[PATCH 3/3] UBUNTU: SAUCE: AppArmor: allow newer tools to load policyon older kernels
Tetsuo Handa
from-ubuntu at I-love.SAKURA.ne.jp
Wed Sep 15 21:41:07 UTC 2010
John Johansen wrote:
> security/apparmor/policy_unpack.c | 3 ---
> 1 files changed, 0 insertions(+), 3 deletions(-)
>
> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
> index 6b0637b..ef11ba9 100644
> --- a/security/apparmor/policy_unpack.c
> +++ b/security/apparmor/policy_unpack.c
> @@ -575,9 +575,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
>
> size = unpack_array(e, "net_allowed_af");
> if (size) {
> - if (size > AF_MAX)
> - goto fail;
> -
> for (i = 0; i < size; i++) {
> if (!unpack_u16(e, &profile->net.allow[i], NULL))
If this patch changes to accept size > AF_MAX , this patch should change
to allocate net.allow[size] rather than net.allow[AF_MAX] .
> goto fail;
More information about the kernel-team
mailing list