On 07/24/2016 04:26 PM, Randy Dunlap wrote:
> On 07/24/16 01:20, Stephen Rothwell wrote:
>> Hi all,
>>
>> Changes since 20160722:
>>
>
> on x86_64:
>
> CONFIG_SECURITY_APPARMOR=y
> CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
> # CONFIG_SECURITY_APPARMOR_HASH is not set
>
>
Hi James,
can you please pull the following bug fix to the 4.8 pull-request
The following changes since commit d4d03f74a73f3b8b2801d4d02011b6b69778cbcc:
apparmor: fix arg_size computation for when setprocattr is null terminated
(2016-07-12 08:43:10 -0700)
are available in the git
s also hides the
option
in that case.
Signed-off-by: Arnd Bergmann <a...@arndb.de>
Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing
is used")
Signed-off-by: John Johansen <john.johan...@canonical.com>
---
security/apparmor/crypto.c| 3
Hi James,
can you please pull the following bug fix to the 4.8 pull-request
The following changes since commit d4d03f74a73f3b8b2801d4d02011b6b69778cbcc:
apparmor: fix arg_size computation for when setprocattr is null terminated
(2016-07-12 08:43:10 -0700)
are available in the git
in that case.
Signed-off-by: Arnd Bergmann
Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing
is used")
Signed-off-by: John Johansen
---
security/apparmor/crypto.c| 3 +++
security/apparmor/lsm.c | 4 +++-
security/apparmor/policy_un
ck won't get accidentally dropped by something else calling it
> Signed-off-by: Arnd Bergmann <a...@arndb.de>
Acked-by: John Johansen <john.johan...@canonical.com>
> Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy
> hashing is used")
> ---
ck won't get accidentally dropped by something else calling it
> Signed-off-by: Arnd Bergmann
Acked-by: John Johansen
> Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy
> hashing is used")
> ---
> security/apparmor/crypto.c| 3 +++
> secu
termination.
Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a
Reported-by: Vegard Nossum <vegard.nos...@oracle.com>
Cc: Al Viro <v...@zeniv.linux.org.uk>
Cc: John Johansen <john.johan...@canonical.com>
Cc: Paul Moore <p...@paul-moore.com>
Cc: Stephen Smalley <
Reported-by: Vegard Nossum
Cc: Al Viro
Cc: John Johansen
Cc: Paul Moore
Cc: Stephen Smalley
Cc: Eric Paris
Cc: Casey Schaufler
Signed-off-by: John Johansen
Reviewed-by: Tyler Hicks
---
security/apparmor/lsm.c | 36 +++-
1 file changed, 19 insertions(+), 17
James this fixes a user facing oops in apparmor, can you push this up
thanks
James this fixes a user facing oops in apparmor, can you push this up
thanks
+-
>> fs/proc/internal.h | 1 +
>> include/linux/security.h | 15 ---
>> security/security.c| 31 --
>> 5 files changed, 133 insertions(+), 24 deletions(-)
>
> Acked-by: Paul Moore <p...@paul-moore.com>
Acked-by
t, and to bring it up to date with the current tree.
>>
>> Signed-off-by: Casey Schaufler
>>
>> ---
>> Documentation/security/LSM.txt | 19 ++---
>> fs/proc/base.c | 91
>> +-
>> fs/proc/internal.h
t; The module specific subdirectories under attr contain context
>> entries that report the information for that specific module
>> in the same format.
>>
>> Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com>
Acked-by: John Johansen <john.johan...@canonical.com
ctories under attr contain context
>> entries that report the information for that specific module
>> in the same format.
>>
>> Signed-off-by: Casey Schaufler
Acked-by: John Johansen
>>
>> ---
>> Documentation/security/LSM.txt | 8 +++
>> fs/p
m.c | 2 +-
>> security/tomoyo/tomoyo.c | 2 +-
>> security/yama/yama_lsm.c | 2 +-
>> 11 files changed, 82 insertions(+), 17 deletions(-)
>
> Thanks for moving the docs.
>
> Acked-by: Paul Moore <p...@paul-moore.com>
Acked-by: John Johanse
| 2 +-
>> security/yama/yama_lsm.c | 2 +-
>> 11 files changed, 82 insertions(+), 17 deletions(-)
>
> Thanks for moving the docs.
>
> Acked-by: Paul Moore
Acked-by: John Johansen
>
>> diff --git a/Documentation/security/LSM.txt b/Documentation/security/L
On 06/10/2016 02:34 PM, Heinrich Schuchardt wrote:
> Do not copy uninitalized fields th.td_hilen, th.td_data.
>
> Signed-off-by: Heinrich Schuchardt <xypron.g...@gmx.de>
Acked-by: John Johansen <john.johan...@canonical.com>
I have a queue of patches I need to push this w
On 06/10/2016 02:34 PM, Heinrich Schuchardt wrote:
> Do not copy uninitalized fields th.td_hilen, th.td_data.
>
> Signed-off-by: Heinrich Schuchardt
Acked-by: John Johansen
I have a queue of patches I need to push this weekend so I
will suck this one in and send it up with
On 11/18/2015 04:14 AM, Sergey Senozhatsky wrote:
> Cosmetic.
>
> Do not define list_entry_next() and use list_next_entry()
> from list.h.
>
two days to late,
Geliang Tang already submitted the same patch in
[PATCH 3/3] apparmor: use list_next_entry instead of list_entry_next
and I've pulled
On 11/18/2015 04:14 AM, Sergey Senozhatsky wrote:
> Cosmetic.
>
> Do not define list_entry_next() and use list_next_entry()
> from list.h.
>
two days to late,
Geliang Tang already submitted the same patch in
[PATCH 3/3] apparmor: use list_next_entry instead of list_entry_next
and I've pulled
On 11/16/2015 05:46 AM, Geliang Tang wrote:
> list_next_entry has been defined in list.h, so I replace list_entry_next
> with it.
>
> Signed-off-by: Geliang Tang
yep looks good
Acked-by: John Johansen
> ---
> security/apparmor/apparmorfs.c | 8 +++-
> 1 file change
On 11/16/2015 05:46 AM, Geliang Tang wrote:
> list_next_entry has been defined in list.h, so I replace list_entry_next
> with it.
>
> Signed-off-by: Geliang Tang <geliangt...@163.com>
yep looks good
Acked-by: John Johansen <john.johan...@canonical.com>
> ---
>
ck namespace patches.
>
> Signed-off-by: Lukasz Pawelczyk
> Acked-by: Serge Hallyn
Acked-by: John Johansen
> ---
> fs/xattr.c| 10 ++
> include/linux/lsm_hooks.h | 9 +
> include/linux/security.h | 10 ++
> security/security.c
ck namespace patches.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: John Johansen <john.johan...@canonical.com>
> ---
> fs/xattr.c| 10 ++
> include/linux/lsm_ho
s do.
>
> Signed-off-by: Arnd Bergmann
thanks
Acked-by: John Johansen
>
> diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
> index d49c53960b60..232469baa94f 100644
> --- a/security/apparmor/Kconfig
> +++ b/security/apparmor/Kconfig
> @@ -3
s do.
>
> Signed-off-by: Arnd Bergmann <a...@arndb.de>
thanks
Acked-by: John Johansen <john.johan...@canonical.com>
>
> diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
> index d49c53960b60..232469baa94f 100644
> --- a/security/apparmor
4:37 AM, James Morris wrote:
>>>>>>>>> On Sat, 2 May 2015, Casey Schaufler wrote:
>>>>>>>>>
>>>>>>>>>> Subject: [PATCH 0/7 v22] LSM: Multiple concurrent LSMs
>>>>>>>>> Please a
add all of the Acked-by etc. from the patch review process.
For v21 I had Acks from:
John Johansen john.johan...@canonical.com
Tetsuo Handa penguin-ker...@i-love.sakura.ne.jp
Stephen Smalley s...@tycho.nsa.gov (after patch 8/7)
Kees Cook keesc...@chromium.org
On 04/29/2015 06:55 PM, James Morris wrote:
> On Tue, 21 Apr 2015, Casey Schaufler wrote:
>
>>
>> James, do you want to take the module stacking changes in through
>> the security tree? Are there remaining objections or concerns? What
>> procedure would you like to follow?
>
> What's the overall
On 04/29/2015 06:55 PM, James Morris wrote:
On Tue, 21 Apr 2015, Casey Schaufler wrote:
James, do you want to take the module stacking changes in through
the security tree? Are there remaining objections or concerns? What
procedure would you like to follow?
What's the overall consensus
t I don't expect anything
to fallout from that.
Acked-by: John Johansen
> Apart from ACK from John, I wrote a cleanup patch (shown below) which
> we might want to append to this patchset, though we anyway need to
> refresh this patchset with commit 58bc19542455 in linux
expect anything
to fallout from that.
Acked-by: John Johansen john.johan...@canonical.com
Apart from ACK from John, I wrote a cleanup patch (shown below) which
we might want to append to this patchset, though we anyway need to
refresh this patchset with commit 58bc19542455 in linux-next.git included
On 03/30/2015 04:46 PM, Joe Perches wrote:
> Use the normal return values for bool functions
>
> Signed-off-by: Joe Perches
Joe, I'll pull this into my tree and send it up with a couple of other
patches I have pending
Acked-by: John Johansen
> ---
> security/apparmo
On 03/30/2015 04:46 PM, Joe Perches wrote:
Use the normal return values for bool functions
Signed-off-by: Joe Perches j...@perches.com
Joe, I'll pull this into my tree and send it up with a couple of other
patches I have pending
Acked-by: John Johansen john.johan...@canonical.com
'm fine with this, do you want me to pull it into my tree for our next push
or do you want this all to go together as a set?
Acked-by: John Johansen
> ---
> security/apparmor/crypto.c | 19 +--
> 1 file changed, 9 insertions(+), 10 deletions(-)
>
> diff --git a
you want me to pull it into my tree for our next push
or do you want this all to go together as a set?
Acked-by: John Johansen john.johan...@canonical.com
---
security/apparmor/crypto.c | 19 +--
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/security/apparmor
modules are now ready to handle the rename flags,
> security_inode_rename() and security_path_rename() no longer need to
> call each LSM module with reversed arguments.
>
> Signed-off-by: Tetsuo Handa
Acked-by: John Johansen
> ---
> security/security.c | 18 --
gt;
> }
> return error;
>
>From c07677ce007bbb5689b82bce0fab15a159f59874 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa
Date: Mon, 12 May 2014 21:54:05 +0900
Subject: [PATCH] AppArmor: Handle the rename flags.
For AppArmor, the RENAME_EXCHANGE flag means "check permiss
> To fix this regression, the rename flags needs to be passed to LSM module.
> This patch is for allowing TOMOYO and AppArmor to handle RENAME_EXCHANGE
> case differently, and for allowing SMACK to avoid needlessly checking
> the same permission twice.
>
> Signed-off-by: Tetsuo
-ca.com [smack]
This looks good
Reviewed-by: John Johansen john.johan...@canonical.com
---
include/linux/security.h |8 ++--
security/apparmor/lsm.c|3 ++-
security/capability.c |6 --
security/security.c| 10 ++
security/selinux/hooks.c
-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/lsm.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index c0b4366..d7d92ad 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -332,6 +332,7
modules are now ready to handle the rename flags,
security_inode_rename() and security_path_rename() no longer need to
call each LSM module with reversed arguments.
Signed-off-by: Tetsuo Handa penguin-ker...@i-love.sakura.ne.jp
Acked-by: John Johansen john.johan...@canonical.com
quot;AppArmor: " fmt, ##args);\
+ pr_debug(fmt, ##args); \
} while (0)
#define AA_ERROR(fmt, args...) \
other than that looks good.
> Signed-off-by: Joe Perches
Acked-by: John J
);\
+ pr_debug(fmt, ##args); \
} while (0)
#define AA_ERROR(fmt, args...) \
other than that looks good.
Signed-off-by: Joe Perches j...@perches.com
Acked-by: John Johansen john.johan...@canonical.com
On 01/14/2014 05:03 AM, Tetsuo Handa wrote:
> Miklos Szeredi wrote:
>> On Mon, Jan 13, 2014 at 11:03 PM, Tetsuo Handa
>> wrote:
>>> Miklos Szeredi wrote:
Cross rename (A, B) is equivalent to plain rename(A, B) + plain rename
(B, A) done as a single atomic operation. If security module
On 01/14/2014 05:03 AM, Tetsuo Handa wrote:
Miklos Szeredi wrote:
On Mon, Jan 13, 2014 at 11:03 PM, Tetsuo Handa
penguin-ker...@i-love.sakura.ne.jp wrote:
Miklos Szeredi wrote:
Cross rename (A, B) is equivalent to plain rename(A, B) + plain rename
(B, A) done as a single atomic operation.
On 12/19/2013 08:36 PM, Richard Guy Briggs wrote:
> On 13/12/18, Oleg Nesterov wrote:
>> On 12/18, Richard Guy Briggs wrote:
>>>
>>> Bcc: r...@redhat.com
>>> Subject: Re: [PATCH] apparmor: remove the "task" arg from
>>> may_change_ptraced_domain()
>>> Reply-To:
>>> In-Reply-To:
On 12/19/2013 08:36 PM, Richard Guy Briggs wrote:
On 13/12/18, Oleg Nesterov wrote:
On 12/18, Richard Guy Briggs wrote:
Bcc: r...@redhat.com
Subject: Re: [PATCH] apparmor: remove the task arg from
may_change_ptraced_domain()
Reply-To:
In-Reply-To:
On 12/11/2013 06:47 AM, Richard Guy Briggs wrote:
> On Tue, Sep 03, 2013 at 02:31:59PM -0400, Richard Guy Briggs wrote:
>> On Fri, Aug 30, 2013 at 01:37:09PM -0700, John Johansen wrote:
>>> On 08/30/2013 12:56 PM, Richard Guy Briggs wrote:
>>>> On Tue, Aug 27,
On 12/11/2013 06:47 AM, Richard Guy Briggs wrote:
On Tue, Sep 03, 2013 at 02:31:59PM -0400, Richard Guy Briggs wrote:
On Fri, Aug 30, 2013 at 01:37:09PM -0700, John Johansen wrote:
On 08/30/2013 12:56 PM, Richard Guy Briggs wrote:
On Tue, Aug 27, 2013 at 07:21:55PM +0200, Oleg Nesterov wrote
/0x170
[ 78.480037] [] SyS_read+0x4c/0xa0
[ 78.480037] [] system_call_fastpath+0x1a/0x1f
Signed-off-by: John Johansen
---
security/apparmor/apparmorfs.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
+0x37/0x50
[] vfs_write+0xbd/0x1e0
[] SyS_write+0x4c/0xa0
[] system_call_fastpath+0x1a/0x1f
[] 0x
Signed-off-by: John Johansen
---
security/apparmor/policy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
ind
On 10/14/2013 08:20 AM, James Morris wrote:
> On Sat, 12 Oct 2013, John Johansen wrote:
>
>> Hi James,
>>
>> Can you please pull and forward the following 2 fixes for regressions in
>> 3.12 apparmor
>>
sure replied below or you can pull them from th
On 10/14/2013 08:20 AM, James Morris wrote:
On Sat, 12 Oct 2013, John Johansen wrote:
Hi James,
Can you please pull and forward the following 2 fixes for regressions in
3.12 apparmor
sure replied below or you can pull them from the branch below which I just
rebased
The following
[8137eced] aa_replace_profiles+0x3d/0xd80
[81376937] profile_replace+0x37/0x50
[811e9f2d] vfs_write+0xbd/0x1e0
[811ea96c] SyS_write+0x4c/0xa0
[817ccb1d] system_call_fastpath+0x1a/0x1f
[] 0x
Signed-off-by: John
[ 78.480037] [817ccc9d] system_call_fastpath+0x1a/0x1f
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/apparmorfs.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index
Signed-off-by: John Johansen
---
security/apparmor/crypto.c | 34 --
1 file changed, 16 insertions(+), 18 deletions(-)
diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c
index d6222ba..532471d 100644
--- a/security/apparmor/crypto.c
+++ b/security
-0700)
John Johansen (1):
apparmor: fix suspicious RCU usage warning in policy.c/policy.h
Tyler Hicks (1):
apparmor: Use shash crypto API interface for profile hashes
security/apparmor/crypto.c | 34
5/0x4c
[ 29.804835] [] vfs_write+0xad/0x113
[ 29.804840] [] SyS_write+0x44/0x7a
[ 29.804847] [] system_call_fastpath+0x16/0x1b
Reported-by: miles.l...@gmail.com
CC: paul...@linux.vnet.ibm.com
Signed-off-by: John Johansen
---
security/apparmor/include/policy.h | 4 +++-
security/apparmor/po
-0700)
John Johansen (1):
apparmor: fix suspicious RCU usage warning in policy.c/policy.h
Tyler Hicks (1):
apparmor: Use shash crypto API interface for profile hashes
security/apparmor/crypto.c | 34
] [811f16d4] profile_replace+0x35/0x4c
[ 29.804835] [81120fa3] vfs_write+0xad/0x113
[ 29.804840] [81121609] SyS_write+0x44/0x7a
[ 29.804847] [8145bfd2] system_call_fastpath+0x16/0x1b
Reported-by: miles.l...@gmail.com
CC: paul...@linux.vnet.ibm.com
Signed-off-by: John
...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/crypto.c | 34 --
1 file changed, 16 insertions(+), 18 deletions(-)
diff --git a/security/apparmor/crypto.c b/security
()
and kmalloc() buffers to be handled in the same manner.
https://launchpad.net/bugs/1216294/
Signed-off-by: Tyler Hicks
Acked-by: John Johansen
---
I've tested this patch by comparing aafs/policy/profiles/*/sha1 between a
patched i386 VM (i386 is where the BUG is easily reproduced) and an unpatched
()
and kmalloc() buffers to be handled in the same manner.
https://launchpad.net/bugs/1216294/
Signed-off-by: Tyler Hicks tyhi...@canonical.com
Acked-by: John Johansen john.johan...@canonical.com
---
I've tested this patch by comparing aafs/policy/profiles/*/sha1 between a
patched i386 VM (i386 is where
k == current so the code is actually fine.
> Remove this argument to make this fact clear.
>
> Note: perhaps we should simply kill ptrace_parent(), it buys almost
> nothing. And it is obviously racy, perhaps this should be fixed.
>
> Signed-off-by: Oleg Nesterov
Acked-by: John Joha
is actually fine.
Remove this argument to make this fact clear.
Note: perhaps we should simply kill ptrace_parent(), it buys almost
nothing. And it is obviously racy, perhaps this should be fixed.
Signed-off-by: Oleg Nesterov o...@redhat.com
Acked-by: John Johansen john.johan...@canonical.com
On 09/12/2013 10:34 AM, Paul E. McKenney wrote:
> On Wed, Sep 11, 2013 at 11:39:31PM -0400, Miles Lane wrote:
>> [ 29.804534] [ INFO: suspicious RCU usage. ]
>> [ 29.804539] 3.11.0+ #5 Not tainted
>> [ 29.804541] ---
>> [ 29.804545]
On 09/12/2013 10:34 AM, Paul E. McKenney wrote:
On Wed, Sep 11, 2013 at 11:39:31PM -0400, Miles Lane wrote:
[ 29.804534] [ INFO: suspicious RCU usage. ]
[ 29.804539] 3.11.0+ #5 Not tainted
[ 29.804541] ---
[ 29.804545] security/apparmor/include/policy.h:363
The reporting of the parent task info is a vestage from old versions of
apparmor. The need for this information was removed by unique null-
profiles before apparmor was upstreamed so remove this info from logging.
Signed-off-by: John Johansen
---
security/apparmor/audit.c | 6
Now that aa_capabile no longer sets the task field it can be removed
and the lsm_audit version of the field can be used.
Signed-off-by: John Johansen
---
security/apparmor/audit.c | 10 ++
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/security/apparmor/audit.c b/security
Mediation is based off of the cred but auditing includes the current
task which may not be related to the actual request.
Signed-off-by: John Johansen
---
security/apparmor/capability.c | 15 +--
security/apparmor/domain.c | 2 +-
security/apparmor/include
On 08/30/2013 12:56 PM, Richard Guy Briggs wrote:
> On Tue, Aug 27, 2013 at 07:21:55PM +0200, Oleg Nesterov wrote:
>> On 08/20, Richard Guy Briggs wrote:
>>>
>>> Added the functions
>>> task_ppid()
>>> task_ppid_nr_ns()
>>> task_ppid_nr_init_ns()
>>> to safely abstract the
On 08/30/2013 12:56 PM, Richard Guy Briggs wrote:
On Tue, Aug 27, 2013 at 07:21:55PM +0200, Oleg Nesterov wrote:
On 08/20, Richard Guy Briggs wrote:
Added the functions
task_ppid()
task_ppid_nr_ns()
task_ppid_nr_init_ns()
to safely abstract the lookup of the PPID
Mediation is based off of the cred but auditing includes the current
task which may not be related to the actual request.
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/capability.c | 15 +--
security/apparmor/domain.c | 2
Now that aa_capabile no longer sets the task field it can be removed
and the lsm_audit version of the field can be used.
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/audit.c | 10 ++
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/security
The reporting of the parent task info is a vestage from old versions of
apparmor. The need for this information was removed by unique null-
profiles before apparmor was upstreamed so remove this info from logging.
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor
Add a policy directory to features to contain features that can affect
policy compilation but do not affect mediation. Eg of such features would
be types of dfa compression supported, etc.
Signed-off-by: John Johansen
Acked-by: Kees Cook
---
security/apparmor/apparmorfs.c | 5 +
1 file
Signed-off-by: John Johansen
---
security/apparmor/lsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 2e2a0dd..96506df 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -742,7 +742,7
ependency by making the ns and its unconfined
profile share the same refcount.
Signed-off-by: John Johansen
Acked-by: Seth Arnold
---
security/apparmor/domain.c | 2 +-
security/apparmor/include/policy.h | 80 +++---
security/apparmor/policy.c
the entire set of profiles.
Signed-off-by: John Johansen
---
security/apparmor/apparmorfs.c| 1 +
security/apparmor/include/policy_unpack.h | 14 +-
security/apparmor/policy.c| 300 ++
security/apparmor/policy_unpack.c | 115 +
-by: John Johansen
Acked-by: Seth Arnold
---
security/apparmor/include/policy.h | 12
security/apparmor/policy.c | 33 ++---
2 files changed, 10 insertions(+), 35 deletions(-)
diff --git a/security/apparmor/include/policy.h
b/security/apparmor/include
Signed-off-by: John Johansen
---
security/apparmor/domain.c | 14 ++-
security/apparmor/include/apparmor.h | 6 +
security/apparmor/include/policy.h | 45 +++-
security/apparmor/policy.c | 213 ++-
4 files changed, 167 insertions
Signed-off-by: John Johansen
---
security/apparmor/include/policy.h | 1 +
security/apparmor/policy.c | 9 -
security/apparmor/policy_unpack.c | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/security/apparmor/include/policy.h
b/security/apparmor/include
Add the ability to take in and report a human readable profile attachment
string for profiles so that attachment specifications can be easily
inspected.
Signed-off-by: John Johansen
Acked-by: Seth Arnold
---
security/apparmor/apparmorfs.c | 34
Add basic interface files to access namespace and profile information.
The interface files are created when a profile is loaded and removed
when the profile or namespace is removed.
Signed-off-by: John Johansen
---
security/apparmor/apparmorfs.c | 322
Add the dynamic namespace relative profiles file to the interace, to allow
introspection of loaded profiles and their modes.
Signed-off-by: John Johansen
Acked-by: Kees Cook
---
security/apparmor/apparmorfs.c | 236 +
1 file changed, 236 insertions
This set of patches expands the apparmorfs policy interface by allowing
multiple profiles to loaded as an atomic set and an introspection interface
to apparmor, allowing currently loaded policy to be listed and introspected
from userspace.
move to a direct lookup method.
Signed-off-by: John Johansen
---
security/apparmor/context.c | 16 +++
security/apparmor/domain.c | 4 +-
security/apparmor/include/context.h | 15 +++
security/apparmor/include/policy.h | 78 --
security
Allow emulating the default profile behavior from boot, by allowing
loading of a profile in the unconfined state into a new NS.
Signed-off-by: John Johansen
Acked-by: Seth Arnold
---
security/apparmor/domain.c| 4 ++--
security/apparmor/include/policy.h| 6
This set of patches expands the apparmorfs policy interface by allowing
multiple profiles to loaded as an atomic set and an introspection interface
to apparmor, allowing currently loaded policy to be listed and introspected
from userspace.
move to a direct lookup method.
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/context.c | 16 +++
security/apparmor/domain.c | 4 +-
security/apparmor/include/context.h | 15 +++
security/apparmor/include/policy.h | 78
Allow emulating the default profile behavior from boot, by allowing
loading of a profile in the unconfined state into a new NS.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
---
security/apparmor/domain.c| 4
Add the dynamic namespace relative profiles file to the interace, to allow
introspection of loaded profiles and their modes.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Kees Cook k...@ubuntu.com
---
security/apparmor/apparmorfs.c | 236
Add basic interface files to access namespace and profile information.
The interface files are created when a profile is loaded and removed
when the profile or namespace is removed.
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/apparmorfs.c | 322
Add the ability to take in and report a human readable profile attachment
string for profiles so that attachment specifications can be easily
inspected.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
---
security/apparmor/apparmorfs.c
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/include/policy.h | 1 +
security/apparmor/policy.c | 9 -
security/apparmor/policy_unpack.c | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/security/apparmor/include/policy.h
-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
---
security/apparmor/include/policy.h | 12
security/apparmor/policy.c | 33 ++---
2 files changed, 10 insertions(+), 35 deletions(-)
diff --git a/security
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/domain.c | 14 ++-
security/apparmor/include/apparmor.h | 6 +
security/apparmor/include/policy.h | 45 +++-
security/apparmor/policy.c | 213 ++-
4 files
of profiles.
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/apparmorfs.c| 1 +
security/apparmor/include/policy_unpack.h | 14 +-
security/apparmor/policy.c| 300 ++
security/apparmor/policy_unpack.c
301 - 400 of 473 matches
Mail list logo