Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
31617ddf
Commit
31617ddf
authored
Jan 16, 2017
by
John Johansen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apparmor: add fn to lookup profiles by fqname
Signed-off-by:
John Johansen
<
john.johansen@canonical.com
>
parent
3b0aaf58
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
38 additions
and
7 deletions
+38
-7
security/apparmor/include/policy.h
security/apparmor/include/policy.h
+2
-0
security/apparmor/include/policy_ns.h
security/apparmor/include/policy_ns.h
+5
-5
security/apparmor/policy.c
security/apparmor/policy.c
+29
-0
security/apparmor/policy_ns.c
security/apparmor/policy_ns.c
+2
-2
No files found.
security/apparmor/include/policy.h
View file @
31617ddf
...
...
@@ -180,6 +180,8 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name);
struct
aa_profile
*
aa_lookupn_profile
(
struct
aa_ns
*
ns
,
const
char
*
hname
,
size_t
n
);
struct
aa_profile
*
aa_lookup_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
struct
aa_profile
*
aa_fqlookupn_profile
(
struct
aa_profile
*
base
,
const
char
*
fqname
,
size_t
n
);
struct
aa_profile
*
aa_match_profile
(
struct
aa_ns
*
ns
,
const
char
*
name
);
ssize_t
aa_replace_profiles
(
void
*
udata
,
size_t
size
,
bool
noreplace
);
...
...
security/apparmor/include/policy_ns.h
View file @
31617ddf
...
...
@@ -46,11 +46,11 @@ struct aa_ns_acct {
* @uniq_id: a unique id count for the profiles in the namespace
* @dents: dentries for the namespaces file entries in apparmorfs
*
* An aa_ns defines the set profiles that are searched to determine
*
which profile to attach to a task. Profiles can not be shared between
* a
a_nss and profile names within a namespace are guaranteed to be
*
unique. When profiles in separate namespaces have the same name they
*
are NOT considered
to be equivalent.
* An aa_ns defines the set profiles that are searched to determine
which
*
profile to attach to a task. Profiles can not be shared between aa_ns
* a
nd profile names within a namespace are guaranteed to be unique. When
*
profiles in separate namespaces have the same name they are NOT considered
* to be equivalent.
*
* Namespaces are hierarchical and only namespaces and profiles below the
* current namespace are visible.
...
...
security/apparmor/policy.c
View file @
31617ddf
...
...
@@ -498,6 +498,35 @@ struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname)
{
return
aa_lookupn_profile
(
ns
,
hname
,
strlen
(
hname
));
}
struct
aa_profile
*
aa_fqlookupn_profile
(
struct
aa_profile
*
base
,
const
char
*
fqname
,
size_t
n
)
{
struct
aa_profile
*
profile
;
struct
aa_ns
*
ns
;
const
char
*
name
,
*
ns_name
;
size_t
ns_len
;
name
=
aa_splitn_fqname
(
fqname
,
n
,
&
ns_name
,
&
ns_len
);
if
(
ns_name
)
{
ns
=
aa_findn_ns
(
base
->
ns
,
ns_name
,
ns_len
);
if
(
!
ns
)
return
NULL
;
}
else
ns
=
aa_get_ns
(
base
->
ns
);
if
(
name
)
profile
=
aa_lookupn_profile
(
ns
,
name
,
n
-
(
name
-
fqname
));
else
if
(
ns
)
/* default profile for ns, currently unconfined */
profile
=
aa_get_newest_profile
(
ns
->
unconfined
);
else
profile
=
NULL
;
aa_put_ns
(
ns
);
return
profile
;
}
/**
* replacement_allowed - test to see if replacement is allowed
* @profile: profile to test if it can be replaced (MAYBE NULL)
...
...
security/apparmor/policy_ns.c
View file @
31617ddf
...
...
@@ -226,7 +226,7 @@ static void __ns_list_release(struct list_head *head);
/**
* destroy_ns - remove everything contained by @ns
* @ns: n
s
to have it contents removed (NOT NULL)
* @ns: n
amespace
to have it contents removed (NOT NULL)
*/
static
void
destroy_ns
(
struct
aa_ns
*
ns
)
{
...
...
@@ -276,7 +276,7 @@ static void __ns_list_release(struct list_head *head)
}
/**
* aa_alloc_root_ns - allocate the root profile namesp
ca
e
* aa_alloc_root_ns - allocate the root profile namesp
ac
e
*
* Returns: %0 on success else error
*
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment