Instead of having a literal, making this a constant will allow for (hacky) detection of conflicting profile attachments from inspection of the info pointer. This is used in the next patch to augment the information provided through domain.c:x_to_label for ix/ux fallback.
Signed-off-by: Ryan Lee <[email protected]> --- security/apparmor/domain.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 548eef3a8ea1..a73307ee1c7f 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -29,6 +29,8 @@ #include "include/policy.h" #include "include/policy_ns.h" +static const char * const CONFLICTING_ATTACH_STR = "conflicting profile attachments"; + /** * may_change_ptraced_domain - check if can change profile on ptraced task * @to_cred: cred of task changing domain @@ -486,7 +488,7 @@ static struct aa_label *find_attach(const struct linux_binprm *bprm, if (!candidate || conflict) { if (conflict) - *info = "conflicting profile attachments"; + *info = CONFLICTING_ATTACH_STR; rcu_read_unlock(); return NULL; } -- 2.43.0
