[apparmor] [PATCH 5/6] libapparmor: Migrate aa_kernel_interface API to openat() style
Tyler Hicks
tyhicks at canonical.com
Thu Apr 2 01:10:10 UTC 2015
On 2015-04-01 18:06:51, Seth Arnold wrote:
> On Thu, Mar 26, 2015 at 04:48:01PM -0500, Tyler Hicks wrote:
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
>
> Can you explain the -1 here? I can't tell what the -1 does to openat(2):
Ah, yes! I meant to explain that in the patch series description.
If dirfd is -1 (an _invalid_ file descriptor), then it means that the
path *must* absolute instead of relative.
Note that the -1 dirfd's are only used while moving all 3 of the APIs to
the openat(2) style. In patch 6/6, all of the -1 dirfd's are changed to
valid file descriptors.
Tyler
>
> > @@ -119,7 +119,7 @@ static int replace_all_cb(int dirfd unused, const char *name, struct stat *st,
> > return -1;
> > }
> > retval = aa_kernel_interface_replace_policy_from_file(data->kernel_interface,
> > + -1, path);
> > }
>
> > int aa_kernel_interface_replace_policy_from_file(aa_kernel_interface *kernel_interface,
> > + int dirfd, const char *path)
> > {
> > return write_policy_file_to_iface(kernel_interface,
> > + AA_IFACE_FILE_REPLACE, dirfd, path);
> > }
>
> > static int write_policy_file_to_iface(aa_kernel_interface *kernel_interface,
> > + const char *iface_file,
> > + int dirfd, const char *path)
> > {
> > autoclose int fd;
> >
> > + fd = openat(dirfd, path, O_RDONLY);
> > if (fd == -1)
> > return -1;
>
> Thanks
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150401/f26e85a8/attachment.pgp>
More information about the AppArmor
mailing list