[systemd-devel] [PATCH 1/2] Add switch_apparmor_profile helper, to switch the profile of the next command to run. This can be used to load a custom apparmor profile for a unit.

misc Fri, 03 Jan 2014 08:25:39 -0800

From: Michael Scherer <[email protected]>

---
 src/shared/apparmor-util.c | 15 +++++++++++++++
 src/shared/apparmor-util.h |  1 +
 2 files changed, 16 insertions(+)


diff --git a/src/shared/apparmor-util.c b/src/shared/apparmor-util.c
index 2b85da1..a75bec4 100644
--- a/src/shared/apparmor-util.c
+++ b/src/shared/apparmor-util.c
@@ -39,3 +39,18 @@ bool use_apparmor(void) {
 
         return use_apparmor_cached;
 }
+
+int switch_apparmor_profile(const char * profile) {
+        _cleanup_free_ char *filename = NULL;
+        _cleanup_fclose_ FILE *proc = NULL;
+
+        if (asprintf (&filename, "/proc/%d/attr/exec", getpid()) <0)
+                return -ENOMEM;
+
+        proc = fopen (filename, "w");
+        if (! proc)
+                return -errno;
+
+        fprintf (proc, "exec %s\n", profile);
+        return 0;
+}
diff --git a/src/shared/apparmor-util.h b/src/shared/apparmor-util.h
index 4b056a1..f27608d 100644
--- a/src/shared/apparmor-util.h
+++ b/src/shared/apparmor-util.h
@@ -24,3 +24,4 @@
 #include <stdbool.h>
 
 bool use_apparmor(void);
+int switch_apparmor_profile(const char * profile);
-- 
1.8.4.2

_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/2] Add switch_apparmor_profile helper, to switch the profile of the next command to run. This can be used to load a custom apparmor profile for a unit.

Reply via email to