[apparmor] [PATCH 4/5] Library function to find the apparmorfsfilesystem mount point
John Johansen
john.johansen at canonical.com
Thu Jul 21 20:31:56 UTC 2011
On 07/21/2011 11:55 AM, Seth Arnold wrote:
> +on the system, and returns a string containing the mount path. It is the
> +callers responsibility to free the returned path.
>
> "caller's" and free(3)
thanks
>
> BUGS section includes unrelated memory barrier info.
>
fixed
revised patch below
---
Library function to find the apparmorfs filesystem mount point
Signed-off-by: John Johansen <john.johansen at canonical.com>
diff --git a/libraries/libapparmor/doc/Makefile.am b/libraries/libapparmor/doc/Makefile.am
index c3f8f9b..e21a075 100644
--- a/libraries/libapparmor/doc/Makefile.am
+++ b/libraries/libapparmor/doc/Makefile.am
@@ -2,7 +2,7 @@
POD2MAN = pod2man
-man_MANS = aa_change_hat.2 aa_change_profile.2 aa_getcon.2
+man_MANS = aa_change_hat.2 aa_change_profile.2 aa_getcon.2 aa_find_mountpoint.2
PODS = $(subst .2,.pod,$(man_MANS))
diff --git a/libraries/libapparmor/doc/aa_find_mountpoint.pod b/libraries/libapparmor/doc/aa_find_mountpoint.pod
new file mode 100644
index 0000000..28f25f4
--- /dev/null
+++ b/libraries/libapparmor/doc/aa_find_mountpoint.pod
@@ -0,0 +1,74 @@
+# This publication is intellectual property of Canonical Ltd. Its contents
+# can be duplicated, either in part or in whole, provided that a copyright
+# label is visibly located on each copy.
+#
+# All information found in this book has been compiled with utmost
+# attention to detail. However, this does not guarantee complete accuracy.
+# Neither Canonical Ltd, the authors, nor the translators shall be held
+# liable for possible errors or the consequences thereof.
+#
+# Many of the software and hardware descriptions cited in this book
+# are registered trademarks. All trade names are subject to copyright
+# restrictions and may be registered trade marks. Canonical Ltd.
+# essentially adhere to the manufacturer's spelling.
+#
+# Names of products and trademarks appearing in this book (with or without
+# specific notation) are likewise subject to trademark and trade protection
+# laws and may thus fall under copyright restrictions.
+#
+
+
+=pod
+
+=head1 NAME
+
+aa_find_mountpoint - find where the apparmor interface filesystem is mounted
+
+=head1 SYNOPSIS
+
+B<#include E<lt>sys/apparmor.hE<gt>>
+
+B<int aa_find_mountpoint(char **mnt);>
+
+Link with B<-lapparmor> when compiling.
+
+=head1 DESCRIPTION
+
+The aa_find_mountpoint function finds where the apparmor filesystem is mounted
+on the system, and returns a string containing the mount path. It is the
+caller's responsibility to free(3) the returned path.
+
+=head1 RETURN VALUE
+
+On success zero is returned. On error, -1 is returned, and errno(3) is set
+appropriately.
+
+=head1 ERRORS
+
+=over 4
+
+=item B<ENOMEM>
+
+Insufficient memory was available.
+
+=item B<EACCES>
+
+Access to the the required paths was denied.
+
+=item B<ENOENT>
+
+The apparmor filesystem mount could not be found
+
+=back
+
+=head1 BUGS
+
+None known. If you find any, please report them at
+L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+
+=head1 SEE ALSO
+
+apparmor(7), apparmor.d(5), apparmor_parser(8), and
+L<http://wiki.apparmor.net>.
+
+=cut
diff --git a/libraries/libapparmor/src/apparmor.h b/libraries/libapparmor/src/apparmor.h
index 58e95c6..903cecd 100644
--- a/libraries/libapparmor/src/apparmor.h
+++ b/libraries/libapparmor/src/apparmor.h
@@ -20,6 +20,9 @@
__BEGIN_DECLS
+/* Prototypes for apparmor state queries */
+extern int aa_find_mountpoint(char **mnt);
+
/* Prototypes for self directed domain transitions
* see <http://apparmor.net>
* Please see the change_hat(2) manpage for information.
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index 955944b..6c20645 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -27,6 +27,7 @@
#include <errno.h>
#include <limits.h>
#include <stdarg.h>
+#include <mntent.h>
/* some non-Linux systems do not define a static value */
#ifndef PATH_MAX
@@ -38,6 +39,48 @@
#define default_symbol_version(real, name, version) \
__asm__ (".symver " #real "," #name "@@" #version)
+/**
+ * aa_find_mountpoint - find where the apparmor interface filesystem is mounted
+ * @mnt: returns buffer with the mountpoint string
+ *
+ * Returns: 0 on success else -1 on error
+ *
+ * NOTE: this function only supports versions of apparmor using securityfs
+ */
+int aa_find_mountpoint(char **mnt)
+{
+ struct stat statbuf;
+ struct mntent *mntpt;
+ FILE *mntfile;
+ int rc = -1;
+
+ mntfile = setmntent("/proc/mounts", "r");
+ if (!mntfile)
+ return -1;
+
+ while ((mntpt = getmntent(mntfile))) {
+ char *proposed = NULL;
+ if (strcmp(mntpt->mnt_type, "securityfs") != 0)
+ continue;
+
+ if (asprintf(&proposed, "%s/apparmor", mntpt->mnt_dir) < 0)
+ /* ENOMEM */
+ break;
+
+ if (stat(proposed, &statbuf) == 0) {
+ *mnt = proposed;
+ rc = 0;
+ break;
+ }
+ free(proposed);
+ }
+ endmntent(mntfile);
+ if (rc == -1)
+ errno = ENOENT;
+ return rc;
+}
+
+
static inline pid_t aa_gettid(void)
{
#ifdef SYS_gettid
diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
index 6b209af..df51d01 100644
--- a/libraries/libapparmor/src/libapparmor.map
+++ b/libraries/libapparmor/src/libapparmor.map
@@ -16,6 +16,7 @@ APPARMOR_1.0 {
APPARMOR_1.1 {
global:
+ aa_find_mountpoint;
aa_change_hat;
aa_change_hatv;
aa_change_hat_vargs;
diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
index d0f6bd5..1b6b5c7 100644
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@@ -13,6 +13,7 @@
* are manually inserted here
*/
+extern int aa_find_mountpoint(char **mnt);
extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
extern int aa_change_profile(const char *profile);
extern int aa_change_onexec(const char *profile);
More information about the AppArmor
mailing list