[apparmor] [PATCH 2/2] apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT for userns and io_uring sysctls

[Ryan Lee]

These two sysctls used to be INTPTRs, before being changed to BOOLEANs.
Now that their values are hardcoded, switch to the new BOOLEAN_INTPRINT
type to preserve backwards compatibility upon reads of the values.

Before this patchset:
$ cat /sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns
yes

After this patchset (matching the old behavior):
$ cat /sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns
1

Signed-off-by: Ryan Lee <ryan.lee at canonical.com>
---
 security/apparmor/apparmorfs.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 92f034f369c2..bcbeb5cfb396 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -2590,8 +2590,11 @@ static struct aa_sfs_entry aa_sfs_entry_domain[] = {
 
 static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
 	AA_SFS_FILE_BOOLEAN("change_profile", 1),
-	AA_SFS_FILE_BOOLEAN("userns",		1),
-	AA_SFS_FILE_BOOLEAN("io_uring",		1),
+	/* Retain backwards compatibility with Ubuntu userspace
+	 * code that is expecting integer values for these sysctls
+	 */
+	AA_SFS_FILE_BOOLEAN_INTPRINT("userns",		1),
+	AA_SFS_FILE_BOOLEAN_INTPRINT("io_uring",		1),
 	{ }
 };
 
-- 
2.43.0
base-kernel: Ubuntu-6.14.0-7.7
target: Ubuntu-kernel