mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-09-02 15:25:27 +00:00
Two minor cleanups / improvements
This commit is contained in:
Andreas Gruenbacher
49
kernel-patches/for-mainline/rename-aa_fork.diff
Normal file
49
kernel-patches/for-mainline/rename-aa_fork.diff
Normal file
@@ -0,0 +1,49 @@
|
|||||||
|
Index: b/security/apparmor/apparmor.h
|
||||||
|
===================================================================
|
||||||
|
--- a/security/apparmor/apparmor.h
|
||||||
|
+++ b/security/apparmor/apparmor.h
|
||||||
|
@@ -227,7 +227,7 @@ extern int aa_perm_dir(struct aa_profile
|
||||||
|
extern int aa_link(struct aa_profile *profile,
|
||||||
|
struct dentry *link, struct vfsmount *link_mnt,
|
||||||
|
struct dentry *target, struct vfsmount *target_mnt);
|
||||||
|
-extern int aa_fork(struct task_struct *task);
|
||||||
|
+extern int aa_clone(struct task_struct *task);
|
||||||
|
extern int aa_register(struct linux_binprm *bprm);
|
||||||
|
extern void aa_release(struct task_struct *task);
|
||||||
|
extern int aa_change_hat(const char *id, u32 hat_magic);
|
||||||
|
Index: b/security/apparmor/lsm.c
|
||||||
|
===================================================================
|
||||||
|
--- a/security/apparmor/lsm.c
|
||||||
|
+++ b/security/apparmor/lsm.c
|
||||||
|
@@ -504,7 +504,7 @@ static int apparmor_file_mprotect(struct
|
||||||
|
|
||||||
|
static int apparmor_task_alloc_security(struct task_struct *task)
|
||||||
|
{
|
||||||
|
- return aa_fork(task);
|
||||||
|
+ return aa_clone(task);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void apparmor_task_free_security(struct task_struct *task)
|
||||||
|
Index: b/security/apparmor/main.c
|
||||||
|
===================================================================
|
||||||
|
--- a/security/apparmor/main.c
|
||||||
|
+++ b/security/apparmor/main.c
|
||||||
|
@@ -725,14 +725,16 @@ int aa_link(struct aa_profile *profile,
|
||||||
|
*******************************/
|
||||||
|
|
||||||
|
/**
|
||||||
|
- * aa_fork - initialize the task context for a new task
|
||||||
|
+ * aa_clone - initialize the task context for a new task
|
||||||
|
* @task: task that is being created
|
||||||
|
*/
|
||||||
|
-int aa_fork(struct task_struct *child)
|
||||||
|
+int aa_clone(struct task_struct *child)
|
||||||
|
{
|
||||||
|
struct aa_task_context *cxt, *child_cxt;
|
||||||
|
struct aa_profile *profile;
|
||||||
|
|
||||||
|
+ if (!aa_task_context(current))
|
||||||
|
+ return 0;
|
||||||
|
child_cxt = aa_alloc_task_context(child);
|
||||||
|
if (!child_cxt)
|
||||||
|
return -ENOMEM;
|
||||||
@@ -78,3 +78,5 @@ remove-iterators.diff
|
|||||||
rename-aa_switch_to_profile.diff
|
rename-aa_switch_to_profile.diff
|
||||||
rework-locking.diff
|
rework-locking.diff
|
||||||
rework-locking-2.diff
|
rework-locking-2.diff
|
||||||
|
unreachabe-paths.diff
|
||||||
|
rename-aa_fork.diff
|
||||||
|
|||||||
@@ -1,13 +0,0 @@
|
|||||||
Index: b/security/apparmor/main.c
|
|
||||||
===================================================================
|
|
||||||
--- a/security/apparmor/main.c
|
|
||||||
+++ b/security/apparmor/main.c
|
|
||||||
@@ -1087,7 +1087,7 @@ void aa_release(struct task_struct *task
|
|
||||||
|
|
||||||
/**
|
|
||||||
* do_change_hat - actually switch hats
|
|
||||||
- * @hat_name: name of hat to swtich to
|
|
||||||
+ * @hat_name: name of hat to switch to
|
|
||||||
* @cxt: current aa_task_context
|
|
||||||
*
|
|
||||||
* Switch to a new hat. Return %0 on success, error otherwise.
|
|
||||||
@@ -1,17 +0,0 @@
|
|||||||
---
|
|
||||||
security/apparmor/inline.h | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
Index: b/security/apparmor/inline.h
|
|
||||||
===================================================================
|
|
||||||
--- a/security/apparmor/inline.h
|
|
||||||
+++ b/security/apparmor/inline.h
|
|
||||||
@@ -60,7 +60,7 @@ static inline struct aa_profile *aa_get_
|
|
||||||
* profile. The cxt_lock must be held to ensure consistency against
|
|
||||||
* other writers. Some write paths (ex. aa_register) require
|
|
||||||
* cxt->profile not to change over several operations, so the calling
|
|
||||||
- * function is responsible for grabing the cxt_lock to meet its
|
|
||||||
+ * function is responsible for grabbing the cxt_lock to meet its
|
|
||||||
* consistency constraints before calling aa_switch_to_profile
|
|
||||||
*/
|
|
||||||
static inline void aa_switch_to_profile(struct aa_task_context *cxt,
|
|
||||||
22
kernel-patches/for-mainline/unreachabe-paths.diff
Normal file
22
kernel-patches/for-mainline/unreachabe-paths.diff
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
There is no need to go throught the whole state machine for unreachable
|
||||||
|
dentries; they will never match.
|
||||||
|
|
||||||
|
Index: b/security/apparmor/main.c
|
||||||
|
===================================================================
|
||||||
|
--- a/security/apparmor/main.c
|
||||||
|
+++ b/security/apparmor/main.c
|
||||||
|
@@ -172,6 +172,14 @@ static char *aa_get_pathname(struct dent
|
||||||
|
|
||||||
|
name = d_namespace_path(dentry, mnt, buf, size, 1);
|
||||||
|
if (!IS_ERR(name)) {
|
||||||
|
+ if (*name != '/') {
|
||||||
|
+ /*
|
||||||
|
+ * This dentry is not connected to the
|
||||||
|
+ * namespace root -- reject access.
|
||||||
|
+ */
|
||||||
|
+ kfree(buf);
|
||||||
|
+ return ERR_PTR(-ENOENT);
|
||||||
|
+ }
|
||||||
|
*buffer = buf;
|
||||||
|
return name;
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user