On Wed, Aug 12, 2009 at 07:15:22PM +0200, Jim Meyering wrote:
Richard W.M. Jones wrote:
> I think this patch is also uncontroversial.
>
> If selinux=1 then we mount /selinux in the appliance. We also
> bind-mount it into guests when running commands, just like we do for
> /proc, /dev etc.
>
> If SELinux is disabled, then /selinux doesn't get mounted.
...
> diff --git a/daemon/command.c b/daemon/command.c
> index 0399255..3261513 100644
> --- a/daemon/command.c
> +++ b/daemon/command.c
> @@ -31,8 +31,9 @@ do_command (char **argv)
> {
> char *out, *err;
> int r;
> - char *sysroot_proc, *sysroot_dev, *sysroot_dev_pts, *sysroot_sys;
> - int proc_ok, dev_ok, dev_pts_ok, sys_ok;
> + char *sysroot_dev, *sysroot_dev_pts, *sysroot_proc,
> + *sysroot_selinux, *sysroot_sys;
> + int dev_ok, dev_pts_ok, proc_ok, selinux_ok, sys_ok;
>
> /* We need a root filesystem mounted to do this. */
> NEED_ROOT (NULL);
> @@ -57,6 +58,7 @@ do_command (char **argv)
> sysroot_dev = sysroot_path ("/dev");
> sysroot_dev_pts = sysroot_path ("/dev/pts");
> sysroot_proc = sysroot_path ("/proc");
> + sysroot_selinux = sysroot_path ("/selinux");
> sysroot_sys = sysroot_path ("/sys");
>
> r = command (NULL, NULL, "mount", "--bind", "/dev",
sysroot_dev, NULL);
Shouldn't each of these sysroot_* variables be tested,
in case sysroot_path's malloc has failed?
Yes, patch attached.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat
http://et.redhat.com/~rjones
Read my programming blog:
http://rwmj.wordpress.com
Fedora now supports 75 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora