mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

reorder patches in preparation for patch merging

Browse source
This commit is contained in:
John Johansen 2008-04-07 17:48:20 +00:00
parent d3eb6500f5
commit 1daeaa9308
6 changed files with 115 additions and 140 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

106
kernel-patches/for-mainline/apparmor-audit-flags2.diff
View file

@ -1,15 +1,15 @@
---
security/apparmor/apparmor.h | 16 -
security/apparmor/apparmor.h | 14 -
security/apparmor/apparmorfs.c | 2
security/apparmor/inline.h | 14
security/apparmor/main.c | 502 +++++++++++++++++++----------------
security/apparmor/inline.h | 14 -
security/apparmor/main.c | 490 +++++++++++++++++++----------------
security/apparmor/match.c | 9
security/apparmor/module_interface.c | 10
6 files changed, 322 insertions(+), 231 deletions(-)
6 files changed, 309 insertions(+), 230 deletions(-)
--- a/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -46,8 +46,7 @@
@@ -44,8 +44,7 @@
AA_EXEC_MOD_2 | AA_EXEC_MOD_3 | \
AA_EXEC_MOD_4)
@ -19,7 +19,7 @@
#define AA_EXEC_UNCONFINED AA_EXEC_MOD_0
#define AA_EXEC_INHERIT AA_EXEC_MOD_1
@@ -87,6 +86,10 @@
@@ -85,6 +84,10 @@
AA_AUDIT_FIELD)
#define AA_VALID_PERM_MASK (AA_FILE_PERMS | AA_SHARED_PERMS)
@ -30,7 +30,7 @@
#define AA_VALID_PERM2_MASK 0x0fffffff
#define AA_SECURE_EXEC_NEEDED 1
@@ -181,11 +184,16 @@ struct aa_profile {
@@ -179,6 +182,9 @@ struct aa_profile {
int isstale;
kernel_cap_t capabilities;
@ -40,14 +40,7 @@
struct kref count;
struct list_head task_contexts;
spinlock_t lock;
unsigned long int_flags;
u16 network_families[AF_MAX];
+ u16 audit_network[AF_MAX];
+ u16 quiet_network[AF_MAX];
};
extern struct list_head profile_ns_list;
@@ -229,7 +237,7 @@ struct aa_audit {
@@ -226,7 +232,7 @@ struct aa_audit {
const char *name;
const char *name2;
const char *name3;
@ -55,8 +48,8 @@
+ int request_mask, denied_mask, audit_mask;
struct iattr *iattr;
pid_t task, parent;
int family, type, protocol;
@@ -338,7 +346,7 @@ extern struct aa_dfa *aa_match_alloc(voi
int error_code;
@@ -331,7 +337,7 @@ extern struct aa_dfa *aa_match_alloc(voi
extern void aa_match_free(struct aa_dfa *dfa);
extern int unpack_dfa(struct aa_dfa *dfa, void *blob, size_t size);
extern int verify_dfa(struct aa_dfa *dfa);
@ -102,7 +95,7 @@
#endif /* __INLINE_H__ */
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -39,204 +39,6 @@ static int aa_inode_mode(struct inode *i
@@ -36,204 +36,6 @@ static int aa_inode_mode(struct inode *i
return AA_OTHER_SHIFT;
}
@ -307,7 +300,7 @@
int alloc_default_namespace(void)
{
struct aa_namespace *ns;
@@ -510,20 +312,259 @@ int aa_audit(struct aa_profile *profile,
@@ -471,20 +273,259 @@ int aa_audit(struct aa_profile *profile,
int type = AUDIT_APPARMOR_DENIED;
struct audit_context *audit_cxt;
@ -575,7 +568,7 @@
/**
* aa_attr - check if attribute change is allowed
* @profile: profile to check against
@@ -660,10 +701,11 @@ int aa_perm_path(struct aa_profile *prof
@@ -621,10 +662,11 @@ int aa_perm_path(struct aa_profile *prof
else
sa.request_mask = mask << AA_OTHER_SHIFT;
@ -589,7 +582,7 @@
}
/**
@@ -699,7 +741,7 @@ int aa_capability(struct aa_task_context
@@ -660,7 +702,7 @@ int aa_capability(struct aa_task_context
sa.name = capability_names[cap];
sa.error_code = error;
@ -598,7 +591,7 @@
return error;
}
@@ -748,11 +790,12 @@ int aa_link(struct aa_profile *profile,
@@ -709,11 +751,12 @@ int aa_link(struct aa_profile *profile,
if (sa.name && sa.name2) {
sa.denied_mask = aa_link_denied(profile, sa.name, sa.name2,
aa_inode_mode(target->d_inode),
@ -613,40 +606,7 @@
aa_put_name_buffer(buffer);
aa_put_name_buffer(buffer2);
@@ -765,7 +808,7 @@ int aa_net_perm(struct aa_profile *profi
{
struct aa_audit sa;
int error = 0;
- u16 family_mask;
+ u16 family_mask, audit_mask, quiet_mask;
if ((family < 0) || (family >= AF_MAX))
return -EINVAL;
@@ -778,6 +821,8 @@ int aa_net_perm(struct aa_profile *profi
return 0;
family_mask = profile->network_families[family];
+ audit_mask = profile->audit_network[family];
+ quiet_mask = profile->quiet_network[family];
error = (family_mask & (1 << type)) ? 0 : -EACCES;
@@ -789,6 +834,14 @@ int aa_net_perm(struct aa_profile *profi
sa.protocol = protocol;
sa.error_code = error;
+ if (likely(!error)) {
+ if (!PROFILE_AUDIT(profile) && !(family_mask & audit_mask))
+ return 0;
+ } else if (!((1 << type) & ~quiet_mask)) {
+//printk("Quieting network %d family 0x%x audit 0x%x quiet 0x%x\n", family, family_mask, audit_mask, quiet_mask);
+ return error;
+ }
+//printk("auditing network\n");
error = aa_audit(profile, &sa);
return error;
@@ -898,8 +951,8 @@ aa_register_find(struct aa_profile *prof
@@ -802,8 +845,8 @@ aa_register_find(struct aa_profile *prof
new_profile =
aa_dup_profile(profile->ns->null_complain_profile);
} else {
@ -657,7 +617,7 @@
}
} else {
/* Only way we can get into this code is if task
@@ -959,7 +1012,8 @@ repeat:
@@ -863,7 +906,8 @@ repeat:
/* Confined task, determine what mode inherit, unconfined or
* mandatory to load new profile
*/
@ -667,7 +627,7 @@
if (exec_mode & sa.request_mask) {
switch ((exec_mode >> shift) & AA_EXEC_MODIFIERS) {
@@ -1002,6 +1056,9 @@ repeat:
@@ -906,6 +950,9 @@ repeat:
break;
}
@ -677,7 +637,7 @@
} else if (complain) {
/* There was no entry in calling profile
* describing mode to execute image in.
@@ -1012,8 +1069,8 @@ repeat:
@@ -916,8 +963,8 @@ repeat:
exec_mode |= AA_EXEC_UNSAFE << shift;
} else {
sa.denied_mask = sa.request_mask;
@ -688,7 +648,7 @@
}
} else {
/* Unconfined task, load profile if it exists */
@@ -1069,6 +1126,7 @@ repeat:
@@ -973,6 +1020,7 @@ repeat:
sa.info = "set profile";
aa_audit_hint(new_profile, &sa);
}
@ -696,7 +656,7 @@
cleanup:
aa_put_name_buffer(buffer);
if (IS_ERR(new_profile))
@@ -1245,7 +1303,7 @@ repeat:
@@ -1149,7 +1197,7 @@ repeat:
if (PROFILE_COMPLAIN(profile) ||
(ns == profile->ns &&
@ -705,7 +665,7 @@
error = do_change_profile(profile, ns, name, 0, 0, &sa);
else {
/* check for a rule with a namespace prepended */
@@ -1452,9 +1510,11 @@ void aa_change_task_context(struct task_
@@ -1356,9 +1404,11 @@ void aa_change_task_context(struct task_
call_rcu(&old_cxt->rcu, free_aa_task_context_rcu_callback);
}
if (new_cxt) {
@ -752,7 +712,7 @@
/**
--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -312,6 +312,10 @@ static struct aa_profile *aa_unpack_prof
@@ -310,6 +310,10 @@ static struct aa_profile *aa_unpack_prof
if (!aa_is_u32(e, &(profile->capabilities), NULL))
goto fail;
@ -761,20 +721,20 @@
+ if (!aa_is_u32(e, &(profile->quiet_caps), NULL))
+ goto fail;
size = aa_is_array(e, "net_allowed_af");
if (size) {
@@ -321,6 +325,10 @@ static struct aa_profile *aa_unpack_prof
for (i = 0; i < size; i++) {
if (!aa_is_u16(e, &profile->network_families[i], NULL))
goto fail;
/* get file rules */
profile->file_rules = aa_unpack_dfa(e);
@@ -317,6 +321,10 @@ static struct aa_profile *aa_unpack_prof
error = PTR_ERR(profile->file_rules);
profile->file_rules = NULL;
goto fail;
+ if (!aa_is_u16(e, &profile->audit_network[i], NULL))
+ goto fail;
+ if (!aa_is_u16(e, &profile->quiet_network[i], NULL))
+ goto fail;
}
if (!aa_is_nameX(e, AA_ARRAYEND, NULL))
goto fail;
@@ -380,7 +388,7 @@ static int aa_verify_header(struct aa_ex
}
if (!aa_is_nameX(e, AA_STRUCTEND, NULL))
@@ -360,7 +368,7 @@ static int aa_verify_header(struct aa_ex
}
/* check that the interface version is currently supported */

18
kernel-patches/for-mainline/apparmor-intree.diff
View file

@ -5,10 +5,9 @@ Signed-off-by: John Johansen <jjohansen@suse.de>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
---
security/Kconfig | 1 +
security/Makefile | 1 +
security/apparmor/Kconfig | 3 ++-
3 files changed, 4 insertions(+), 1 deletion(-)
security/Kconfig | 1 +
security/Makefile | 1 +
2 files changed, 2 insertions(+)
--- a/security/Kconfig
+++ b/security/Kconfig
@ -29,14 +28,3 @@ Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/
obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o
obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -1,6 +1,7 @@
config SECURITY_APPARMOR
tristate "AppArmor support"
- depends on SECURITY!=n
+ depends on SECURITY
+ select AUDIT
help
This enables the AppArmor security module.
Required userspace tools (if they are not included in your

9
kernel-patches/for-mainline/apparmor-misc.diff
View file

@ -11,7 +11,7 @@ Signed-off-by: John Johansen <jjohansen@suse.de>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
---
security/apparmor/Kconfig | 9 +
security/apparmor/Kconfig | 10 +
security/apparmor/Makefile | 13 ++
security/apparmor/apparmor.h | 257 +++++++++++++++++++++++++++++++++++++++++
security/apparmor/apparmorfs.c | 252 ++++++++++++++++++++++++++++++++++++++++
@ -19,14 +19,15 @@ Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
security/apparmor/list.c | 94 ++++++++++++++
security/apparmor/locking.txt | 68 ++++++++++
security/apparmor/procattr.c | 155 ++++++++++++++++++++++++
8 files changed, 1059 insertions(+)
8 files changed, 1060 insertions(+)
--- /dev/null
+++ b/security/apparmor/Kconfig
@@ -0,0 +1,9 @@
@@ -0,0 +1,10 @@
+config SECURITY_APPARMOR
+ tristate "AppArmor support"
+ depends on SECURITY!=n
+ depends on SECURITY
+ select AUDIT
+ help
+ This enables the AppArmor security module.
+ Required userspace tools (if they are not included in your

56
kernel-patches/for-mainline/apparmor-network.diff
View file

@ -1,10 +1,10 @@
---
security/apparmor/Makefile | 7 +
security/apparmor/apparmor.h | 7 +
security/apparmor/apparmor.h | 9 ++
security/apparmor/lsm.c | 147 ++++++++++++++++++++++++++++++++++-
security/apparmor/main.c | 96 ++++++++++++++++++++++
security/apparmor/main.c | 106 +++++++++++++++++++++++++
security/apparmor/module_interface.c | 20 ++++
5 files changed, 273 insertions(+), 4 deletions(-)
5 files changed, 285 insertions(+), 4 deletions(-)
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@ -32,23 +32,25 @@
/*
* We use MAY_READ, MAY_WRITE, MAY_EXEC, MAY_APPEND and the following flags
@@ -114,6 +116,7 @@ struct aa_profile {
@@ -199,6 +201,9 @@ struct aa_profile {
struct list_head task_contexts;
spinlock_t lock;
unsigned long int_flags;
+ u16 network_families[AF_MAX];
+ u16 audit_network[AF_MAX];
+ u16 quiet_network[AF_MAX];
};
extern struct list_head profile_list;
@@ -159,6 +162,7 @@ struct aa_audit {
int requested_mask, denied_mask;
extern struct list_head profile_ns_list;
@@ -245,6 +250,7 @@ struct aa_audit {
int request_mask, denied_mask, audit_mask;
struct iattr *iattr;
pid_t task, parent;
+ int family, type, protocol;
int error_code;
};
@@ -223,6 +227,9 @@ extern void aa_change_task_context(struc
@@ -306,6 +312,9 @@ extern void aa_change_task_context(struc
struct aa_profile *previous_profile);
extern int aa_may_ptrace(struct aa_task_context *cxt,
struct aa_profile *tracee);
@ -56,8 +58,8 @@
+ int family, int type, int protocol);
+extern int aa_revalidate_sk(struct sock *sk, char *operation);
/* list.c */
extern void aa_profilelist_release(void);
/* lsm.c */
extern int apparmor_initialized;
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -18,6 +18,7 @@
@ -68,7 +70,7 @@
#include "apparmor.h"
#include "inline.h"
@@ -605,6 +606,133 @@ static void apparmor_task_free_security(
@@ -653,6 +654,133 @@ static void apparmor_task_free_security(
aa_release(task);
}
@ -202,7 +204,7 @@
static int apparmor_getprocattr(struct task_struct *task, char *name,
char **value)
{
@@ -705,9 +833,6 @@ struct security_operations apparmor_ops
@@ -753,9 +881,6 @@ struct security_operations apparmor_ops
.capable = apparmor_capable,
.syslog = cap_syslog,
@ -212,7 +214,7 @@
.bprm_apply_creds = cap_bprm_apply_creds,
.bprm_set_security = apparmor_bprm_set_security,
.bprm_secureexec = apparmor_bprm_secureexec,
@@ -743,6 +868,22 @@ struct security_operations apparmor_ops
@@ -791,6 +916,22 @@ struct security_operations apparmor_ops
.getprocattr = apparmor_getprocattr,
.setprocattr = apparmor_setprocattr,
@ -234,7 +236,7 @@
+ .socket_getpeersec_dgram = apparmor_socket_getpeersec_dgram,
};
static void info_message(const char *str)
void info_message(const char *str)
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -14,6 +14,9 @@
@ -247,8 +249,8 @@
#include "apparmor.h"
@@ -283,6 +286,24 @@ static void aa_audit_file_mask(struct au
audit_log_format(ab, " %s=\"%s\"", name, mask_str);
@@ -133,6 +136,24 @@ static void aa_audit_file_mask(struct au
audit_log_format(ab, " %s=\"%s::%s\"", name, user, other);
}
+static const char *address_families[] = {
@ -272,7 +274,7 @@
/**
* aa_audit - Log an audit event to the audit subsystem
* @profile: profile to check against
@@ -348,6 +369,24 @@ static int aa_audit_base(struct aa_profi
@@ -204,6 +225,25 @@ static int aa_audit_base(struct aa_profi
audit_log_untrustedstring(ab, sa->name2);
}
@ -294,10 +296,11 @@
+ audit_log_format(ab, " protocol=%d", sa->protocol);
+ }
+
+ audit_log_format(ab, " pid=%d", current->pid);
audit_log_format(ab, " pid=%d", current->pid);
if (profile) {
@@ -660,6 +699,63 @@ int aa_link(struct aa_profile *profile,
@@ -766,6 +806,72 @@ int aa_link(struct aa_profile *profile,
return error;
}
@ -306,7 +309,7 @@
+{
+ struct aa_audit sa;
+ int error = 0;
+ u16 family_mask;
+ u16 family_mask, audit_mask, quiet_mask;
+
+ if ((family < 0) || (family >= AF_MAX))
+ return -EINVAL;
@ -319,6 +322,8 @@
+ return 0;
+
+ family_mask = profile->network_families[family];
+ audit_mask = profile->audit_network[family];
+ quiet_mask = profile->quiet_network[family];
+
+ error = (family_mask & (1 << type)) ? 0 : -EACCES;
+
@ -330,6 +335,13 @@
+ sa.protocol = protocol;
+ sa.error_code = error;
+
+ if (likely(!error)) {
+ if (!PROFILE_AUDIT(profile) && !(family_mask & audit_mask))
+ return 0;
+ } else if (!((1 << type) & ~quiet_mask)) {
+ return error;
+ }
+
+ error = aa_audit(profile, &sa);
+
+ return error;
@ -363,7 +375,7 @@
*******************************/
--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -282,6 +282,8 @@ static struct aa_profile *aa_unpack_prof
@@ -283,6 +283,8 @@ static struct aa_profile *aa_unpack_prof
{
struct aa_profile *profile = NULL;
struct aa_audit sa;
@ -372,8 +384,8 @@
int error = -EPROTO;
@@ -310,6 +312,24 @@ static struct aa_profile *aa_unpack_prof
if (!aa_is_u32(e, &(profile->capabilities), NULL))
@@ -317,6 +319,24 @@ static struct aa_profile *aa_unpack_prof
if (!aa_is_u32(e, &(profile->set_caps), NULL))
goto fail;
+ size = aa_is_array(e, "net_allowed_af");

36
kernel-patches/for-mainline/rlimits.diff
View file

@ -1,9 +1,10 @@
---
security/apparmor/apparmor.h | 23 ++++++
security/apparmor/apparmorfs.c | 2
security/apparmor/lsm.c | 16 ++++
security/apparmor/main.c | 132 +++++++++++++++++++++++++++++++----
security/apparmor/module_interface.c | 56 ++++++++++++++
4 files changed, 214 insertions(+), 13 deletions(-)
5 files changed, 215 insertions(+), 14 deletions(-)
--- a/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@ -72,6 +73,17 @@
/* lsm.c */
extern int apparmor_initialized;
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -105,7 +105,7 @@ static ssize_t aa_features_read(struct f
{
const char *features = "file=3.0 capability=2.0 network=1.0 "
"change_hat=1.4 change_profile=1.0 "
- "aanamespaces=1.0";
+ "aanamespaces=1.0 rlimit=1.0";
return simple_read_from_buffer(buf, size, ppos, features,
strlen(features));
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -856,6 +856,21 @@ static int apparmor_setprocattr(struct t
@ -106,7 +118,7 @@
.setprocattr = apparmor_setprocattr,
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -196,6 +196,9 @@ static int aa_audit_base(struct aa_profi
@@ -176,6 +176,9 @@ static int aa_audit_base(struct aa_profi
if (sa->request_mask)
audit_log_format(ab, " fsuid=%d", current->fsuid);
@ -116,7 +128,7 @@
if (sa->iattr) {
struct iattr *iattr = sa->iattr;
@@ -873,6 +876,79 @@ int aa_revalidate_sk(struct sock *sk, ch
@@ -871,6 +874,79 @@ int aa_revalidate_sk(struct sock *sk, ch
return error;
}
@ -196,7 +208,7 @@
/*******************************
* Global task related functions
@@ -886,6 +962,7 @@ int aa_revalidate_sk(struct sock *sk, ch
@@ -884,6 +960,7 @@ int aa_revalidate_sk(struct sock *sk, ch
*/
int aa_clone(struct task_struct *child)
{
@ -204,7 +216,7 @@
struct aa_task_context *cxt, *child_cxt;
struct aa_profile *profile;
@@ -895,6 +972,11 @@ int aa_clone(struct task_struct *child)
@@ -893,6 +970,11 @@ int aa_clone(struct task_struct *child)
if (!child_cxt)
return -ENOMEM;
@ -216,7 +228,7 @@
repeat:
profile = aa_get_profile(current);
if (profile) {
@@ -911,18 +993,22 @@ repeat:
@@ -909,18 +991,22 @@ repeat:
goto repeat;
}
@ -244,7 +256,7 @@
aa_audit_hint(profile, &sa);
}
aa_put_profile(profile);
@@ -1100,6 +1186,10 @@ repeat:
@@ -1098,6 +1184,10 @@ repeat:
sa.task = current->parent->pid;
aa_audit_reject(profile, &sa);
}
@ -255,7 +267,7 @@
new_profile = old_profile;
goto cleanup;
}
@@ -1239,6 +1329,12 @@ static int do_change_profile(struct aa_p
@@ -1237,6 +1327,12 @@ static int do_change_profile(struct aa_p
goto out;
}
@ -268,7 +280,7 @@
if (new_profile == ns->null_complain_profile)
aa_audit_hint(cxt->profile, sa);
@@ -1427,17 +1523,18 @@ struct aa_profile *__aa_replace_profile(
@@ -1425,17 +1521,18 @@ struct aa_profile *__aa_replace_profile(
cxt = lock_task_and_profiles(task, profile);
if (unlikely(profile && profile->isstale)) {
@ -295,7 +307,7 @@
}
if (cxt)
@@ -1445,8 +1542,15 @@ struct aa_profile *__aa_replace_profile(
@@ -1443,8 +1540,15 @@ struct aa_profile *__aa_replace_profile(
aa_change_task_context(task, new_cxt, profile, 0, NULL);
task_unlock(task);
@ -311,7 +323,7 @@
}
/**
@@ -1511,6 +1615,7 @@ void aa_change_task_context(struct task_
@@ -1509,6 +1613,7 @@ void aa_change_task_context(struct task_
if (old_cxt) {
list_del_init(&old_cxt->list);
@ -319,7 +331,7 @@
call_rcu(&old_cxt->rcu, free_aa_task_context_rcu_callback);
}
if (new_cxt) {
@@ -1522,6 +1627,7 @@ void aa_change_task_context(struct task_
@@ -1520,6 +1625,7 @@ void aa_change_task_context(struct task_
new_cxt->cookie = cookie;
new_cxt->task = task;
new_cxt->profile = aa_dup_profile(profile);

30
kernel-patches/for-mainline/series
View file

@ -49,10 +49,9 @@ apparmor-lsm.diff
apparmor-module_interface.diff
apparmor-misc.diff
apparmor-intree.diff
apparmor-network.diff
fix-rcu-deref.diff
fix-name-errorpath.diff
fix-net.diff
change-profile-kernel-v2.diff
expand-dfa.diff
#slash-null-dfa.diff
@ -67,6 +66,17 @@ split_init.diff
apparmor-fix-sysctl-refcount.diff
apparmor-fix-lock-letter.diff
fix-link-subset.diff
hat_perm.diff
extend-x-mods.diff
no-safex-link-subset.diff
apparmor-create-append.diff
apparmor-failed-name-error.diff
audit-uid.diff
apparmor-secondary-accept.diff
apparmor-audit-flags2.diff
fix-profile-namespaces.diff
fix-dfa.diff
cap-set.diff
#foobar.diff
# # NOT YET
# ecryptfs-d_revalidate.diff
@ -92,21 +102,13 @@ fix-link-subset.diff
# vfs_unlink-args.diff
# may_delete-args.diff
#fix-change_profile-namespace.diff
hat_perm.diff
extend-x-mods.diff
no-safex-link-subset.diff
apparmor-create-append.diff
apparmor-failed-name-error.diff
audit-uid.diff
apparmor-secondary-accept.diff
apparmor-audit-flags2.diff
audit-log-type-in-syslog.diff
#audit_denied.diff
#apparmor-audit-flags.diff
#FS2.2.2_fix-unionfs-with-AppArmor.patch
#FS2.1.3_fix-unionfs-with-AppArmor.patch
fix-profile-namespaces.diff
fix-dfa.diff
cap-set.diff
apparmor-network.diff
fix-net.diff
rlimits.diff
audit-log-type-in-syslog.diff