| 1234567891011121314151617181920212223242526272829303132333435363738 |
- From d7410054784d8aa0e313f9eeb6110a791420f3d3 Mon Sep 17 00:00:00 2001
- From: John Johansen <[email protected]>
- Date: Mon, 30 Jul 2018 13:55:30 -0700
- Subject: UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix
- sockets
- The apparmor policy language current does not allow expressing of the
- locking permission for no-fs unix sockets. However the kernel is
- enforcing mediation.
- Add the AA_MAY_LOCK perm to the computed perm mask which will grant
- permission for all current abi profiles, but still allow specifying
- auditing of the operation if needed.
- BugLink: http://bugs.launchpad.net/bugs/1780227
- Signed-off-by: John Johansen <[email protected]>
- Acked-by: Acked-by: Stefan Bader <[email protected]>
- Acked-by: Acked-by: Kleber Sacilotto de Souza <[email protected]>
- Signed-off-by: Seth Forshee <[email protected]>
- ---
- security/apparmor/lib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
- (limited to 'security/apparmor')
- diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
- index fa49b81..bf72843 100644
- --- a/security/apparmor/lib.c
- +++ b/security/apparmor/lib.c
- @@ -334,7 +334,7 @@ void aa_compute_perms(struct aa_dfa *dfa, unsigned int state,
- /* for v5 perm mapping in the policydb, the other set is used
- * to extend the general perm set
- */
- - perms->allow |= map_other(dfa_other_allow(dfa, state));
- + perms->allow |= map_other(dfa_other_allow(dfa, state)) | AA_MAY_LOCK;
- perms->audit |= map_other(dfa_other_audit(dfa, state));
- perms->quiet |= map_other(dfa_other_quiet(dfa, state));
- // perms->xindex = dfa_user_xindex(dfa, state);
|
