kernel / kernel-source

Clone
Source Code
GIT

Blame patches.apparmor/0063-apparmor-add-stacked-domain-labels-interface.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   85c41564e973e9646278bbcfb81ef881d1f109bb
  2.   patches.apparmor
  3.   0063-apparmor-add-stacked-domain-labels-interface.patch
Blob History Raw
Goldwyn Rodrigues e310a9 
From 8f8f414e28dc4d92ed8b98f18f32e2c58f37f726 Mon Sep 17 00:00:00 2001
Goldwyn Rodrigues e310a9 
From: John Johansen <john.johansen@canonical.com>
Goldwyn Rodrigues e310a9 
Date: Fri, 9 Jun 2017 17:22:50 -0700
Goldwyn Rodrigues e310a9 
Subject: [PATCH 63/65] apparmor: add stacked domain labels interface
Goldwyn Rodrigues e310a9 
Git-commit: 6c5fc8f17a2528052bace1d91a3bef003bd1331d
Goldwyn Rodrigues e310a9 
Patch-mainline: v4.13-rc1
Goldwyn Rodrigues e310a9 
References: FATE#323500
Goldwyn Rodrigues e310a9
Goldwyn Rodrigues e310a9 
Update the user interface to support the stacked change_profile transition.
Goldwyn Rodrigues e310a9
Goldwyn Rodrigues e310a9 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Goldwyn Rodrigues e310a9 
Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Goldwyn Rodrigues e310a9 
---
Goldwyn Rodrigues e310a9 
 security/apparmor/apparmorfs.c | 3 +++
Goldwyn Rodrigues e310a9 
 security/apparmor/lsm.c        | 5 +++++
Goldwyn Rodrigues e310a9 
 2 files changed, 8 insertions(+)
Goldwyn Rodrigues e310a9
Goldwyn Rodrigues e310a9 
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
Goldwyn Rodrigues e310a9 
index 6310bf1485b6..229845009a95 100644
Goldwyn Rodrigues e310a9 
--- a/security/apparmor/apparmorfs.c
Goldwyn Rodrigues e310a9 
+++ b/security/apparmor/apparmorfs.c
Goldwyn Rodrigues e310a9 
@@ -2132,6 +2132,7 @@ static struct aa_sfs_entry aa_sfs_entry_domain[] = {
Goldwyn Rodrigues e310a9 
 	AA_SFS_FILE_BOOLEAN("change_hatv",	1),
Goldwyn Rodrigues e310a9 
 	AA_SFS_FILE_BOOLEAN("change_onexec",	1),
Goldwyn Rodrigues e310a9 
 	AA_SFS_FILE_BOOLEAN("change_profile",	1),
Goldwyn Rodrigues e310a9 
+	AA_SFS_FILE_BOOLEAN("stack",		1),
Goldwyn Rodrigues e310a9 
 	AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap",	1),
Goldwyn Rodrigues e310a9 
 	AA_SFS_FILE_STRING("version", "1.2"),
Goldwyn Rodrigues e310a9 
 	{ }
Goldwyn Rodrigues e310a9 
@@ -2175,6 +2176,8 @@ static struct aa_sfs_entry aa_sfs_entry_features[] = {
Goldwyn Rodrigues e310a9
Goldwyn Rodrigues e310a9 
 static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
Goldwyn Rodrigues e310a9 
 	AA_SFS_FILE_FOPS(".access", 0640, &aa_sfs_access),
Goldwyn Rodrigues e310a9 
+	AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
Goldwyn Rodrigues e310a9 
+	AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
Goldwyn Rodrigues e310a9 
 	AA_SFS_FILE_FOPS(".ns_level", 0666, &seq_ns_level_fops),
Goldwyn Rodrigues e310a9 
 	AA_SFS_FILE_FOPS(".ns_name", 0640, &seq_ns_name_fops),
Goldwyn Rodrigues e310a9 
 	AA_SFS_FILE_FOPS("profiles", 0440, &aa_sfs_profiles_fops),
Goldwyn Rodrigues e310a9 
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
Goldwyn Rodrigues e310a9 
index 0f7c5c2be732..867bcd154c7e 100644
Goldwyn Rodrigues e310a9 
--- a/security/apparmor/lsm.c
Goldwyn Rodrigues e310a9 
+++ b/security/apparmor/lsm.c
Goldwyn Rodrigues e310a9 
@@ -580,11 +580,16 @@ static int apparmor_setprocattr(const char *name, void *value,
Goldwyn Rodrigues e310a9 
 			error = aa_change_profile(args, AA_CHANGE_NOFLAGS);
Goldwyn Rodrigues e310a9 
 		} else if (strcmp(command, "permprofile") == 0) {
Goldwyn Rodrigues e310a9 
 			error = aa_change_profile(args, AA_CHANGE_TEST);
Goldwyn Rodrigues e310a9 
+		} else if (strcmp(command, "stack") == 0) {
Goldwyn Rodrigues e310a9 
+			error = aa_change_profile(args, AA_CHANGE_STACK);
Goldwyn Rodrigues e310a9 
 		} else
Goldwyn Rodrigues e310a9 
 			goto fail;
Goldwyn Rodrigues e310a9 
 	} else if (strcmp(name, "exec") == 0) {
Goldwyn Rodrigues e310a9 
 		if (strcmp(command, "exec") == 0)
Goldwyn Rodrigues e310a9 
 			error = aa_change_profile(args, AA_CHANGE_ONEXEC);
Goldwyn Rodrigues e310a9 
+		else if (strcmp(command, "stack") == 0)
Goldwyn Rodrigues e310a9 
+			error = aa_change_profile(args, (AA_CHANGE_ONEXEC |
Goldwyn Rodrigues e310a9 
+							 AA_CHANGE_STACK));
Goldwyn Rodrigues e310a9 
 		else
Goldwyn Rodrigues e310a9 
 			goto fail;
Goldwyn Rodrigues e310a9 
 	} else
Goldwyn Rodrigues e310a9 
--
Goldwyn Rodrigues e310a9 
2.12.3
Goldwyn Rodrigues e310a9
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.