void aa_find_mountpoint_wrapper (int *ret, char **mnt, bool *verbose) { if(*verbose){ Rprintf("Finding mountpoint...\n"); } *ret = aa_find_mountpoint (mnt); if(*ret != 0){ *ret = errno; } }
/* * Return TRUE on successful check, FALSE on OOM. * Set *is_supported to whether AA has D-Bus features. */ static dbus_bool_t _bus_apparmor_detect_aa_dbus_support (dbus_bool_t *is_supported) { int mask_file; DBusString aa_dbus; char *aa_securityfs = NULL; dbus_bool_t retval = FALSE; *is_supported = FALSE; if (!_dbus_string_init (&aa_dbus)) return FALSE; if (aa_find_mountpoint (&aa_securityfs) != 0) goto out; /* * John Johansen has confirmed that the mainline kernel will not have * the apparmorfs/features/dbus/mask file until the mainline kernel * has AppArmor getpeersec support. */ if (!_dbus_string_append (&aa_dbus, aa_securityfs) || !_dbus_string_append (&aa_dbus, "/features/dbus/mask")) goto out; /* We need to open() the flag file, not just stat() it, because AppArmor * does not mediate stat() in the apparmorfs. If you have a * dbus-daemon inside an LXC container, with insufficiently broad * AppArmor privileges to do its own AppArmor mediation, the desired * result is that it behaves as if AppArmor was not present; but a stat() * here would succeed, and result in it trying and failing to do full * mediation. https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1238267 */ mask_file = open (_dbus_string_get_const_data (&aa_dbus), O_RDONLY | O_CLOEXEC); if (mask_file != -1) { *is_supported = TRUE; close (mask_file); } retval = TRUE; out: free (aa_securityfs); _dbus_string_free (&aa_dbus); return retval; }