[lxc-devel] [lxc/master] selinux.c: Simplify label_set

Tue, 06 Feb 2018 16:26:16 -0800 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2133

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
If there is no label in the argument or in the config, and we can't use
the default, return error.

If we can use the default, later on we compare the label with
"unconfined_t", which is the same as DEFAUL_LABEL.

We can simplify it by checking if there is not label (in argument and in
conf), and return error if we can't use the default, or return 0 if we
the default applies. After this change, DEFAULT_LABEL can also be
removed, as it is not used anymore.

Signed-off-by: Marcos Paulo de Souza <marcos.souza....@gmail.com>

From e5fce68f498d1bc44a025d224f0d71d4cf7a018e Mon Sep 17 00:00:00 2001
From: Marcos Paulo de Souza <marcos.souza....@gmail.com>
Date: Tue, 6 Feb 2018 21:59:57 -0200
Subject: [PATCH] selinux.c: Simplify label_set

If there is no label in the argument or in the config, and we can't use
the default, return error.

If we can use the default, later on we compare the label with
"unconfined_t", which is the same as DEFAUL_LABEL.

We can simplify it by checking if there is not label (in argument and in
conf), and return error if we can't use the default, or return 0 if we
the default applies. After this change, DEFAULT_LABEL can also be
removed, as it is not used anymore.

Signed-off-by: Marcos Paulo de Souza <marcos.souza....@gmail.com>
---
 src/lxc/lsm/selinux.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index ecdffc36d..3b7476956 100644
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -31,8 +31,6 @@
 #include "lsm.h"
 #include "conf.h"
 
-#define DEFAULT_LABEL "unconfined_t"
-
 lxc_log_define(lxc_lsm_selinux, lxc);
 
 /*
@@ -76,13 +74,10 @@ static int selinux_process_label_set(const char *inlabel, 
struct lxc_conf *conf,
 {
        const char *label = inlabel ? inlabel : conf->lsm_se_context;
        if (!label) {
-               if (use_default)
-                       label = DEFAULT_LABEL;
-               else
+               if (!use_default)
                        return -1;
-       }
-       if (!strcmp(label, "unconfined_t"))
                return 0;
+       }
 
        if (on_exec) {
                if (setexeccon_raw((char *)label) < 0) {

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to