mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 22:35:35 +00:00
Code Issues Releases Wiki Activity

parser: add support for user namespace creation

Browse Source 
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia
2022-09-29 17:40:18 -03:00
parent 18d1b06b0c
commit f400b41c4a
12 changed files with 238 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
parser/parser_regex.c
View File

@@ -935,6 +935,7 @@ static const char *mediates_ptrace = CLASS_STR(AA_CLASS_PTRACE);
static const char *mediates_extended_net = CLASS_STR(AA_CLASS_NET);
static const char *mediates_netv8 = CLASS_STR(AA_CLASS_NETV8);
static const char *mediates_net_unix = CLASS_SUB_STR(AA_CLASS_NET, AF_UNIX);
static const char *mediates_ns = CLASS_STR(AA_CLASS_NS);
int process_profile_policydb(Profile *prof)
{
@@ -977,6 +978,9 @@ int process_profile_policydb(Profile *prof)
(!prof->policy.rules->add_rule(mediates_extended_net, 0, AA_MAY_READ, 0, dfaflags) ||
!prof->policy.rules->add_rule(mediates_net_unix, 0, AA_MAY_READ, 0, dfaflags)))
goto out;
if (features_supports_userns &&
!prof->policy.rules->add_rule(mediates_ns, 0, AA_MAY_READ, 0, dfaflags))
goto out;
if (prof->policy.rules->rule_count > 0) {
int xmatch_len = 0;