#
98b824ff |
|
28-Apr-2023 |
John Johansen <john.johansen@canonical.com> |
apparmor: refcount the pdb With the move to permission tables the dfa is no longer a stand alone entity when used, needing a minimum of a permission table. However it still could be shared among different pdbs each using a different permission table. Instead of duping the permission table when sharing a pdb, add a refcount to the pdb so it can be easily shared. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
d2fe16e9 |
|
08-Aug-2023 |
John Johansen <john.johansen@canonical.com> |
apparmor: fixup return comments for kernel doc cleanups by Gaosheng Cui [PATCH -next 05/11] apparmor: Fix kernel-doc warnings in apparmor/label.c missed updating the Returns comment for the new parameter names [PATCH -next 05/11] apparmor: Fix kernel-doc warnings in apparmor/label.c Added the @size parameter comment without mentioning it is a return value. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
e18573dd |
|
24-Jun-2023 |
Gaosheng Cui <cuigaosheng1@huawei.com> |
apparmor: Fix kernel-doc warnings in apparmor/label.c Fix kernel-doc warnings: security/apparmor/label.c:166: warning: Excess function parameter 'n' description in 'vec_cmp' security/apparmor/label.c:166: warning: Excess function parameter 'vec' description in 'vec_cmp' security/apparmor/label.c:166: warning: Function parameter or member 'an' not described in 'vec_cmp' security/apparmor/label.c:166: warning: Function parameter or member 'bn' not described in 'vec_cmp' security/apparmor/label.c:166: warning: Function parameter or member 'b' not described in 'vec_cmp' security/apparmor/label.c:2051: warning: Function parameter or member 'label' not described in '__label_update' security/apparmor/label.c:266: warning: Function parameter or member 'flags' not described in 'aa_vec_unique' security/apparmor/label.c:594: warning: Excess function parameter 'l' description in '__label_remove' security/apparmor/label.c:594: warning: Function parameter or member 'label' not described in '__label_remove' security/apparmor/label.c:929: warning: Function parameter or member 'label' not described in 'aa_label_insert' security/apparmor/label.c:929: warning: Function parameter or member 'ls' not described in 'aa_label_insert' security/apparmor/label.c:1221: warning: Excess function parameter 'ls' description in 'aa_label_merge' security/apparmor/label.c:1302: warning: Excess function parameter 'start' description in 'label_compound_match' security/apparmor/label.c:1302: warning: Function parameter or member 'rules' not described in 'label_compound_match' security/apparmor/label.c:1302: warning: Function parameter or member 'state' not described in 'label_compound_match' security/apparmor/label.c:2051: warning: Function parameter or member 'label' not described in '__label_update' Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
2f7a29de |
|
25-Sep-2022 |
Gaosheng Cui <cuigaosheng1@huawei.com> |
apparmor: remove useless static inline functions Remove the following useless static inline functions: 1. label_is_visible() is a static function in security/apparmor/label.c, and it's not used, aa_ns_visible() can do the same things as it, so it's redundant. 2. is_deleted() is a static function in security/apparmor/file.c, and it's not used since commit aebd873e8d3e ("apparmor: refactor path name lookup and permission checks around labels"), so it's redundant. They are redundant, so remove them. Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
1f939c6b |
|
20-Sep-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: Fix regression in stacking due to label flags The unconfined label flag is not being computed correctly. It should only be set if all the profiles in the vector are set, which is different than what is required for the debug and stale flag that are set if any on the profile flags are set. Fixes: c1ed5da19765 ("apparmor: allow label to carry debug flags") Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
217af7e2 |
|
29-Jul-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: refactor profile rules and attachments In preparation for moving from a single set of rules and a single attachment to multiple rulesets and attachments separate from the profile refactor attachment information and ruleset info into their own structures. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
33fc95d8 |
|
17-Jan-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: preparse for state being more than just an integer Convert from an unsigned int to a state_t for state position. This is a step in prepping for the state position carrying some additional flags, and a limited form of backtracking to support variables. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
e844fe9b |
|
16-Jul-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: convert policy lookup to use accept as an index Remap polidydb dfa accept table from embedded perms to an index, and then move the perm lookup to use the accept entry as an index into the perm table. This is done so that the perm table can be separated from the dfa, allowing dfa accept to index to share expanded permission sets. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
e2967ede |
|
17-Nov-2020 |
John Johansen <john.johansen@canonical.com> |
apparmor: compute policydb permission on profile load Rather than computing policydb permissions for each access permissions can be computed once on profile load and stored for lookup. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
c1ed5da1 |
|
26-Mar-2022 |
John Johansen <john.johansen@canonical.com> |
apparmor: allow label to carry debug flags Allow labels to have debug flags that can be used to trigger debug output only from profiles/labels that are marked. This can help reduce debug output by allowing debug to be target to a specific confinement condition. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
3e2a3a08 |
|
13-Feb-2022 |
Tom Rix <trix@redhat.com> |
apparmor: fix aa_label_asxprint return check Clang static analysis reports this issue label.c:1802:3: warning: 2nd function call argument is an uninitialized value pr_info("%s", str); ^~~~~~~~~~~~~~~~~~ str is set from a successful call to aa_label_asxprint(&str, ...) On failure a negative value is returned, not a -1. So change the check. Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels") Signed-off-by: Tom Rix <trix@redhat.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
240516df |
|
17-Nov-2021 |
Yang Li <yang.lee@linux.alibaba.com> |
apparmor: Fix kernel-doc Fix function name in security/apparmor/label.c, policy.c, procattr.c kernel-doc comment to remove some warnings found by clang(make W=1 LLVM=1). security/apparmor/label.c:499: warning: expecting prototype for aa_label_next_not_in_set(). Prototype was for __aa_label_next_not_in_set() instead security/apparmor/label.c:2147: warning: expecting prototype for __aa_labelset_udate_subtree(). Prototype was for __aa_labelset_update_subtree() instead security/apparmor/policy.c:434: warning: expecting prototype for aa_lookup_profile(). Prototype was for aa_lookupn_profile() instead security/apparmor/procattr.c:101: warning: expecting prototype for aa_setprocattr_chagnehat(). Prototype was for aa_setprocattr_changehat() instead Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
511f7b5b |
|
14-Dec-2021 |
John Johansen <john.johansen@canonical.com> |
apparmor: fix absroot causing audited secids to begin with = AppArmor is prefixing secids that are converted to secctx with the = to indicate the secctx should only be parsed from an absolute root POV. This allows catching errors where secctx are reparsed back into internal labels. Unfortunately because audit is using secid to secctx conversion this means that subject and object labels can result in a very unfortunate == that can break audit parsing. eg. the subj==unconfined term in the below audit message type=USER_LOGIN msg=audit(1639443365.233:160): pid=1633 uid=0 auid=1000 ses=3 subj==unconfined msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=192.168.122.1 addr=192.168.122.1 terminal=/dev/pts/1 res=success' Fix this by switch the prepending of = to a _. This still works as a special character to flag this case without breaking audit. Also move this check behind debug as it should not be needed during normal operqation. Fixes: 26b7899510ae ("apparmor: add support for absolute root view based labels") Reported-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
f4a2d282 |
|
29-Sep-2021 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
apparmor: Use struct_size() helper in kzalloc() Make use of the struct_size() helper instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worse scenario, could lead to heap overflows. Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
d108370c |
|
04-Oct-2020 |
Tom Rix <trix@redhat.com> |
apparmor: fix error check clang static analysis reports this representative problem: label.c:1463:16: warning: Assigned value is garbage or undefined label->hname = name; ^ ~~~~ In aa_update_label_name(), this the problem block of code if (aa_label_acntsxprint(&name, ...) == -1) return res; On failure, aa_label_acntsxprint() has a more complicated return that just -1. So check for a negative return. It was also noted that the aa_label_acntsxprint() main comment refers to a nonexistent parameter, so clean up the comment. Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels") Signed-off-by: Tom Rix <trix@redhat.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
5268d795 |
|
05-Jun-2020 |
John Johansen <john.johansen@canonical.com> |
apparmor: fix introspection of of task mode for unconfined tasks Fix two issues with introspecting the task mode. 1. If a task is attached to a unconfined profile that is not the ns->unconfined profile then. Mode the mode is always reported as - $ ps -Z LABEL PID TTY TIME CMD unconfined 1287 pts/0 00:00:01 bash test (-) 1892 pts/0 00:00:00 ps instead of the correct value of (unconfined) as shown below $ ps -Z LABEL PID TTY TIME CMD unconfined 2483 pts/0 00:00:01 bash test (unconfined) 3591 pts/0 00:00:00 ps 2. if a task is confined by a stack of profiles that are unconfined the output of label mode is again the incorrect value of (-) like above, instead of (unconfined). This is because the visibile profile count increment is skipped by the special casing of unconfined. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
3622ad25 |
|
07-Jun-2020 |
John Johansen <john.johansen@canonical.com> |
apparmor: Fix memory leak of profile proxy When the proxy isn't replaced and the profile is removed, the proxy is being leaked resulting in a kmemleak check message of unreferenced object 0xffff888077a3a490 (size 16): comm "apparmor_parser", pid 128041, jiffies 4322684109 (age 1097.028s) hex dump (first 16 bytes): 03 00 00 00 00 00 00 00 b0 92 fd 4b 81 88 ff ff ...........K.... backtrace: [<0000000084d5daf2>] aa_alloc_proxy+0x58/0xe0 [<00000000ecc0e21a>] aa_alloc_profile+0x159/0x1a0 [<000000004cc9ce15>] unpack_profile+0x275/0x1c40 [<000000007332b3ca>] aa_unpack+0x1e7/0x7e0 [<00000000e25e31bd>] aa_replace_profiles+0x18a/0x1d10 [<00000000350d9415>] policy_update+0x237/0x650 [<000000003fbf934e>] profile_load+0x122/0x160 [<0000000047f7b781>] vfs_write+0x139/0x290 [<000000008ad12358>] ksys_write+0xcd/0x170 [<000000001a9daa7b>] do_syscall_64+0x70/0x310 [<00000000b9efb0cf>] entry_SYSCALL_64_after_hwframe+0x49/0xb3 Make sure to cleanup the profile's embedded label which will result on the proxy being properly freed. Fixes: 637f688dc3dc ("apparmor: switch from profiles to using labels on contexts") Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
dd2569fb |
|
05-Jun-2020 |
John Johansen <john.johansen@canonical.com> |
apparmor: fix introspection of of task mode for unconfined tasks Fix two issues with introspecting the task mode. 1. If a task is attached to a unconfined profile that is not the ns->unconfined profile then. Mode the mode is always reported as - $ ps -Z LABEL PID TTY TIME CMD unconfined 1287 pts/0 00:00:01 bash test (-) 1892 pts/0 00:00:00 ps instead of the correct value of (unconfined) as shown below $ ps -Z LABEL PID TTY TIME CMD unconfined 2483 pts/0 00:00:01 bash test (unconfined) 3591 pts/0 00:00:00 ps 2. if a task is confined by a stack of profiles that are unconfined the output of label mode is again the incorrect value of (-) like above, instead of (unconfined). This is because the visibile profile count increment is skipped by the special casing of unconfined. Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels") Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
c84b80cd |
|
03-Mar-2020 |
Mateusz Nosek <mateusznosek0@gmail.com> |
security/apparmor/label.c: Clean code by removing redundant instructions Previously 'label->proxy->label' value checking and conditional reassigning were done twice in the same function. The second one is redundant and can be removed. Signed-off-by: Mateusz Nosek <mateusznosek0@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
3ed4aaa9 |
|
25-Sep-2019 |
John Johansen <john.johansen@canonical.com> |
apparmor: fix nnp subset test for unconfined The subset test is not taking into account the unconfined exception which will cause profile transitions in the stacked confinement case to fail when no_new_privs is applied. This fixes a regression introduced in the fix for https://bugs.launchpad.net/bugs/1839037 BugLink: https://bugs.launchpad.net/bugs/1844186 Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
278de07e |
|
02-Jul-2019 |
Markus Elfring <elfring@users.sourceforge.net> |
apparmor: Replace two seq_printf() calls by seq_puts() in aa_label_seq_xprint() Two strings which did not contain a data format specification should be put into a sequence. Thus use the corresponding function “seq_puts”. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
00e0590d |
|
27-Jun-2019 |
Colin Ian King <colin.king@canonical.com> |
apparmor: fix unsigned len comparison with less than zero The sanity check in macro update_for_len checks to see if len is less than zero, however, len is a size_t so it can never be less than zero, so this sanity check is a no-op. Fix this by making len a ssize_t so the comparison will work and add ulen that is a size_t copy of len so that the min() macro won't throw warnings about comparing different types. Addresses-Coverity: ("Macro compares unsigned to 0") Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
9ffbe8ac |
|
31-May-2019 |
Nikolay Borisov <nborisov@suse.com> |
locking/lockdep: Rename lockdep_assert_held_exclusive() -> lockdep_assert_held_write() All callers of lockdep_assert_held_exclusive() use it to verify the correct locking state of either a semaphore (ldisc_sem in tty, mmap_sem for perf events, i_rwsem of inode for dax) or rwlock by apparmor. Thus it makes sense to rename _exclusive to _write since that's the semantics callers care. Additionally there is already lockdep_assert_held_read(), which this new naming is more consistent with. No functional changes. Signed-off-by: Nikolay Borisov <nborisov@suse.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20190531100651.3969-1-nborisov@suse.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
b886d83c |
|
01-Jun-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 315 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Armijn Hemel <armijn@tjaldur.nl> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
a4c3f89c |
|
04-Jun-2018 |
John Johansen <john.johansen@canonical.com> |
apparmor: fixup secid map conversion to using IDR The IDR conversion did not handle an error case for when allocating a mapping fails, and it did not ensure that mappings did not allocate or use a 0 value, which is used as an invalid secid. Which is used when a mapping fails. Fixes: 3ae7eb49a2be ("apparmor: Use an IDR to allocate apparmor secids") Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
b62fb226 |
|
11-Apr-2018 |
Zygmunt Krynicki <zygmunt.krynicki@canonical.com> |
apparmor: fix typo "replace" Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
a18f9028 |
|
11-Apr-2018 |
Zygmunt Krynicki <zygmunt.krynicki@canonical.com> |
apparmor: fix typo "comparison" Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
c0929212 |
|
31-Jul-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: add support for mapping secids and using secctxes Use a radix tree to provide a map between the secid and the label, and along with it a basic ability to provide secctx conversion. Shared/cached secctx will be added later. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
d8889d49 |
|
11-Oct-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: move context.h to cred.h Now that file contexts have been moved into file, and task context fns() and data have been split from the context, only the cred context remains in context.h so rename to cred.h to better reflect what it deals with. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
475bdda1 |
|
08-Sep-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: root view labels should not be under user control The root view of the label parse should not be exposed to user control. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
#
95652cac |
|
06-Sep-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: provide a bounded version of label_parse some label/context sources might not be guaranteed to be null terminiated provide a size bounded version of label parse to deal with these. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
#
6e0654d2 |
|
06-Sep-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: use the dfa to do label parse string splitting The current split scheme is actually wrong in that it splits ///& where that is invalid and should fail. Use the dfa to do a proper bounded split without having to worry about getting the string processing right in code. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
#
feb3c766 |
|
21-Nov-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: fix possible recursive lock warning in __aa_create_ns Use mutex_lock_nested to provide lockdep the parent child lock ordering of the tree. This fixes the lockdep Warning [ 305.275177] ============================================ [ 305.275178] WARNING: possible recursive locking detected [ 305.275179] 4.14.0-rc7+ #320 Not tainted [ 305.275180] -------------------------------------------- [ 305.275181] apparmor_parser/1339 is trying to acquire lock: [ 305.275182] (&ns->lock){+.+.}, at: [<ffffffff970544dd>] __aa_create_ns+0x6d/0x1e0 [ 305.275187] but task is already holding lock: [ 305.275187] (&ns->lock){+.+.}, at: [<ffffffff97054b5d>] aa_prepare_ns+0x3d/0xd0 [ 305.275190] other info that might help us debug this: [ 305.275191] Possible unsafe locking scenario: [ 305.275192] CPU0 [ 305.275193] ---- [ 305.275193] lock(&ns->lock); [ 305.275194] lock(&ns->lock); [ 305.275195] *** DEADLOCK *** [ 305.275196] May be due to missing lock nesting notation [ 305.275198] 2 locks held by apparmor_parser/1339: [ 305.275198] #0: (sb_writers#10){.+.+}, at: [<ffffffff96e9c6b7>] vfs_write+0x1a7/0x1d0 [ 305.275202] #1: (&ns->lock){+.+.}, at: [<ffffffff97054b5d>] aa_prepare_ns+0x3d/0xd0 [ 305.275205] stack backtrace: [ 305.275207] CPU: 1 PID: 1339 Comm: apparmor_parser Not tainted 4.14.0-rc7+ #320 [ 305.275208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014 [ 305.275209] Call Trace: [ 305.275212] dump_stack+0x85/0xcb [ 305.275214] __lock_acquire+0x141c/0x1460 [ 305.275216] ? __aa_create_ns+0x6d/0x1e0 [ 305.275218] ? ___slab_alloc+0x183/0x540 [ 305.275219] ? ___slab_alloc+0x183/0x540 [ 305.275221] lock_acquire+0xed/0x1e0 [ 305.275223] ? lock_acquire+0xed/0x1e0 [ 305.275224] ? __aa_create_ns+0x6d/0x1e0 [ 305.275227] __mutex_lock+0x89/0x920 [ 305.275228] ? __aa_create_ns+0x6d/0x1e0 [ 305.275230] ? trace_hardirqs_on_caller+0x11f/0x190 [ 305.275231] ? __aa_create_ns+0x6d/0x1e0 [ 305.275233] ? __lockdep_init_map+0x57/0x1d0 [ 305.275234] ? lockdep_init_map+0x9/0x10 [ 305.275236] ? __rwlock_init+0x32/0x60 [ 305.275238] mutex_lock_nested+0x1b/0x20 [ 305.275240] ? mutex_lock_nested+0x1b/0x20 [ 305.275241] __aa_create_ns+0x6d/0x1e0 [ 305.275243] aa_prepare_ns+0xc2/0xd0 [ 305.275245] aa_replace_profiles+0x168/0xf30 [ 305.275247] ? __might_fault+0x85/0x90 [ 305.275250] policy_update+0xb9/0x380 [ 305.275252] profile_load+0x7e/0x90 [ 305.275254] __vfs_write+0x28/0x150 [ 305.275256] ? rcu_read_lock_sched_held+0x72/0x80 [ 305.275257] ? rcu_sync_lockdep_assert+0x2f/0x60 [ 305.275259] ? __sb_start_write+0xdc/0x1c0 [ 305.275261] ? vfs_write+0x1a7/0x1d0 [ 305.275262] vfs_write+0xca/0x1d0 [ 305.275264] ? trace_hardirqs_on_caller+0x11f/0x190 [ 305.275266] SyS_write+0x49/0xa0 [ 305.275268] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 305.275271] RIP: 0033:0x7fa6b22e8c74 [ 305.275272] RSP: 002b:00007ffeaaee6288 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 305.275273] RAX: ffffffffffffffda RBX: 00007ffeaaee62a4 RCX: 00007fa6b22e8c74 [ 305.275274] RDX: 0000000000000a51 RSI: 00005566a8198c10 RDI: 0000000000000004 [ 305.275275] RBP: 0000000000000a39 R08: 0000000000000a51 R09: 0000000000000000 [ 305.275276] R10: 0000000000000000 R11: 0000000000000246 R12: 00005566a8198c10 [ 305.275277] R13: 0000000000000004 R14: 00005566a72ecb88 R15: 00005566a72ec3a8 Fixes: 73688d1ed0b8 ("apparmor: refactor prepare_ns() and make usable from different views") Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
26c4eb19 |
|
03-Oct-2017 |
Will Deacon <will@kernel.org> |
locking/rwsem, security/apparmor: Replace homebrew use of write_can_lock() with lockdep The lockdep subsystem provides a robust way to assert that a lock is held, so use that instead of write_can_lock, which can give incorrect results for qrwlocks. Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: John Johansen <john.johansen@canonical.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: paulmck@linux.vnet.ibm.com Link: http://lkml.kernel.org/r/1507055129-12300-1-git-send-email-will.deacon@arm.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
bc4d82fb |
|
16-Aug-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: fix incorrect type assignment when freeing proxies sparse reports poisoning the proxy->label before freeing the struct is resulting in a sparse build warning. ../security/apparmor/label.c:52:30: warning: incorrect type in assignment (different address spaces) ../security/apparmor/label.c:52:30: expected struct aa_label [noderef] <asn:4>*label ../security/apparmor/label.c:52:30: got struct aa_label *<noident> fix with RCU_INIT_POINTER as this is one of those cases where rcu_assign_pointer() is not needed. Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
26b78995 |
|
06-Aug-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: add support for absolute root view based labels With apparmor policy virtualization based on policy namespace View's we don't generally want/need absolute root based views, however there are cases like debugging and some secid based conversions where using a root based view is important. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
#
f872af75 |
|
06-Aug-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: cleanup conditional check for label in label_print Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
#
c5561700 |
|
01-Aug-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: Redundant condition: prev_ns. in [label.c:1498] Reported-by: David Binderman <dcb314@hotmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
|
#
f1bd9041 |
|
09-Jun-2017 |
John Johansen <john.johansen@canonical.com> |
apparmor: add the base fns() for domain labels Begin moving apparmor to using broader domain labels, that will allow run time computation of domain type splitting via "stacking" of profiles into a domain label vec. Signed-off-by: John Johansen <john.johansen@canonical.com>
|