mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

Update base network mediation patch with missing feature pinning fixup

Browse Source 
apparmor: fix regression in network mediation when using feature pinning

When the 4.14-rc6 and earlier kernels are used with an upstream 4.13
or earlier pinned feature set, there is a regression in network
mediation where policy is not being correctly enforced, because the
compilation is completely dropping the af mediation table as expected
by pre 4.14 kernels but the 4.14 kernel is not accounting for this.

Resulting in network denials that can not be fixed by policy.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2018-02-01 09:43:37 +01:00
parent 8f6d94bf44
commit 547708bc99
2 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kernel-patches/v4.14/0002-apparmor-af_unix-mediation.patch
View File

@@ -1,4 +1,4 @@
From 9ef395833a0783ac47bb72a6283ebe3e83735128 Mon Sep 17 00:00:00 2001
From 2e7f6d0dc0f1d3642950f529b451af73fa1baf9c Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Tue, 18 Jul 2017 23:27:23 -0700
Subject: [PATCH 2/2] apparmor: af_unix mediation