parser: Check kernel stacking support when handling stacked transitions

Check if the current kernel supports stacking. If not, ensure that named transitions (exec, change_profile, etc.) do not attempt to stack their targets. Also, set up the change_profile vector according to whether or not the kernel supports stacking. Earlier kernels expect the policy namespace to be in its own NUL-terminated vector element rather than passing the entire label (namespace and profile name) as a single string to the kernel. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-08-30 22:05:27 +00:00 · 2016-03-18 17:28:51 -05:00
parent 00fb4e94ab
commit 1a7663e89a
6 changed files with 59 additions and 10 deletions
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -638,6 +638,8 @@ static void set_supported_features(void)
 						       "policy/set_load");
 	kernel_supports_diff_encode = aa_features_supports(features,
 							   "policy/diff_encode");
+	kernel_supports_stacking = aa_features_supports(features,
+							"domain/stack");

 	if (aa_features_supports(features, "policy/versions/v7"))
 		kernel_abi_version = 7;