mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

Remove setting of capabilities from the syntax

Browse Source 
The ability to set capabilities from a profile has been removed from the
kernel for several releases.  Remove it from the parser as well.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
This commit is contained in:
John Johansen
2012-02-16 08:04:04 -08:00
parent 4a4ec1c54a
commit dd7427d1eb
6 changed files with 4 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
parser/parser_interface.c
View File

@@ -609,15 +609,14 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
#define low_caps(X) ((u32) ((X) & 0xffffffff))
#define high_caps(X) ((u32) (((X) >> 32) & 0xffffffff))
allowed_caps = (profile->capabilities | profile->set_caps) &
~profile->deny_caps;
allowed_caps = (profile->capabilities) & ~profile->deny_caps;
if (!sd_write32(p, low_caps(allowed_caps)))
return 0;
if (!sd_write32(p, low_caps(allowed_caps & profile->audit_caps)))
return 0;
if (!sd_write32(p, low_caps(profile->deny_caps & profile->quiet_caps)))
return 0;
if (!sd_write32(p, low_caps(profile->set_caps & ~profile->deny_caps)))
if (!sd_write32(p, 0))
return 0;
if (!sd_write_struct(p, "caps64"))
@@ -628,7 +627,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
return 0;
if (!sd_write32(p, high_caps(profile->deny_caps & profile->quiet_caps)))
return 0;
if (!sd_write32(p, high_caps(profile->set_caps & ~profile->deny_caps)))
if (!sd_write32(p, 0))
return 0;
if (!sd_write_structend(p))
return 0;