projects / pve-lxc-syscalld.git / blame
| Commit | Line | Data |
|---|---|---|
| 42f25756 WB |
1 | //! AppArmor utility functions. |
| 2 | ||
| 1e80bab0 | 3 | use std::ffi::{OsStr, OsString}; |
| 42f25756 WB |
4 | use std::io::{self, Write}; |
| 5 | use std::os::unix::ffi::{OsStrExt, OsStringExt}; | |
| 6 | ||
| 3bbd1db0 | 7 | use crate::process::PidFd; |
| 42f25756 WB |
8 | |
| 9 | pub fn get_label(pidfd: &PidFd) -> io::Result<Option<OsString>> { | |
| 1e80bab0 WB |
10 | let mut out = match pidfd.read_file(c_str!("attr/current")) { |
| 11 | Ok(out) => out, | |
| 12 | Err(ref e) if e.raw_os_error() == Some(libc::EINVAL) => return Ok(None), | |
| 13 | Err(other) => return Err(other), | |
| 14 | }; | |
| 42f25756 | 15 | |
| 9486338a | 16 | if out.is_empty() { |
| 42f25756 WB |
17 | return Err(io::ErrorKind::UnexpectedEof.into()); |
| 18 | } | |
| 19 | ||
| 20 | if let Some(pos) = out.iter().position(|c| *c == b' ' || *c == b'\n') { | |
| 21 | out.truncate(pos); | |
| 22 | } | |
| 23 | ||
| 24 | Ok(Some(OsString::from_vec(out))) | |
| 25 | } | |
| 26 | ||
| 27 | pub fn set_label(pidfd: &PidFd, label: &OsStr) -> io::Result<()> { | |
| 1e80bab0 | 28 | let mut file = pidfd.open_file(c_str!("attr/current"), libc::O_RDWR | libc::O_CLOEXEC, 0)?; |
| 42f25756 WB |
29 | |
| 30 | let mut bytes = Vec::with_capacity(14 + label.len()); | |
| 31 | bytes.extend_from_slice(b"changeprofile "); | |
| 32 | bytes.extend_from_slice(label.as_bytes()); | |
| 33 | ||
| 34 | file.write_all(&bytes)?; | |
| 35 | Ok(()) | |
| 36 | } |