparmor.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c > index 88ea5a3..d78bd7a 100644 > --- a/src/lxc/lsm/apparmor.c > +++ b/src/lxc/lsm/apparmor.c > @@ -42,6 +42,7 @@ static int mount_features_enabled = 0; > #define AA_DEF_PROFILE "lxc-container-default" > #define AA_MOUNT_RESTR "/sys/kernel/security/apparmor/features/mount/mask" > #define AA_ENABLED_FILE "/sys/module/apparmor/parameters/enabled" > +#define AA_UNCHANGED "unchanged" > > static bool check_mount_feature_enabled(void) > { > @@ -156,6 +157,12 @@ static int apparmor_process_label_set(const char > *inlabel, struct lxc_conf *conf > if (!aa_enabled) > return 0; > > + /* user may request that we just ignore apparmor */ > + if (label && strcmp(label, AA_UNCHANGED) == 0) { > + INFO("apparmor profile unchanged per user request"); > + return 0; > + } > + > if (!label) { > if (use_default) > label = AA_DEF_PROFILE; > -- > 2.5.0 > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
