Update permission mapping for changes made to the upstream kernel patch.

The changes are around how user data is handled. 1. permissions are mapped before data is matched 2. If data is to be mapped a AA_CONT_MATCH flag is set in the permissions which allows data matching to continue. 3. If data auditing is to occur the AA_AUDIT_MNT_DATA flag is set This allows better control over matching and auditing of data which can be binary and should not be matched or audited Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com>
2025-09-05 08:45:22 +00:00 · 2012-03-15 12:54:34 -07:00
parent a11efe838a
commit c50858a877
2 changed files with 52 additions and 10 deletions
--- a/parser/mount.h
+++ b/parser/mount.h
@@ -103,8 +103,10 @@
 #define AA_MAY_PIVOTROOT 1
 #define AA_MAY_MOUNT 2
 #define AA_MAY_UMOUNT 4
-#define AA_DUMMY_REMOUNT 32	/* dummy perm for remount rule - is remapped
-				 * to a mount option*/
+#define AA_MATCH_CONT 0x40
+#define AA_AUDIT_MNT_DATA AA_MATCH_CONT
+#define AA_DUMMY_REMOUNT 0x40000000	/* dummy perm for remount rule - is
+					 * remapped to a mount option*/


 struct mnt_entry {