mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 23:05:11 +00:00
Code Issues Releases Wiki Activity

Merge add userspace support for io_uring mediation

Browse Source 
```
io_uring rules have the following format:

io_uring [<access_mode>] [<label>],
access_mode := 'sqpoll'|'override_creds'
label := 'label' '=' <target label>
```

You can use the following kernel tree with the io_uring mediation patch to test this feature https://gitlab.com/georgiag/apparmor-kernel/-/commits/io_uring

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/993
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen
2023-06-29 21:38:02 +00:00
parent d788af0891 cb2292922d
commit fef3eb3693
45 changed files with 1150 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
parser/parser_regex.c
View File

@@ -947,6 +947,7 @@ static const char *mediates_net_unix = CLASS_SUB_STR(AA_CLASS_NET, AF_UNIX);
static const char *mediates_ns = CLASS_STR(AA_CLASS_NS);
static const char *mediates_posix_mqueue = CLASS_STR(AA_CLASS_POSIX_MQUEUE);
static const char *mediates_sysv_mqueue = CLASS_STR(AA_CLASS_SYSV_MQUEUE);
static const char *mediates_io_uring = CLASS_STR(AA_CLASS_IO_URING);
int process_profile_policydb(Profile *prof)
{
@@ -998,6 +999,9 @@ int process_profile_policydb(Profile *prof)
if (features_supports_sysv_mqueue &&
!prof->policy.rules->add_rule(mediates_sysv_mqueue, 0, AA_MAY_READ, 0, dfaflags))
goto out;
if (features_supports_io_uring &&
!prof->policy.rules->add_rule(mediates_io_uring, 0, AA_MAY_READ, 0, dfaflags))
goto out;
if (prof->policy.rules->rule_count > 0) {
int xmatch_len = 0;