Prepare for 4.0.3 release

- Bump version
- bump library version

Signed-off-by: John Johansen <john.johansen@canonical.com>

binutils/aa_load.c

@@ -172,7 +172,8 @@ static int load_policy_dir(const char *dir_path)
 	while ((dir = readdir(d)) != NULL) {
 		/* Only check regular files for now */
 		if (dir->d_type == DT_REG) {
-			len = strnlen(dir->d_name, PATH_MAX);
+			/* As per POSIX dir->d_name has at most NAME_MAX characters */
+			len = strnlen(dir->d_name, NAME_MAX);
 			/* Ignores .features */
 			if (strncmp(dir->d_name, CACHE_FEATURES_FILE, len) == 0) {
 				continue;

common/Version

@@ -1 +1 @@
-4.0.2
+4.0.3

libraries/libapparmor/src/Makefile.am

@@ -32,10 +32,10 @@ INCLUDES = $(all_includes)
 #
 # After changing the AA_LIB_* variables, also update EXPECTED_SO_NAME.
 
-AA_LIB_CURRENT = 19
+AA_LIB_CURRENT = 20
 AA_LIB_REVISION = 0
-AA_LIB_AGE = 18
+AA_LIB_AGE = 19
-EXPECTED_SO_NAME = libapparmor.so.1.18.0
+EXPECTED_SO_NAME = libapparmor.so.1.19.0
 
 SUFFIXES = .pc.in .pc
 

libraries/libapparmor/src/libapparmor.map

@@ -127,6 +127,7 @@ APPARMOR_3.0 {
 APPARMOR_3.1 {
   global:
 	aa_features_check;
+	aa_split_overlay_str;
   local:
 	*;
 } APPARMOR_3.0;

libraries/libapparmor/src/tst_features.c

@@ -135,7 +135,7 @@ static int do_test_walk_one(const char **str, const struct component *component,
 
 static int test_walk_one(void)
 {
-	struct component c;
+	struct component c = (struct component) { NULL, 0 };
 	const char *str;
 	int rc = 0;
 

libraries/libapparmor/swig/SWIG/libapparmor.i

@@ -55,7 +55,7 @@ extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
 extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
 extern int aa_gettaskcon(pid_t target, char **label, char **mode);
 extern int aa_getcon(char **label, char **mode);
-extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
+extern int aa_getpeercon_raw(int fd, char *buf, socklen_t *len, char **mode);
 extern int aa_getpeercon(int fd, char **label, char **mode);
 extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
 			  int *audit);

profiles/apparmor.d/abstractions/base

@@ -98,6 +98,9 @@
   # best place -- but many profiles require it, and it is quite harmless.
   @{PROC}/sys/kernel/ngroups_max r,
 
+  # Used to determine if Linux is running in FIPS mode
+  @{PROC}/sys/crypto/fips_enabled r,
+
   # glibc's sysconf(3) routine to determine free memory, etc
   @{PROC}/meminfo                r,
   @{PROC}/stat                   r,

profiles/apparmor.d/runc

@@ -4,7 +4,7 @@
 abi <abi/4.0>,
 include <tunables/global>
 
-profile runc /usr/sbin/runc flags=(unconfined) {
+profile runc /usr/{bin,sbin}/runc flags=(unconfined) {
   userns,
 
   # Site-specific additions and overrides. See local/README for details.

profiles/apparmor/profiles/extras/firefox

@@ -28,6 +28,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
   include <abstractions/dbus-strict>
   include <abstractions/dbus-session-strict>
   include <abstractions/dconf>
+  include <abstractions/fcitx>
   include <abstractions/fonts>
   include <abstractions/gnome>
   include <abstractions/ibus>

tests/regression/apparmor/attach_disconnected.sh

@@ -23,12 +23,13 @@ settest unix_fd_server
 disk_img=$tmpdir/disk_img
 new_root=$tmpdir/new_root/
 put_old=${new_root}put_old/
-root_was_shared="no"
 fstype="ext2"
 file=$tmpdir/file
 socket=$tmpdir/unix_fd_test
 att_dis_client=$pwd/attach_disconnected
 
+. $bin/mount.inc
+
 attach_disconnected_cleanup() {
 	if [ ! -z "$loop_device" ]; then
 		losetup -d $loop_device
@@ -39,10 +40,7 @@ attach_disconnected_cleanup() {
 		umount "$new_root"
 	fi
 
-	if [ "$root_was_shared" = "yes" ] ; then
+	prop_cleanup
-		[ -n "$VERBOSE" ] && echo 'notice: re-mounting / as shared'
-		mount --make-shared /
-	fi
 }
 do_onexit="attach_disconnected_cleanup"
 
@@ -50,24 +48,6 @@ if [ ! -b /dev/loop0 ] ; then
 	modprobe loop
 fi
 
-# systemd mounts / and everything under it MS_SHARED. This breaks
-# pivot_root entirely, so attempt to detect it, and remount /
-# MS_PRIVATE temporarily.
-FINDMNT=/bin/findmnt
-if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
-	if [ "$(${FINDMNT} -no PROPAGATION /)" = "shared" ] ; then
-	root_was_shared="yes"
-	fi
-elif [ "$(ps hp1  -ocomm)" = "systemd" ] ; then
-	# no findmnt or findmnt doesn't know the PROPAGATION column,
-	# but init is systemd so assume rootfs is shared
-	root_was_shared="yes"
-fi
-if [ "${root_was_shared}" = "yes" ] ; then
-	[ -n "$VERBOSE" ] && echo 'notice: re-mounting / as private'
-	mount --make-private /
-fi
-
 dd if=/dev/zero of="$disk_img" bs=1024 count=512 2> /dev/null
 /sbin/mkfs -t "$fstype" -F "$disk_img" > /dev/null 2> /dev/null
 # mounting will be done by the test binary

tests/regression/apparmor/environ.sh

@@ -85,6 +85,32 @@ runchecktest "ENVIRON (shell script): confined/complain & sensitive env" pass ${
 # TEST environment filtering still works on setuid apps
 removeprofile
 
+tmpfs_dir=${tmpdir}/tmpfs_dir
+remove_mnt() {
+	mountpoint -q "$tmpfs_dir"
+	if [ $? -eq 0 ] ; then
+		umount "$tmpfs_dir"
+	fi
+}
+do_onexit="remove_mnt"
+
+# setuid apps mounted in a fs with "nosuid" option do not honor those
+# bits during execution, so run the test in a mounted tmpdir without nosuid
+FINDMNT=/bin/findmnt
+if [ -x "${FINDMNT}" ] && ${FINDMNT} -no TARGET,OPTIONS -T $tmpdir > /dev/null 2>&1 ; then
+	output="$(${FINDMNT} -no TARGET,OPTIONS -T $tmpdir)"
+	target="$(echo $output | cut -d' ' -f1)"
+	options="$(echo $output | cut -d' ' -f2)"
+	case "$options" in
+		*nosuid* )
+			echo "    $target is mounted with nosuid, creating a new mountpoint..."
+			setuid_helper=${tmpfs_dir}/env_check
+			mkdir ${tmpfs_dir}
+			mount -t tmpfs tmpfs ${tmpfs_dir}
+			;;
+	esac
+fi
+
 cp $helper ${setuid_helper}
 chown nobody ${setuid_helper}
 chmod u+s ${setuid_helper}

tests/regression/apparmor/mount.inc

@@ -0,0 +1,30 @@
+root_was_shared="no"
+root="/"
+
+# systemd mounts / and everything under it MS_SHARED. This breaks
+# pivot_root and mount "move" operations entirely, so attempt to
+# detect from which mount point the test is running from, and remount
+# it MS_PRIVATE temporarily.
+FINDMNT=/bin/findmnt
+if [ -x "${FINDMNT}" ] && ${FINDMNT} -no TARGET,PROPAGATION -T $tmpdir > /dev/null 2>&1 ; then
+	output="$(${FINDMNT} -no TARGET,PROPAGATION -T $tmpdir)"
+	root="$(echo $output | cut -d' ' -f1)"
+	if [ "$(echo $output | cut -d' ' -f2)" == "shared" ] ; then
+		root_was_shared="yes"
+	fi
+elif [ "$(ps hp1  -ocomm)" = "systemd" ] ; then
+	# no findmnt or findmnt doesn't know the PROPAGATION column,
+	# but init is systemd so assume rootfs is shared
+	root_was_shared="yes"
+fi
+if [ "${root_was_shared}" = "yes" ] ; then
+	[ -n "$VERBOSE" ] && echo "notice: re-mounting $root as private"
+	mount --make-private $root
+fi
+
+prop_cleanup() {
+	if [ "${root_was_shared}" = "yes" ] ; then
+		[ -n "$VERBOSE" ] && echo "notice: re-mounting $root as shared"
+		mount --make-shared $root
+	fi
+}

tests/regression/apparmor/mount.sh

@@ -32,7 +32,8 @@ mount_point2=$tmpdir/mountpoint2
 mount_bad=$tmpdir/mountbad
 loop_device="unset" 
 fstype="ext2"
-root_was_shared="no"
+
+. $bin/mount.inc
 
 setup_mnt() {
 	/bin/mount -n -t${fstype} ${loop_device} ${mount_point}
@@ -59,9 +60,7 @@ mount_cleanup() {
 	then
 		/sbin/losetup -d ${loop_device} &> /dev/null
 	fi
-	if [ "${root_was_shared}" = "yes" ] ; then
+	prop_cleanup
-		mount --make-shared /
-	fi
 }
 do_onexit="mount_cleanup"
 
@@ -81,23 +80,6 @@ fi
 loop_device=$(losetup -f) || fatalerror 'Unable to find a free loop device'
 /sbin/losetup "$loop_device" ${mount_file} > /dev/null 2> /dev/null
 
-# systemd mounts / and everything under it MS_SHARED which does
-# not work with "move", so attempt to detect it, and remount /
-# MS_PRIVATE temporarily. snippet from pivot_root.sh
-FINDMNT=/bin/findmnt
-if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
-	if [ "$(${FINDMNT} -no PROPAGATION /)" == "shared" ] ; then
-		root_was_shared="yes"
-	fi
-elif [ "$(ps hp1  -ocomm)" = "systemd" ] ; then
-	# no findmnt or findmnt doesn't know the PROPAGATION column,
-	# but init is systemd so assume rootfs is shared
-	root_was_shared="yes"
-fi
-if [ "${root_was_shared}" = "yes" ] ; then
-	mount --make-private /
-fi
-
 options=(
 	# default and non-default options
 	"rw,ro"

tests/regression/apparmor/pivot_root.sh

@@ -25,7 +25,8 @@ put_old=${new_root}put_old/
 bad=$tmpdir/BAD/
 proc=$new_root/proc
 fstype="ext2"
-root_was_shared="no"
+
+. $bin/mount.inc
 
 pivot_root_cleanup() {
 	mountpoint -q "$proc"
@@ -38,10 +39,7 @@ pivot_root_cleanup() {
 		umount "$new_root"
 	fi
 
-	if [ "${root_was_shared}" = "yes" ] ; then
+	prop_cleanup
-		[ -n "$VERBOSE" ] && echo 'notice: re-mounting / as shared'
-		mount --make-shared /
-	fi
 }
 do_onexit="pivot_root_cleanup"
 
@@ -50,24 +48,6 @@ if [ ! -b /dev/loop0 ] ; then
 	modprobe loop
 fi
 
-# systemd mounts / and everything under it MS_SHARED. This breaks
-# pivot_root entirely, so attempt to detect it, and remount /
-# MS_PRIVATE temporarily.
-FINDMNT=/bin/findmnt
-if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
-	if [ "$(${FINDMNT} -no PROPAGATION /)" = "shared" ] ; then
-		root_was_shared="yes"
-	fi
-elif [ "$(ps hp1  -ocomm)" = "systemd" ] ; then
-	# no findmnt or findmnt doesn't know the PROPAGATION column,
-	# but init is systemd so assume rootfs is shared
-	root_was_shared="yes"
-fi
-if [ "${root_was_shared}" = "yes" ] ; then
-	[ -n "$VERBOSE" ] && echo 'notice: re-mounting / as private'
-	mount --make-private /
-fi
-
 # Create disk image since pivot_root doesn't allow old root and new root to be
 # on the same filesystem
 dd if=/dev/zero of="$disk_img" bs=1024 count=512 2> /dev/null

tests/regression/apparmor/swap.sh

@@ -27,16 +27,38 @@ bin=$pwd
 ## A. SWAP
 ##
 
-# check if we can run the test at all
+swap_file=$tmpdir/swapfile
+
+# check if we can run the test in tmpdir
 fstype=$(stat -f --format '%T' "${tmpdir}")
 if [ "${fstype}" = "tmpfs" ] ; then
-	echo "ERROR: tmpdir '${tmpdir}' is of type tmpfs; can't mount a swapfile on it" 1>&2
+	# create a mountpoint not tmpfs
-	echo "ERROR: skipping swap tests" 1>&2
+	mount_file=$tmpdir/mountfile
-	num_testfailures=1
+	mount_point=$tmpdir/mountpoint
-	exit
+	fstype="ext2"
+	dd if=/dev/zero of=${mount_file} bs=1024 count=900 2> /dev/null
+	/sbin/mkfs -t${fstype} -F ${mount_file} > /dev/null 2> /dev/null
+	/bin/mkdir ${mount_point}
+
+	loop_device=$(losetup -f) || fatalerror 'Unable to find a free loop device'
+	/sbin/losetup "$loop_device" ${mount_file} > /dev/null 2> /dev/null
+
+	/bin/mount -n -t${fstype} ${loop_device} ${mount_point}
+
+	swap_file=$mount_point/swapfile
 fi
 
-swap_file=$tmpdir/swapfile
+remove_mnt() {
+	mountpoint -q "${mount_point}"
+	if [ $? -eq 0 ] ; then
+		/bin/umount -t${fstype} ${mount_point}
+	fi
+	if [ -n "$loop_device" ]
+	then
+		/sbin/losetup -d ${loop_device} &> /dev/null
+	fi
+}
+do_onexit="remove_mnt"
 
 # ppc64el wants this to be larger than 640KiB
 # arm/small machines want this as small as possible