]>
Commit | Line | Data |
---|---|---|
2d8021b3 WB |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Wolfgang Bumiller <w.bumiller@proxmox.com> | |
3 | Date: Thu, 12 Jul 2018 15:16:40 +0200 | |
4 | Subject: [PATCH] lsm: fixup lsm_process_label_set_at return values | |
5 | ||
6 | Always return -1 on error (some code paths returned -1, some | |
7 | returned negative error codes), don't assume 'errno' is set | |
8 | afterwards, as the function already prints errors and not | |
9 | all code paths will have a usable errno value. | |
10 | ||
11 | Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> | |
12 | (cherry picked from commit c68d5b0dd63ea8226698ae3ff8a5336a60c171c3) | |
13 | --- | |
14 | src/lxc/lsm/apparmor.c | 2 +- | |
15 | src/lxc/lsm/lsm.c | 12 ++++++++---- | |
16 | 2 files changed, 9 insertions(+), 5 deletions(-) | |
17 | ||
18 | diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c | |
19 | index 1507917c..95b61943 100644 | |
20 | --- a/src/lxc/lsm/apparmor.c | |
21 | +++ b/src/lxc/lsm/apparmor.c | |
22 | @@ -241,7 +241,7 @@ static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf | |
23 | ret = lsm_process_label_set_at(label_fd, label, on_exec); | |
24 | close(label_fd); | |
25 | if (ret < 0) { | |
26 | - SYSERROR("Failed to change apparmor profile to %s", label); | |
27 | + ERROR("Failed to change apparmor profile to %s", label); | |
28 | return -1; | |
29 | } | |
30 | ||
31 | diff --git a/src/lxc/lsm/lsm.c b/src/lxc/lsm/lsm.c | |
32 | index f4500ae2..8d7de2db 100644 | |
33 | --- a/src/lxc/lsm/lsm.c | |
34 | +++ b/src/lxc/lsm/lsm.c | |
35 | @@ -142,18 +142,20 @@ int lsm_process_label_set_at(int label_fd, const char *label, bool on_exec) | |
36 | ||
37 | if (on_exec) { | |
38 | ERROR("Changing AppArmor profile on exec not supported"); | |
39 | - return -EINVAL; | |
40 | + return -1; | |
41 | } | |
42 | ||
43 | len = strlen(label) + strlen("changeprofile ") + 1; | |
44 | command = malloc(len); | |
45 | if (!command) | |
46 | - return -1; | |
47 | + goto on_error; | |
48 | ||
49 | ret = snprintf(command, len, "changeprofile %s", label); | |
50 | if (ret < 0 || (size_t)ret >= len) { | |
51 | + int saved_errno = errno; | |
52 | free(command); | |
53 | - return -1; | |
54 | + errno = saved_errno; | |
55 | + goto on_error; | |
56 | } | |
57 | ||
58 | ret = lxc_write_nointr(label_fd, command, len - 1); | |
59 | @@ -161,9 +163,11 @@ int lsm_process_label_set_at(int label_fd, const char *label, bool on_exec) | |
60 | } else if (strcmp(name, "SELinux") == 0) { | |
61 | ret = lxc_write_nointr(label_fd, label, strlen(label)); | |
62 | } else { | |
63 | - ret = -EINVAL; | |
64 | + errno = EINVAL; | |
65 | + ret = -1; | |
66 | } | |
67 | if (ret < 0) { | |
68 | +on_error: | |
69 | SYSERROR("Failed to set %s label \"%s\"", name, label); | |
70 | return -1; | |
71 | } | |
72 | -- | |
73 | 2.11.0 | |
74 |