AppArmor update for Precise
John Johansen
john.johansen at canonical.com
Fri Feb 24 16:56:25 UTC 2012
This apparmor update is to meet the requirements of the following blue-prints
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-containers
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-permissions-rework
https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-ubuntu
it also contains the fix for
BugLink: http://bugs.launchpad.net/bugs/925028
The following changes since commit 00e2d7f3bcaf0cbb3d93defce24106966b6d017d:
UBUNTU: Ubuntu-3.2.0-17.26 (2012-02-17 10:13:46 -0800)
are available in the git repository at:
ssh://kernel.ubuntu.com/srv/kernel.ubuntu.com/git/jj/ubuntu-precise.git apparmor
for you to fetch changes up to 183a6edfaf235fafec23ee6ec608306f94cd5bd5:
UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs (2012-02-24 05:50:47 -0800)
----------------------------------------------------------------
John Johansen (19):
Revert "UBUNTU: SAUCE: AppArmor: Fix unpack of network tables."
Revert "AppArmor: compatibility patch for v5 interface"
Revert "AppArmor: compatibility patch for v5 network controll"
Revert "UBUNTU: SAUCE: AppArmor: Allow dfa backward compatibility with broken userspace"
UBUNTU: SAUCE: AppArmor: Add mising end of structure test to caps unpacking
UBUNTU: SAUCE: AppArmor: Fix dropping of allowed operations that are force audited
UBUNTU: SAUCE: AppArmor: Fix underflow in xindex calculation
UBUNTU: SAUCE: AppArmor: fix mapping of META_READ to audit and quiet flags
UBUNTU: SAUCE: AppArmor: Fix the error case for chroot relative path name lookup
UBUNTU: SAUCE: AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
UBUNTU: SAUCE: AppArmor: Minor cleanup of d_namespace_path to consolidate error handling
UBUNTU: SAUCE: AppArmor: Update dfa matching routines.
UBUNTU: SAUCE: AppArmor: Move path failure information into aa_get_name and rename
UBUNTU: SAUCE: AppArmor: Make chroot relative the default path lookup type
UBUNTU: SAUCE: AppArmor: Add ability to load extended policy
UBUNTU: SAUCE: AppArmor: basic networking rules
UBUNTU: SAUCE: AppArmor: Add profile introspection file to interface
UBUNTU: SAUCE: AppArmor: Add the ability to mediate mount
UBUNTU: SAUCE: AppArmor: Add mount information to apparmorfs
Kees Cook (4):
UBUNTU: SAUCE: AppArmor: refactor securityfs to use structures
UBUNTU: SAUCE: AppArmor: add initial "features" directory to securityfs
UBUNTU: SAUCE: AppArmor: add "file" details to securityfs
UBUNTU: SAUCE: AppArmor: export known rlimit names/value mappings in securityfs
include/linux/lsm_audit.h | 7 +
security/apparmor/.gitignore | 2 +-
security/apparmor/Kconfig | 9 -
security/apparmor/Makefile | 71 +++-
security/apparmor/apparmorfs-24.c | 287 ---------------
security/apparmor/apparmorfs.c | 450 +++++++++++++++++++++---
security/apparmor/audit.c | 5 +
security/apparmor/domain.c | 7 +-
security/apparmor/file.c | 21 +-
security/apparmor/include/apparmor.h | 16 +-
security/apparmor/include/apparmorfs.h | 50 +++-
security/apparmor/include/audit.h | 9 +-
security/apparmor/include/domain.h | 2 +
security/apparmor/include/file.h | 2 +-
security/apparmor/include/match.h | 3 +
security/apparmor/include/mount.h | 53 +++
security/apparmor/include/net.h | 6 +-
security/apparmor/include/path.h | 3 +-
security/apparmor/include/policy.h | 13 +
security/apparmor/include/resource.h | 4 +
security/apparmor/lsm.c | 59 ++++
security/apparmor/match.c | 97 ++++-
security/apparmor/mount.c | 600 ++++++++++++++++++++++++++++++++
security/apparmor/net.c | 25 +-
security/apparmor/path.c | 54 ++--
security/apparmor/policy.c | 4 +
security/apparmor/policy_unpack.c | 35 ++-
security/apparmor/resource.c | 5 +
28 files changed, 1438 insertions(+), 461 deletions(-)
delete mode 100644 security/apparmor/apparmorfs-24.c
create mode 100644 security/apparmor/include/mount.h
create mode 100644 security/apparmor/mount.c
More information about the kernel-team
mailing list