mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ignore the AA_CHANGE_PROFILE flag when checking for link permission.

Browse source
This commit is contained in:
Andreas Gruenbacher 2007-06-22 18:45:17 +00:00
parent b1ee140da5
commit 024b9d702a
2 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
kernel-patches/for-mainline/change_profile-2.diff Normal file
View file

@ -0,0 +1,18 @@
---
security/apparmor/main.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -68,6 +68,11 @@ static int aa_link_denied(struct aa_prof
l_mode = aa_match(profile->file_rules, link);
t_mode = aa_match(profile->file_rules, target);
+
+ /* Ignore valid-profile-transition flags. */
+ l_mode &= ~AA_CHANGE_PROFILE;
+ t_mode &= ~AA_CHANGE_PROFILE;
+
*request_mask = l_mode | AA_MAY_LINK;
/* Link always requires 'l' on the link, a subset of the

1
kernel-patches/for-mainline/series
View file

@ -62,6 +62,7 @@ audit-remove-buffer.diff
#multi-profile-load.diff #multi-profile-load.diff
fix_link_perm.diff fix_link_perm.diff
change_profile.diff change_profile.diff
change_profile-2.diff
flatten-hats.diff flatten-hats.diff
flatten-hats-2.diff flatten-hats-2.diff
#change_hat-to-change_profile.diff #change_hat-to-change_profile.diff