On 06.10.2015 11:16, Cédric Bosdonnat wrote:
> profile_status function was not making any difference between error
> cases and unconfined profiles. The problem with this approach is that
> dominfo was throwing an error on unconfined domains.
> ---
> src/security/security_apparmor.c | 30 +++++++++++++++++++++---------
> 1 file changed, 21 insertions(+), 9 deletions(-)
>
> diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
> index 16b8f87..2cf333d 100644
> --- a/src/security/security_apparmor.c
> +++ b/src/security/security_apparmor.c
> @@ -66,10 +66,11 @@ struct SDPDOP {
> };
>
> /*
> - * profile_status returns '-1' on error, '0' if loaded
> + * profile_status returns '-2' on error, '-1' if not loaded, '0' if loaded
> *
> - * If check_enforcing is set to '1', then returns '-1' on error, '0' if
> - * loaded in complain mode, and '1' if loaded in enforcing mode.
> + * If check_enforcing is set to '1', then returns '-2' on error, '-1' if
> + * not loaded, '0' if loaded in complain mode, and '1' if loaded in
> + * enforcing mode.
> */
> static int
> profile_status(const char *str, const int check_enforcing)
> @@ -77,7 +78,7 @@ profile_status(const char *str, const int check_enforcing)
> char *content = NULL;
> char *tmp = NULL;
> char *etmp = NULL;
> - int rc = -1;
> + int rc = -2;
>
I've checked all the callers and it seems like they are okay with this
change too.
ACK
Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list