summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-09 17:22:50 -0700
committerJohn Johansen <john.johansen@canonical.com>2017-06-10 17:11:48 -0700
commit6c5fc8f17a2528052bace1d91a3bef003bd1331d (patch)
treed03ffb8f609d39f2f2a25524ee51c2dde3881ccf /security
parent40cde7fcc344bc77c1ec9d291dcc35ab12f078aa (diff)
downloadlwn-6c5fc8f17a2528052bace1d91a3bef003bd1331d.tar.gz
lwn-6c5fc8f17a2528052bace1d91a3bef003bd1331d.zip
apparmor: add stacked domain labels interface
Update the user interface to support the stacked change_profile transition. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/apparmorfs.c3
-rw-r--r--security/apparmor/lsm.c5
2 files changed, 8 insertions, 0 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 6310bf1485b6..229845009a95 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -2132,6 +2132,7 @@ static struct aa_sfs_entry aa_sfs_entry_domain[] = {
AA_SFS_FILE_BOOLEAN("change_hatv", 1),
AA_SFS_FILE_BOOLEAN("change_onexec", 1),
AA_SFS_FILE_BOOLEAN("change_profile", 1),
+ AA_SFS_FILE_BOOLEAN("stack", 1),
AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
AA_SFS_FILE_STRING("version", "1.2"),
{ }
@@ -2175,6 +2176,8 @@ static struct aa_sfs_entry aa_sfs_entry_features[] = {
static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
AA_SFS_FILE_FOPS(".access", 0640, &aa_sfs_access),
+ AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
+ AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
AA_SFS_FILE_FOPS(".ns_level", 0666, &seq_ns_level_fops),
AA_SFS_FILE_FOPS(".ns_name", 0640, &seq_ns_name_fops),
AA_SFS_FILE_FOPS("profiles", 0440, &aa_sfs_profiles_fops),
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 0f7c5c2be732..867bcd154c7e 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -580,11 +580,16 @@ static int apparmor_setprocattr(const char *name, void *value,
error = aa_change_profile(args, AA_CHANGE_NOFLAGS);
} else if (strcmp(command, "permprofile") == 0) {
error = aa_change_profile(args, AA_CHANGE_TEST);
+ } else if (strcmp(command, "stack") == 0) {
+ error = aa_change_profile(args, AA_CHANGE_STACK);
} else
goto fail;
} else if (strcmp(name, "exec") == 0) {
if (strcmp(command, "exec") == 0)
error = aa_change_profile(args, AA_CHANGE_ONEXEC);
+ else if (strcmp(command, "stack") == 0)
+ error = aa_change_profile(args, (AA_CHANGE_ONEXEC |
+ AA_CHANGE_STACK));
else
goto fail;
} else