e50352257c
This change updates the kernel patches with the patches used by Proxmox. Furthermore, we split the patches from Proxmox and Ubuntu, so that we don't have to re-order them.
38 lines
1.6 KiB
Diff
38 lines
1.6 KiB
Diff
From d7410054784d8aa0e313f9eeb6110a791420f3d3 Mon Sep 17 00:00:00 2001
|
|
From: John Johansen <john.johansen@canonical.com>
|
|
Date: Mon, 30 Jul 2018 13:55:30 -0700
|
|
Subject: UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix
|
|
sockets
|
|
|
|
The apparmor policy language current does not allow expressing of the
|
|
locking permission for no-fs unix sockets. However the kernel is
|
|
enforcing mediation.
|
|
|
|
Add the AA_MAY_LOCK perm to the computed perm mask which will grant
|
|
permission for all current abi profiles, but still allow specifying
|
|
auditing of the operation if needed.
|
|
|
|
BugLink: http://bugs.launchpad.net/bugs/1780227
|
|
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
|
Acked-by: Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
Acked-by: Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
|
|
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
|
|
---
|
|
security/apparmor/lib.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
(limited to 'security/apparmor')
|
|
|
|
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
|
|
index fa49b81..bf72843 100644
|
|
--- a/security/apparmor/lib.c
|
|
+++ b/security/apparmor/lib.c
|
|
@@ -334,7 +334,7 @@ void aa_compute_perms(struct aa_dfa *dfa, unsigned int state,
|
|
/* for v5 perm mapping in the policydb, the other set is used
|
|
* to extend the general perm set
|
|
*/
|
|
- perms->allow |= map_other(dfa_other_allow(dfa, state));
|
|
+ perms->allow |= map_other(dfa_other_allow(dfa, state)) | AA_MAY_LOCK;
|
|
perms->audit |= map_other(dfa_other_audit(dfa, state));
|
|
perms->quiet |= map_other(dfa_other_quiet(dfa, state));
|
|
// perms->xindex = dfa_user_xindex(dfa, state);
|