mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
108 lines
3.3 KiB
Diff
108 lines
3.3 KiB
Diff
Index: b/security/apparmor/apparmor.h
|
|
===================================================================
|
|
--- a/security/apparmor/apparmor.h
|
|
+++ b/security/apparmor/apparmor.h
|
|
@@ -25,14 +25,14 @@
|
|
*/
|
|
#define AA_MAY_LINK 0x0010
|
|
#define AA_EXEC_INHERIT 0x0020
|
|
-#define AA_EXEC_UNCONSTRAINED 0x0040
|
|
+#define AA_EXEC_UNCONFINED 0x0040
|
|
#define AA_EXEC_PROFILE 0x0080
|
|
#define AA_EXEC_MMAP 0x0100
|
|
#define AA_EXEC_UNSAFE 0x0200
|
|
#define AA_INVALID_PERM 0x0400
|
|
|
|
#define AA_EXEC_MODIFIERS (AA_EXEC_INHERIT | \
|
|
- AA_EXEC_UNCONSTRAINED | \
|
|
+ AA_EXEC_UNCONFINED | \
|
|
AA_EXEC_PROFILE)
|
|
|
|
/* Control parameters (0 or 1), settable thru module/boot flags or
|
|
Index: b/security/apparmor/main.c
|
|
===================================================================
|
|
--- a/security/apparmor/main.c
|
|
+++ b/security/apparmor/main.c
|
|
@@ -802,7 +802,7 @@ aa_register_find(struct aa_profile *prof
|
|
}
|
|
} else {
|
|
/* Only way we can get into this code is if task
|
|
- * is unconstrained.
|
|
+ * is unconfined.
|
|
*/
|
|
AA_DEBUG("%s: No profile found for exec image %s\n",
|
|
__FUNCTION__,
|
|
@@ -838,7 +838,7 @@ repeat:
|
|
if (profile) {
|
|
complain = PROFILE_COMPLAIN(profile);
|
|
|
|
- /* Confined task, determine what mode inherit, unconstrained or
|
|
+ /* Confined task, determine what mode inherit, unconfined or
|
|
* mandatory to load new profile
|
|
*/
|
|
exec_mode = aa_match(profile->file_rules, filename);
|
|
@@ -852,8 +852,8 @@ repeat:
|
|
/* nothing to be done here */
|
|
goto cleanup;
|
|
|
|
- case MAY_EXEC | AA_EXEC_UNCONSTRAINED:
|
|
- AA_DEBUG("%s: UNCONSTRAINED %s\n",
|
|
+ case MAY_EXEC | AA_EXEC_UNCONFINED:
|
|
+ AA_DEBUG("%s: UNCONFINED %s\n",
|
|
__FUNCTION__,
|
|
filename);
|
|
|
|
Index: b/security/apparmor/procattr.c
|
|
===================================================================
|
|
--- a/security/apparmor/procattr.c
|
|
+++ b/security/apparmor/procattr.c
|
|
@@ -58,12 +58,12 @@ size_t aa_getprocattr(struct aa_profile
|
|
error = -ERANGE;
|
|
}
|
|
} else {
|
|
- const char *unconstrained_str = "unconstrained\n";
|
|
- len = strlen(unconstrained_str);
|
|
+ const char *unconfined_str = "unconfined\n";
|
|
+ len = strlen(unconfined_str);
|
|
|
|
/* DONT null terminate strings we output via proc */
|
|
if (len <= size) {
|
|
- memcpy(str, unconstrained_str, len);
|
|
+ memcpy(str, unconfined_str, len);
|
|
error = len;
|
|
} else if (size == 0) {
|
|
error = len;
|
|
@@ -194,7 +194,7 @@ int aa_setprocattr_setprofile(struct tas
|
|
name_copy[size] = 0;
|
|
|
|
repeat:
|
|
- if (strcmp(name_copy, "unconstrained") != 0) {
|
|
+ if (strcmp(name_copy, "unconfined") != 0) {
|
|
new_profile = aa_find_profile(name_copy);
|
|
if (!new_profile) {
|
|
AA_WARN("%s: Unable to switch task %s(%d) to profile"
|
|
@@ -224,12 +224,12 @@ repeat:
|
|
__FUNCTION__,
|
|
task->comm, task->pid,
|
|
old_profile ? old_profile->parent->name :
|
|
- "unconstrained",
|
|
- old_profile ? old_profile->name : "unconstrained",
|
|
+ "unconfined",
|
|
+ old_profile ? old_profile->name : "unconfined",
|
|
name_copy);
|
|
} else {
|
|
if (old_profile) {
|
|
- AA_WARN("%s: Unconstraining task %s(%d) "
|
|
+ AA_WARN("%s: Unconfining task %s(%d) "
|
|
"profile %s active %s\n",
|
|
__FUNCTION__,
|
|
task->comm, task->pid,
|
|
@@ -237,7 +237,7 @@ repeat:
|
|
old_profile->name);
|
|
} else {
|
|
AA_WARN("%s: task %s(%d) "
|
|
- "is already unconstrained\n",
|
|
+ "is already unconfined\n",
|
|
__FUNCTION__, task->comm, task->pid);
|
|
}
|
|
}
|