On Sat, Jul 20, 2013 at 01:58:52AM -0700, John Johansen wrote: > so yet another patch that has just been sitting in the queue, mostly > waiting on the userspace feature buffer size fix that rolled out a while ago. > > --- > > apparmor: export set of capabilities supported by the apparmor module > > This exports the set of capability names as generated by the kernel > so that the policy compiler can support capability names as keywords > dynamically when the kernel picks up new capabilities. > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]> > > diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile > index 5706b74..0831e04 100644 > --- a/security/apparmor/Makefile > +++ b/security/apparmor/Makefile > @@ -18,7 +18,11 @@ quiet_cmd_make-caps = GEN $@ > cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ > ;\ > sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \ > -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\ > - echo "};" >> $@ > + echo "};" >> $@ ;\ > + echo -n '\#define AA_FS_CAPS_MASK "' >> $@ ;\ > + sed $< -r -n -e '/CAP_FS_MASK/d' \ > + -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \ > + tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ > > > # Build a lower case string table of rlimit names. > diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c > index 7a26608..d708a55 100644 > --- a/security/apparmor/apparmorfs.c > +++ b/security/apparmor/apparmorfs.c > @@ -773,6 +773,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = { > AA_FS_DIR("file", aa_fs_entry_file), > AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), > AA_FS_DIR("rlimit", aa_fs_entry_rlimit), > + AA_FS_DIR("caps", aa_fs_entry_caps), > { } > }; > > diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c > index 887a5e9..84d1f5f 100644 > --- a/security/apparmor/capability.c > +++ b/security/apparmor/capability.c > @@ -27,6 +27,11 @@ > */ > #include "capability_names.h" > > +struct aa_fs_entry aa_fs_entry_caps[] = { > + AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK), > + { } > +}; > + > struct audit_cache { > struct aa_profile *profile; > kernel_cap_t caps; > diff --git a/security/apparmor/include/capability.h > b/security/apparmor/include/capability.h > index c24d295..2e7c9d6 100644 > --- a/security/apparmor/include/capability.h > +++ b/security/apparmor/include/capability.h > @@ -17,6 +17,8 @@ > > #include <linux/sched.h> > > +#include "apparmorfs.h" > + > struct aa_profile; > > /* aa_caps - confinement data for capabilities > @@ -34,6 +36,8 @@ struct aa_caps { > kernel_cap_t extended; > }; > > +extern struct aa_fs_entry aa_fs_entry_caps[]; > + > int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, > int audit); > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
