[apparmor] [PATCH 5/6] libapparmor: Migrate aa_kernel_interface API to openat() style

Thu Apr 2 01:10:10 UTC 2015

On 2015-04-01 18:06:51, Seth Arnold wrote:
> On Thu, Mar 26, 2015 at 04:48:01PM -0500, Tyler Hicks wrote:
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> 
> Can you explain the -1 here? I can't tell what the -1 does to openat(2):

Ah, yes! I meant to explain that in the patch series description.

If dirfd is -1 (an _invalid_ file descriptor), then it means that the
path *must* absolute instead of relative.

Note that the -1 dirfd's are only used while moving all 3 of the APIs to
the openat(2) style. In patch 6/6, all of the -1 dirfd's are changed to
valid file descriptors.

Tyler

> 
> > @@ -119,7 +119,7 @@ static int replace_all_cb(int dirfd unused, const char *name, struct stat *st,
> >  			return -1;
> >  		}
> >  		retval = aa_kernel_interface_replace_policy_from_file(data->kernel_interface,
> > +								      -1, path);
> >  	}
> 
> >  int aa_kernel_interface_replace_policy_from_file(aa_kernel_interface *kernel_interface,
> > +						 int dirfd, const char *path)
> >  {
> >  	return write_policy_file_to_iface(kernel_interface,
> > +					  AA_IFACE_FILE_REPLACE, dirfd, path);
> >  }
> 
> >  static int write_policy_file_to_iface(aa_kernel_interface *kernel_interface,
> > +				      const char *iface_file,
> > +				      int dirfd, const char *path)
> >  {
> >  	autoclose int fd;
> >  
> > +	fd = openat(dirfd, path, O_RDONLY);
> >  	if (fd == -1)
> >  		return -1;
> 
> Thanks

> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150401/f26e85a8/attachment.pgp>