On 7/26/2019 5:56 AM, Abhishek Vijeev wrote: > > Hi, > > > I have a few questions about AppArmor's kernel code and would be grateful if > you could kindly answer them.? > > > 1) Why does AppArmor maintain two separate security blobs in cred->security > as well as task-security for processes? For a simple project that requires > associating a security context with every task, would it suffice to use just > one of these? > > > 2) There has been a change in the way security blobs are accessed from kernel > version 4.18 to 5.2. I see that in v5.2, the?security blob's address is > obtained by adding the size of the blob to the start address. Why has this > change been made? (For > reference:?https://github.com/torvalds/linux/blob/master/security/apparmor/include/cred.h#L24) > The change was made to allow multiple security modules to share the blobs. The security module initialization replaces the size of the blobs in apparmor_bob_sizes with their offsets in the blob. The addition you see adds the offset, not the size.
> > 3) I tried adding a custom field (pointer to a custom structure) to struct > aa_profile, at exactly this point > -?https://github.com/torvalds/linux/blob/master/security/apparmor/include/policy.h#L144. > I have taken care to allocate and free memory for the pointer at the > appropriate places (allocation is performed here > -?https://github.com/torvalds/linux/blob/master/security/apparmor/policy_unpack.c#L671?and > freeing is performed?here > -?https://github.com/torvalds/linux/blob/master/security/apparmor/policy.c#L205).?However, > while booting the kernel, it crashes?at the function > 'security_prepare_creds( )', which I presume invokes 'apparmor_cred_prepare( > )'. If I was, to assume for a moment that there are no bugs with my memory > allocation code, is there any other reason why such a crash might have > occurred??I have attached the kernel crash log?file?with this email for your > kind?reference.? > > > Thank you, > > Abhishek. > > > > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
