1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114 | Includes fixes from 4.12 kernel
Uses securityfs change proposed for (hopefully) 4.13 kernel, which is a smaller change than in xenial/zesty. But requires a large change in apparmorfs
Includes a few other bug fixes
The following changes since commit a351e9b9fc24e982ec2f0e76379a49826036da12:
Linux 4.11 (2017-04-30 19:47:48 -0700)
are available in the git repository at:
git://kernel.ubuntu.com/jj/linux-apparmor-backports v4.10-aa3.6-port-to-v4.11
for you to fetch changes up to 2044e7465891b098ce727a8f13a01b875781622d:
apparmor: virtualize the policy/ directory (2017-05-12 06:14:01 -0700)
----------------------------------------------------------------
John Johansen (25):
apparmor: fix invalid reference to index variable of iterator line 836
apparmor: fix parameters so that the permission test is bypassed at boot
apparmor: Make path_max parameter readonly
securityfs: update interface to allow inode_ops, and setup from vfs fns
apparmor: sync of apparmor 3.6+ (17.04)
UBUNTU: SAUCE: apparmor: fix label parse for stacked labels
UBUNTU: SAUCE: apparmor: add information about the query inteface to the feature set
UBUNTU: SAUCE: apparmor: add label data availability to the feature set
UBUNTU: SAUCE: apparmor: add policy revision file interface
apparmor: provide information about path buffer size at boot
apparmor: speed up transactional queries
UBUNTU: SAUCE: apparmor: fix complain mode failure for rlimit mediation
apparmor: update auditing of rlimit check to provide capability information
UBUNTU: SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails
UBUNTU: SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode() fails
UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count
UBUNTU: SAUCE: apparmor: fix lock ordering for mkdir
apparmor: add/use fns to print hash string hex value
apparmor: move loaddata to per ns file
securityfs: Revert previous interface changes
securityfs: add the ability to support symlinks
apparmor: use symlinks from profiles to rawdata files
apparmor: cleanup profile/* files
apparmor: cleanup ns file ops
apparmor: virtualize the policy/ directory
Markus Elfring (2):
apparmorfs: Combine two function calls into one in aa_fs_seq_raw_abi_show()
apparmorfs: Use seq_putc() in two functions
Nicolas Iooss (1):
apparmor: use SHASH_DESC_ON_STACK
include/linux/security.h | 12 +
include/uapi/linux/magic.h | 2 +
security/apparmor/.gitignore | 1 +
security/apparmor/Kconfig | 35 +
security/apparmor/Makefile | 50 +-
security/apparmor/af_unix.c | 643 +++++++++
security/apparmor/apparmorfs.c | 1695 ++++++++++++++++++-----
security/apparmor/audit.c | 30 +-
security/apparmor/capability.c | 59 +-
security/apparmor/context.c | 81 +-
security/apparmor/crypto.c | 51 +-
security/apparmor/domain.c | 1373 ++++++++++++------
security/apparmor/file.c | 544 ++++++--
security/apparmor/include/af_unix.h | 114 ++
security/apparmor/include/apparmor.h | 9 +-
security/apparmor/include/apparmorfs.h | 67 +-
security/apparmor/include/audit.h | 56 +-
security/apparmor/include/capability.h | 8 +-
security/apparmor/include/context.h | 178 +--
security/apparmor/include/crypto.h | 11 +
security/apparmor/include/domain.h | 5 +
security/apparmor/include/file.h | 117 +-
security/apparmor/include/ipc.h | 22 +-
security/apparmor/include/label.h | 503 +++++++
security/apparmor/include/lib.h | 130 +-
security/apparmor/include/mount.h | 54 +
security/apparmor/include/net.h | 124 ++
security/apparmor/include/path.h | 7 +-
security/apparmor/include/perms.h | 173 +++
security/apparmor/include/policy.h | 151 +-
security/apparmor/include/policy_ns.h | 10 +-
security/apparmor/include/policy_unpack.h | 65 +-
security/apparmor/include/procattr.h | 3 +-
security/apparmor/include/resource.h | 6 +-
security/apparmor/include/sig_names.h | 95 ++
security/apparmor/ipc.c | 224 ++-
security/apparmor/label.c | 2142 +++++++++++++++++++++++++++++
security/apparmor/lib.c | 387 +++++-
security/apparmor/lsm.c | 827 +++++++++--
security/apparmor/mount.c | 705 ++++++++++
security/apparmor/net.c | 357 +++++
security/apparmor/path.c | 132 +-
security/apparmor/policy.c | 410 +++---
security/apparmor/policy_ns.c | 25 +-
security/apparmor/policy_unpack.c | 146 +-
security/apparmor/procattr.c | 65 +-
security/apparmor/resource.c | 113 +-
security/inode.c | 140 +-
48 files changed, 10313 insertions(+), 1844 deletions(-)
create mode 100644 security/apparmor/af_unix.c
create mode 100644 security/apparmor/include/af_unix.h
create mode 100644 security/apparmor/include/label.h
create mode 100644 security/apparmor/include/mount.h
create mode 100644 security/apparmor/include/net.h
create mode 100644 security/apparmor/include/perms.h
create mode 100644 security/apparmor/include/sig_names.h
create mode 100644 security/apparmor/label.c
create mode 100644 security/apparmor/mount.c
create mode 100644 security/apparmor/net.c
|