Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 98407f0a authored by John Johansen's avatar John Johansen
Browse files

apparmor: allow specifying an already created dir to create ns entries in 



Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Reviewed-by: default avatarSeth Arnold <seth.arnold@canonical.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
parent c97204ba

security/apparmor/apparmorfs.c

+5 −4
Original line number Diff line number Diff line
@@ -1339,11 +1339,12 @@ static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir) 
/*

 * Requires: @ns->lock held

 */

int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name)

int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,

		    struct dentry *dent)

{

	struct aa_ns *sub;

	struct aa_profile *child;

	struct dentry *dent, *dir;

	struct dentry *dir;

	int error;



	AA_BUG(!ns);
@@ -1373,7 +1374,7 @@ int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name) 
	/* subnamespaces */

	list_for_each_entry(sub, &ns->sub_ns, base.list) {

		mutex_lock(&sub->lock);

		error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL);

		error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);

		mutex_unlock(&sub->lock);

		if (error)

			goto fail2;
@@ -1929,7 +1930,7 @@ static int __init aa_create_aafs(void) 
	ns_subremove(root_ns) = dent;



	mutex_lock(&root_ns->lock);

	error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy");

	error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy", NULL);

	mutex_unlock(&root_ns->lock);



	if (error)

security/apparmor/include/apparmorfs.h

+2 −2
Original line number Diff line number Diff line
@@ -112,8 +112,8 @@ void __aafs_profile_migrate_dents(struct aa_profile *old, 
				   struct aa_profile *new);

int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);

void __aafs_ns_rmdir(struct aa_ns *ns);

int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent,

		     const char *name);

int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,

		     struct dentry *dent);



struct aa_loaddata;

void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata);

security/apparmor/policy_ns.c

+1 −1
Original line number Diff line number Diff line
@@ -196,7 +196,7 @@ static struct aa_ns *__aa_create_ns(struct aa_ns *parent, const char *name, 
	if (!ns)

		return NULL;

	mutex_lock(&ns->lock);

	error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name);

	error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name, dir);

	if (error) {

		AA_ERROR("Failed to create interface for ns %s\n",

			 ns->base.name);