- 17 1月, 2017 1 次提交
-
-
由 John Johansen 提交于
The kernel build bot turned up a bad config combination when CONFIG_SECURITY_APPARMOR is y and CONFIG_SECURITY_APPARMOR_HASH is n, resulting in the build error security/built-in.o: In function `aa_unpack': (.text+0x841e2): undefined reference to `aa_g_hash_policy' Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
- 16 1月, 2017 39 次提交
-
-
由 John Johansen 提交于
AA_BUG() uses WARN and won't break the kernel like BUG_ON(). Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 Tyler Hicks 提交于
If this sysctl is set to non-zero and a process with CAP_MAC_ADMIN in the root namespace has created an AppArmor policy namespace, unprivileged processes will be able to change to a profile in the newly created AppArmor policy namespace and, if the profile allows CAP_MAC_ADMIN and appropriate file permissions, will be able to load policy in the respective policy namespace. Signed-off-by: NTyler Hicks <tyhicks@canonical.com> Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 William Hua 提交于
Allow a profile to carry extra data that can be queried via userspace. This provides a means to store extra data in a profile that a trusted helper can extract and use from live policy. Signed-off-by: NWilliam Hua <william.hua@canonical.com> Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
apparmor should be checking the SECURITY_CAP_NOAUDIT constant. Also in complain mode make it so apparmor can elect to log a message, informing of the check. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Allow turning off the computation of the policy hashes via the apparmor.hash_policy kernel parameter. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Moving the use of fqname to later allows learning profiles to be based on the fqname request instead of just the hname. It also allows cleaning up some of the name parsing and lookup by allowing the use of the fqlookupn_profile() lib fn. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
The aad macro can replace aad strings when it is not intended to. Switch to a fn macro so it is only applied when intended. Also at the same time cleanup audit_data initialization by putting common boiler plate behind a macro, and dropping the gfp_t parameter which will become useless. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Having ops be an integer that is an index into an op name table is awkward and brittle. Every op change requires an edit for both the op constant and a string in the table. Instead switch to using const strings directly, eliminating the need for the table that needs to be kept in sync. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Trying to update the task cred while the task current cred is not the real cred will result in an error at the cred layer. Avoid this by failing early and delaying the update. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Having per policy ns interface files helps with containers restoring policy. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
This is just setup for new ns specific .load, .replace, .remove interface files. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Verify that profiles in a load set specify the same policy ns and audit the name of the policy ns that policy is being loaded for. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Store loaded policy and allow introspecting it through apparmorfs. This has several uses from debugging, policy validation, and policy checkpoint and restore for containers. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Policy management will be expanded beyond traditional unconfined root. This will require knowning the profile of the task doing the management and the ns view. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Prepare for a tighter pairing of user namespaces and apparmor policy namespaces, by making the ns to be viewed available. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Prepare for a tighter pairing of user namespaces and apparmor policy namespaces, by making the ns to be viewed available and checking that the user namespace level is the same as the policy ns level. This strict pairing will be relaxed once true support of user namespaces lands. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
This is prep work for fs operations being able to remove namespaces. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Borrow the special null device file from selinux to "close" fds that don't have sufficient permissions at exec time. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Commit 9f834ec1 ("binfmt_elf: switch to new creds when switching to new mm") changed when the creds are installed by the binfmt_elf handler. This affects which creds are used to mmap the executable into the address space. Which can have an affect on apparmor policy. Add a flag to apparmor at /sys/kernel/security/apparmor/features/domain/fix_binfmt_elf_mmap to make it possible to detect this semantic change so that the userspace tools and the regression test suite can correctly deal with the change. BugLink: http://bugs.launchpad.net/bugs/1630069Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Instead of testing whether a given dfa exists in every code path, have a default null dfa that is used when loaded policy doesn't provide a dfa. This will let us get rid of special casing and avoid dereference bugs when special casing is missed. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Newer policy will combine the file and policydb dfas, allowing for better optimizations. However to support older policy we need to keep the ability to address the "file" dfa separately. So dup the policydb as if it is the file dfa and set the appropriate start state. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
The dfa is currently setup to be shared (has the basis of refcounting) but currently can't be because the count can't be increased. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Newer policy encodes more than just version in the version tag, so add masking to make sure the comparison remains correct. Note: this is fully compatible with older policy as it will never set the bits being masked out. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Policy should always under go a full paranoid verification. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
When possible its better to name a learning profile after the missing profile in question. This allows for both more informative names and for profile reuse. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-
由 John Johansen 提交于
prepare_ns() will need to be called from alternate views, and namespaces will need to be created via different interfaces. So refactor and allow specifying the view ns. Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
-