On 09/10/2018 05:36 AM, Michal Privoznik wrote:
It will be desirable to run transactions more often than we currently do. Even if the domain we're relabeling the paths for does not run in a namespace. If that's the case, there is no need to fork() as we are already running in the right namespace. To differentiate whether transaction code should fork() or not the @pid argument now accepts -1 (which means do not fork).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_dac.c | 22 ++++++++++++++-------- src/security/security_manager.c | 14 +++++++++----- src/security/security_selinux.c | 23 +++++++++++++++-------- 3 files changed, 38 insertions(+), 21 deletions(-)
I do have a dislike for the code format chosen - I prefer: if (pid == -1) else is so much easier for me to read. Reviewed-by: John Ferlan <jferlan@redhat.com> John