On Sat, Jul 20, 2013 at 01:58:52AM -0700, John Johansen wrote:
> so yet another patch that has just been sitting in the queue, mostly
> waiting on the userspace feature buffer size fix that rolled out a while ago.
> 
> ---
> 
> apparmor: export set of capabilities supported by the apparmor module
> 
> This exports the set of capability names as generated by the kernel
> so that the policy compiler can support capability names as keywords
> dynamically when the kernel picks up new capabilities.
> 
> Signed-off-by: John Johansen <[email protected]>

Acked-by: Seth Arnold <[email protected]>

> 
> diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
> index 5706b74..0831e04 100644
> --- a/security/apparmor/Makefile
> +++ b/security/apparmor/Makefile
> @@ -18,7 +18,11 @@ quiet_cmd_make-caps = GEN     $@
>  cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ 
> ;\
>       sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \
>       -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
> -     echo "};" >> $@
> +     echo "};" >> $@ ;\
> +     echo -n '\#define AA_FS_CAPS_MASK "' >> $@ ;\
> +     sed $< -r -n -e '/CAP_FS_MASK/d' \
> +         -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \
> +          tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
>  
>  
>  # Build a lower case string table of rlimit names.
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 7a26608..d708a55 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -773,6 +773,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
>       AA_FS_DIR("file",                       aa_fs_entry_file),
>       AA_FS_FILE_U64("capability",            VFS_CAP_FLAGS_MASK),
>       AA_FS_DIR("rlimit",                     aa_fs_entry_rlimit),
> +     AA_FS_DIR("caps",                       aa_fs_entry_caps),
>       { }
>  };
>  
> diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
> index 887a5e9..84d1f5f 100644
> --- a/security/apparmor/capability.c
> +++ b/security/apparmor/capability.c
> @@ -27,6 +27,11 @@
>   */
>  #include "capability_names.h"
>  
> +struct aa_fs_entry aa_fs_entry_caps[] = {
> +     AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK),
> +     { }
> +};
> +
>  struct audit_cache {
>       struct aa_profile *profile;
>       kernel_cap_t caps;
> diff --git a/security/apparmor/include/capability.h 
> b/security/apparmor/include/capability.h
> index c24d295..2e7c9d6 100644
> --- a/security/apparmor/include/capability.h
> +++ b/security/apparmor/include/capability.h
> @@ -17,6 +17,8 @@
>  
>  #include <linux/sched.h>
>  
> +#include "apparmorfs.h"
> +
>  struct aa_profile;
>  
>  /* aa_caps - confinement data for capabilities
> @@ -34,6 +36,8 @@ struct aa_caps {
>       kernel_cap_t extended;
>  };
>  
> +extern struct aa_fs_entry aa_fs_entry_caps[];
> +
>  int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
>              int audit);
>  
> 
> -- 
> AppArmor mailing list
> [email protected]
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/apparmor
> 

Attachment: signature.asc
Description: Digital signature

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to