summaryrefslogtreecommitdiff
path: root/security/apparmor
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-05-26 18:49:04 -0700
committerJohn Johansen <john.johansen@canonical.com>2017-06-10 17:11:28 -0700
commita83bd86e833a5842ad033527ea9af589efa6dc84 (patch)
treeb802e0442135e4fa5e71f71dca0c5fd5b6ac6785 /security/apparmor
parent4ae47f33354a96efb4e4231dec0d72a586b3921c (diff)
downloadlwn-a83bd86e833a5842ad033527ea9af589efa6dc84.tar.gz
lwn-a83bd86e833a5842ad033527ea9af589efa6dc84.zip
apparmor: add label data availability to the feature set
gsettings mediation needs to be able to determine if apparmor supports label data queries. A label data query can be done to test for support but its failure is indistinguishable from other failures, making it an unreliable indicator. Fix by making support of label data queries available as a flag in the apparmorfs features dir tree. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/apparmorfs.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 7f3049300ce3..a447c00a452c 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1849,6 +1849,15 @@ static struct aa_sfs_entry aa_sfs_entry_policy[] = {
{ }
};
+static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
+ AA_SFS_FILE_BOOLEAN("data", 1),
+ { }
+};
+
+static struct aa_sfs_entry aa_sfs_entry_query[] = {
+ AA_SFS_DIR("label", aa_sfs_entry_query_label),
+ { }
+};
static struct aa_sfs_entry aa_sfs_entry_features[] = {
AA_SFS_DIR("policy", aa_sfs_entry_policy),
AA_SFS_DIR("domain", aa_sfs_entry_domain),
@@ -1856,6 +1865,7 @@ static struct aa_sfs_entry aa_sfs_entry_features[] = {
AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit),
AA_SFS_DIR("caps", aa_sfs_entry_caps),
+ AA_SFS_DIR("query", aa_sfs_entry_query),
{ }
};