filesystem: don't overwrite existing protector links

When adding a protector to a policy, don't unconditionally overwrite the protector link, because it may already exist. Instead, if it already exists and points to the mount, just use it. If it already exists and points to the wrong place, return an error. Also add a bool to the return value of AddLinkedProtector() so that callers can check whether the link was newly created or not.
author: Eric Biggers <ebiggers@google.com> 2020-01-27 20:16:35 -0800
committer: Eric Biggers <ebiggers@google.com> 2020-01-28 10:45:52 -0800
commit: 07d744068d437b09d7a07975e88e18440f5db2f3 (patch)
tree: 82171c13401976e80520f3ba98a02bc9c9d81ec4 /actions/policy.go
parent: 5c08edd521deadd36bec36662d30681b01253d62 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/actions/policy.go b/actions/policy.go
index 41e108e..9d644c1 100644
--- a/actions/policy.go
+++ b/actions/policy.go
@@ -315,7 +315,7 @@ func (policy *Policy) AddProtector(protector *Protector) error {
 	// to it on the policy's filesystem.
 	if policy.Context.Mount != protector.Context.Mount {
 		log.Printf("policy on %s\n protector on %s\n", policy.Context.Mount, protector.Context.Mount)
-		err := policy.Context.Mount.AddLinkedProtector(
+		_, err := policy.Context.Mount.AddLinkedProtector(
 			protector.Descriptor(), protector.Context.Mount)
 		if err != nil {
 			return err
author	Eric Biggers <ebiggers@google.com>	2020-01-27 20:16:35 -0800
committer	Eric Biggers <ebiggers@google.com>	2020-01-28 10:45:52 -0800
commit	07d744068d437b09d7a07975e88e18440f5db2f3 (patch)
tree	82171c13401976e80520f3ba98a02bc9c9d81ec4 /actions/policy.go
parent	5c08edd521deadd36bec36662d30681b01253d62 (diff)