diff options
author | Michael Scherer <misc@zarb.org> | 2014-02-20 16:19:44 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-02-21 03:44:20 +0100 |
commit | eef65bf3ee6f73afa4a5de23ae3a794a279f30c0 (patch) | |
tree | 366b91cc8b993595fec85469317e1351c98d8ee7 /src/core/dbus-execute.c | |
parent | 37f78db2f4a33474fc349f406b0a0a48e9c573a2 (diff) |
core: Add AppArmor profile switching
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
Diffstat (limited to 'src/core/dbus-execute.c')
-rw-r--r-- | src/core/dbus-execute.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index 41dbbab904..935c62bdf2 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -482,6 +482,24 @@ static int property_get_selinux_context( return sd_bus_message_append(reply, "(bs)", c->selinux_context_ignore, c->selinux_context); } +static int property_get_apparmor_profile( + sd_bus *bus, + const char *path, + const char *interface, + const char *property, + sd_bus_message *reply, + void *userdata, + sd_bus_error *error) { + + ExecContext *c = userdata; + + assert(bus); + assert(reply); + assert(c); + + return sd_bus_message_append(reply, "(bs)", c->apparmor_profile_ignore, c->apparmor_profile); +} + static int property_get_personality( sd_bus *bus, const char *path, @@ -560,6 +578,7 @@ const sd_bus_vtable bus_exec_vtable[] = { SD_BUS_PROPERTY("SameProcessGroup", "b", bus_property_get_bool, offsetof(ExecContext, same_pgrp), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("UtmpIdentifier", "s", NULL, offsetof(ExecContext, utmp_id), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("SELinuxContext", "(bs)", property_get_selinux_context, 0, SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("AppArmorProfile", "(bs)", property_get_apparmor_profile, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("IgnoreSIGPIPE", "b", bus_property_get_bool, offsetof(ExecContext, ignore_sigpipe), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("NoNewPrivileges", "b", bus_property_get_bool, offsetof(ExecContext, no_new_privileges), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("SystemCallFilter", "(bas)", property_get_syscall_filter, 0, SD_BUS_VTABLE_PROPERTY_CONST), |