[PATCH 2/3] [V5] Disable shell access when lockdown is active

Murilo Opsfelder Araújo muriloo at linux.vnet.ibm.com
Wed Aug 17 06:33:11 AEST 2016


On 08/12/2016 11:36 PM, Timothy Pearson wrote:
[...]
> diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c
> index 09b63b0..96ebd1e 100644
> --- a/ui/ncurses/nc-cui.c
> +++ b/ui/ncurses/nc-cui.c
> @@ -25,6 +25,7 @@
>  #include <stdlib.h>
>  #include <string.h>
>  #include <sys/ioctl.h>
> +#include <sys/reboot.h>
>  
>  #include "log/log.h"
>  #include "pb-protocol/pb-protocol.h"
> @@ -94,6 +95,15 @@ static void cui_atexit(void)
>  	clear();
>  	refresh();
>  	endwin();
> +
> +	bool lockdown = false;
> +	if (access(LOCKDOWN_FILE, F_OK) != -1)
> +		lockdown = true;

I see this "if" block more than once.  Wouldn't it make sense to
encapsulate this in a function that returns true if lockdown is present?

> +
> +	while (lockdown) {
> +		sync();
> +		reboot(RB_AUTOBOOT);
> +	}
>  }
>  
>  /**
> @@ -826,6 +836,9 @@ static struct pmenu *main_menu_init(struct cui *cui)
>  	struct pmenu_item *i;
>  	struct pmenu *m;
>  	int result;
> +	bool lockdown = false;
> +	if (access(LOCKDOWN_FILE, F_OK) != -1)
> +		lockdown = true;

Same here.

-- 
Murilo



More information about the Petitboot mailing list