diff options
Diffstat (limited to 'src/core/load-fragment.c')
| -rw-r--r-- | src/core/load-fragment.c | 53 | 
1 files changed, 51 insertions, 2 deletions
| diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 27666b937c..e74a790e25 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -61,7 +61,7 @@  #include "seccomp-util.h"  #endif -#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) +#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)  int config_parse_warn_compat(                  const char *unit,                  const char *filename, @@ -1192,6 +1192,55 @@ int config_parse_exec_selinux_context(          return 0;  } +int config_parse_exec_apparmor_profile( +                const char *unit, +                const char *filename, +                unsigned line, +                const char *section, +                unsigned section_line, +                const char *lvalue, +                int ltype, +                const char *rvalue, +                void *data, +                void *userdata) { + +        ExecContext *c = data; +        Unit *u = userdata; +        bool ignore; +        char *k; +        int r; + +        assert(filename); +        assert(lvalue); +        assert(rvalue); +        assert(data); + +        if (isempty(rvalue)) { +                free(c->apparmor_profile); +                c->apparmor_profile = NULL; +                c->apparmor_profile_ignore = false; +                return 0; +        } + +        if (rvalue[0] == '-') { +                ignore = true; +                rvalue++; +        } else +                ignore = false; + +        r = unit_name_printf(u, rvalue, &k); +        if (r < 0) { +                log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve specifiers, ignoring: %s", strerror(-r)); +                return 0; +        } + +        free(c->apparmor_profile); +        c->apparmor_profile = k; +        c->apparmor_profile_ignore = ignore; + +        return 0; +} +  int config_parse_timer(const char *unit,                         const char *filename,                         unsigned line, @@ -2910,7 +2959,7 @@ void unit_dump_config_items(FILE *f) {                  const ConfigParserCallback callback;                  const char *rvalue;          } table[] = { -#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) +#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)                  { config_parse_warn_compat,           "NOTSUPPORTED" },  #endif                  { config_parse_int,                   "INTEGER" }, | 
