Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "Nothing major for this kernel, just maintenance updates" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (21 commits) apparmor: add the ability to report a sha1 hash of loaded policy apparmor: export set of capabilities supported by the apparmor module apparmor: add the profile introspection file to interface apparmor: add an optional profile attachment string for profiles apparmor: add interface files for profiles and namespaces apparmor: allow setting any profile into the unconfined state apparmor: make free_profile available outside of policy.c apparmor: rework namespace free path apparmor: update how unconfined is handled apparmor: change how profile replacement update is done apparmor: convert profile lists to RCU based locking apparmor: provide base for multiple profiles to be replaced at once apparmor: add a features/policy dir to interface apparmor: enable users to query whether apparmor is enabled apparmor: remove minimum size check for vmalloc() Smack: parse multiple rules per write to load2, up to PAGE_SIZE-1 bytes Smack: network label match fix security: smack: add a hash table to quicken smk_find_entry() security: smack: fix memleak in smk_write_rules_list() xattr: Constify ->name member of "struct xattr". ...
This commit is contained in:
Linus Torvalds
@@ -508,19 +508,21 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
|
||||
/* released below */
|
||||
const struct cred *cred = get_task_cred(task);
|
||||
struct aa_task_cxt *cxt = cred_cxt(cred);
|
||||
struct aa_profile *profile = NULL;
|
||||
|
||||
if (strcmp(name, "current") == 0)
|
||||
error = aa_getprocattr(aa_newest_version(cxt->profile),
|
||||
value);
|
||||
profile = aa_get_newest_profile(cxt->profile);
|
||||
else if (strcmp(name, "prev") == 0 && cxt->previous)
|
||||
error = aa_getprocattr(aa_newest_version(cxt->previous),
|
||||
value);
|
||||
profile = aa_get_newest_profile(cxt->previous);
|
||||
else if (strcmp(name, "exec") == 0 && cxt->onexec)
|
||||
error = aa_getprocattr(aa_newest_version(cxt->onexec),
|
||||
value);
|
||||
profile = aa_get_newest_profile(cxt->onexec);
|
||||
else
|
||||
error = -EINVAL;
|
||||
|
||||
if (profile)
|
||||
error = aa_getprocattr(profile, value);
|
||||
|
||||
aa_put_profile(profile);
|
||||
put_cred(cred);
|
||||
|
||||
return error;
|
||||
@@ -744,7 +746,7 @@ module_param_named(paranoid_load, aa_g_paranoid_load, aabool,
|
||||
|
||||
/* Boot time disable flag */
|
||||
static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
|
||||
module_param_named(enabled, apparmor_enabled, aabool, S_IRUSR);
|
||||
module_param_named(enabled, apparmor_enabled, bool, S_IRUGO);
|
||||
|
||||
static int __init apparmor_enabled_setup(char *str)
|
||||
{
|
||||
@@ -843,7 +845,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp)
|
||||
if (!apparmor_enabled)
|
||||
return -EINVAL;
|
||||
|
||||
return sprintf(buffer, "%s", profile_mode_names[aa_g_profile_mode]);
|
||||
return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]);
|
||||
}
|
||||
|
||||
static int param_set_mode(const char *val, struct kernel_param *kp)
|
||||
@@ -858,8 +860,8 @@ static int param_set_mode(const char *val, struct kernel_param *kp)
|
||||
if (!val)
|
||||
return -EINVAL;
|
||||
|
||||
for (i = 0; i < APPARMOR_NAMES_MAX_INDEX; i++) {
|
||||
if (strcmp(val, profile_mode_names[i]) == 0) {
|
||||
for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) {
|
||||
if (strcmp(val, aa_profile_mode_names[i]) == 0) {
|
||||
aa_g_profile_mode = i;
|
||||
return 0;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user