[Patch 0/14] [Xenial] misc fixes for apparmor

John Johansen john.johansen at canonical.com
Wed Feb 1 09:05:52 UTC 2017 

The following patch sequence fixes various out bugs in apparmor in
xenial.

The patch sequence is also available via the following pull request

---

The following changes since commit a3064a277ba7e96a6b0e6bc4f38ad5036f26478b:

  UBUNTU: Ubuntu-4.4.0-59.80 (2017-01-05 12:46:52 -0600)

are available in the git repository at:

  git://kernel.ubuntu.com/jj/ubuntu-xenial.git

for you to fetch changes up to 1faaefb7c36c762cdbe493c399fd95a7e1488d44:

  UBUNTU: SAUCE: apparmor: flock mediation is not being enforced on cache check (2017-01-31 23:21:48 -0800)

----------------------------------------------------------------
John Johansen (14):
      UBUNTU: SAUCE: apparmor: fix cross ns perm of unix domain sockets
      UBUNTU: SAUCE: apparmor: fix replacement race in reading rawdata
      UBUNTU: SAUCE: apparmor: fix reference count bug in label_merge_insert()
      UBUNTU: SAUCE: apparmor: fix label leak when new label is unused
      UBUNTU: SAUCE: apparmor: Don't audit denied access of special apparmor .null file
      UBUNTU: SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails
      UBUNTU: SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails
      UBUNTU: SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode() fails
      UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count
      UBUNTU: SAUCE: apparmor: fix lock ordering for mkdir
      UBUNTU: SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked namespaces
      UBUNTU: SAUCE: apparmor: fix ns ref count link when removing profiles from policy
      UBUNTU: SAUCE: apparmor: null profiles should inherit parent control flags
      UBUNTU: SAUCE: apparmor: flock mediation is not being enforced on cache check

 include/linux/security.h              |  5 +-
 security/apparmor/af_unix.c           |  2 +-
 security/apparmor/apparmorfs.c        | 36 +++++++++-----
 security/apparmor/domain.c            | 92 ++++++++++++++++++++++-------------
 security/apparmor/file.c              | 13 +++--
 security/apparmor/include/policy_ns.h |  4 +-
 security/apparmor/label.c             | 24 +++++++--
 security/apparmor/lsm.c               |  3 ++
 security/apparmor/mount.c             |  1 +
 security/apparmor/policy.c            |  3 ++
 security/apparmor/policy_ns.c         |  8 +--
 security/inode.c                      |  5 ++
 12 files changed, 133 insertions(+), 63 deletions(-)

More information about the kernel-team mailing list