Le vendredi 14 février 2014 à 01:24 +0100, Lennart Poettering a écrit : > On Fri, 03.01.14 17:22, m...@zarb.org (m...@zarb.org) wrote: > > Heya! > > This patch appears to be unmerged still. Unfortunately it doesn't apply > anymore, but looks good otherwiese! Could you please rebase? I'll merge > it then!
Yep, but I will first have to make at least 1 test run. I also wanted to see if this couldn't be refactored a bit with the SElinux one (since that's "look if some function return true, load some config, skip if start with '-', then apply another function taking a parameter ), and this would permit to at least test part this part of the logic without issue. > One minor fix though: > > > --- a/src/core/execute.c > > +++ b/src/core/execute.c > > @@ -68,6 +68,7 @@ > > #include "fileio.h" > > #include "unit.h" > > #include "async.h" > > +#include "apparmor-util.h" > > > > #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC) > > #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC) > > @@ -1570,6 +1571,16 @@ int exec_spawn(ExecCommand *command, > > goto fail_child; > > } > > } > > + > > + if (context->apparmor_profile) { > > + if (use_apparmor()) { > > Can you merge these two checks into one line, i.e. > > if (context->apparmor_profile && use_apparmor()) > > or so? The nesting is already too deep... Will do. -- Michael Scherer _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel