diff options
Diffstat (limited to 'security/apparmor')
| -rw-r--r-- | security/apparmor/Kconfig | 2 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 40 | ||||
| -rw-r--r-- | security/apparmor/path.c | 9 |
3 files changed, 29 insertions, 22 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig index 72555b9..9b9013b 100644 --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -1,6 +1,6 @@ config SECURITY_APPARMOR bool "AppArmor support" - depends on SECURITY + depends on SECURITY && NET select AUDIT select SECURITY_PATH select SECURITYFS diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8db33a8..f73e2c2 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -607,8 +607,8 @@ static int apparmor_setprocattr(struct task_struct *task, char *name, return error; } -static int apparmor_task_setrlimit(unsigned int resource, - struct rlimit *new_rlim) +static int apparmor_task_setrlimit(struct task_struct *task, + unsigned int resource, struct rlimit *new_rlim) { struct aa_profile *profile = aa_current_profile(); int error = 0; @@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = { * AppArmor sysfs module parameters */ -static int param_set_aabool(const char *val, struct kernel_param *kp); -static int param_get_aabool(char *buffer, struct kernel_param *kp); +static int param_set_aabool(const char *val, const struct kernel_param *kp); +static int param_get_aabool(char *buffer, const struct kernel_param *kp); #define param_check_aabool(name, p) __param_check(name, p, int) +static struct kernel_param_ops param_ops_aabool = { + .set = param_set_aabool, + .get = param_get_aabool +}; -static int param_set_aauint(const char *val, struct kernel_param *kp); -static int param_get_aauint(char *buffer, struct kernel_param *kp); +static int param_set_aauint(const char *val, const struct kernel_param *kp); +static int param_get_aauint(char *buffer, const struct kernel_param *kp); #define param_check_aauint(name, p) __param_check(name, p, int) +static struct kernel_param_ops param_ops_aauint = { + .set = param_set_aauint, + .get = param_get_aauint +}; -static int param_set_aalockpolicy(const char *val, struct kernel_param *kp); -static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp); +static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp); +static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp); #define param_check_aalockpolicy(name, p) __param_check(name, p, int) +static struct kernel_param_ops param_ops_aalockpolicy = { + .set = param_set_aalockpolicy, + .get = param_get_aalockpolicy +}; static int param_set_audit(const char *val, struct kernel_param *kp); static int param_get_audit(char *buffer, struct kernel_param *kp); @@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str) __setup("apparmor=", apparmor_enabled_setup); /* set global flag turning off the ability to load policy */ -static int param_set_aalockpolicy(const char *val, struct kernel_param *kp) +static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp) { if (!capable(CAP_MAC_ADMIN)) return -EPERM; @@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp) return param_set_bool(val, kp); } -static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp) +static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp) { if (!capable(CAP_MAC_ADMIN)) return -EPERM; return param_get_bool(buffer, kp); } -static int param_set_aabool(const char *val, struct kernel_param *kp) +static int param_set_aabool(const char *val, const struct kernel_param *kp) { if (!capable(CAP_MAC_ADMIN)) return -EPERM; return param_set_bool(val, kp); } -static int param_get_aabool(char *buffer, struct kernel_param *kp) +static int param_get_aabool(char *buffer, const struct kernel_param *kp) { if (!capable(CAP_MAC_ADMIN)) return -EPERM; return param_get_bool(buffer, kp); } -static int param_set_aauint(const char *val, struct kernel_param *kp) +static int param_set_aauint(const char *val, const struct kernel_param *kp) { if (!capable(CAP_MAC_ADMIN)) return -EPERM; return param_set_uint(val, kp); } -static int param_get_aauint(char *buffer, struct kernel_param *kp) +static int param_get_aauint(char *buffer, const struct kernel_param *kp) { if (!capable(CAP_MAC_ADMIN)) return -EPERM; diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 96bab94..19358dc 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -62,19 +62,14 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, int deleted, connected; int error = 0; - /* Get the root we want to resolve too */ + /* Get the root we want to resolve too, released below */ if (flags & PATH_CHROOT_REL) { /* resolve paths relative to chroot */ - read_lock(¤t->fs->lock); - root = current->fs->root; - /* released below */ - path_get(&root); - read_unlock(¤t->fs->lock); + get_fs_root(current->fs, &root); } else { /* resolve paths relative to namespace */ root.mnt = current->nsproxy->mnt_ns->root; root.dentry = root.mnt->mnt_root; - /* released below */ path_get(&root); } |