[PATCH 0/4] AppArmor: refactor securityfs to use structures

[PATCH 0/4] AppArmor: refactor securityfs to use structures

[Kees Cook]

This is the ground-work for expanding the AppArmor securityfs to include
useful information that the userspace tools can more easily interact with.
Presently, this is only static information about the state of AppArmor.

-Kees

[PATCH 1/4] AppArmor: refactor securityfs to use structures

[Kees Cook]

From: Kees Cook <kees@outflux.net>

Use a file tree structure to represent the AppArmor securityfs.

Signed-off-by: Kees Cook <kees@ubuntu.com>
---
 security/apparmor/apparmorfs.c         |  132 ++++++++++++++++++++++----------
 security/apparmor/include/apparmorfs.h |   24 ++++++
 2 files changed, 114 insertions(+), 42 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index e39df6d..1e22bb3 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -144,36 +144,103 @@ static const struct file_operations aa_fs_profile_remove = {
 
 /** Base file system setup **/
 
-static struct dentry *aa_fs_dentry __initdata;
+static struct aa_fs_entry aa_fs_entry_apparmor[] = {
+	AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load),
+	AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace),
+	AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove),
+	{ }
+};
 
-static void __init aafs_remove(const char *name)
-{
-	struct dentry *dentry;
+static struct aa_fs_entry aa_fs_entry =
+	AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
 
-	dentry = lookup_one_len(name, aa_fs_dentry, strlen(name));
-	if (!IS_ERR(dentry)) {
-		securityfs_remove(dentry);
-		dput(dentry);
+/**
+ * aafs_create_file - create a file entry in the apparmor securityfs
+ * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
+ * @parent: the parent dentry in the securityfs
+ *
+ * Use aafs_remove_file to remove entries created with this fn.
+ */
+static int __init aafs_create_file(struct aa_fs_entry *fs_file,
+				   struct dentry *parent)
+{
+	int error = 0;
+
+	fs_file->dentry = securityfs_create_file(fs_file->name,
+						 S_IFREG | fs_file->mode,
+						 parent, fs_file,
+						 fs_file->file_ops);
+	if (IS_ERR(fs_file->dentry)) {
+		error = PTR_ERR(fs_file->dentry);
+		fs_file->dentry = NULL;
 	}
+	return error;
 }
 
 /**
- * aafs_create - create an entry in the apparmor filesystem
- * @name: name of the entry (NOT NULL)
- * @mask: file permission mask of the file
- * @fops: file operations for the file (NOT NULL)
+ * aafs_create_dir - recursively create a directory entry in the securityfs
+ * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
+ * @parent: the parent dentry in the securityfs
  *
- * Used aafs_remove to remove entries created with this fn.
+ * Use aafs_remove_dir to remove entries created with this fn.
  */
-static int __init aafs_create(const char *name, umode_t mask,
-			      const struct file_operations *fops)
+static int __init aafs_create_dir(struct aa_fs_entry *fs_dir,
+				  struct dentry *parent)
 {
-	struct dentry *dentry;
+	int error;
+	struct aa_fs_entry *fs_file;
 
-	dentry = securityfs_create_file(name, S_IFREG | mask, aa_fs_dentry,
-					NULL, fops);
+	fs_dir->dentry = securityfs_create_dir(fs_dir->name, parent);
+	if (IS_ERR(fs_dir->dentry)) {
+		error = PTR_ERR(fs_dir->dentry);
+		fs_dir->dentry = NULL;
+		goto failed;
+	}
 
-	return IS_ERR(dentry) ? PTR_ERR(dentry) : 0;
+	for (fs_file = fs_dir->v.files; fs_file->name; ++fs_file) {
+		if (fs_file->v_type == AA_FS_TYPE_DIR)
+			error = aafs_create_dir(fs_file, fs_dir->dentry);
+		else
+			error = aafs_create_file(fs_file, fs_dir->dentry);
+		if (error)
+			goto failed;
+	}
+
+	return 0;
+
+failed:
+	return error;
+}
+
+/**
+ * aafs_remove_file - drop a single file entry in the apparmor securityfs
+ * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
+ */
+static void __init aafs_remove_file(struct aa_fs_entry *fs_file)
+{
+	if (!fs_file->dentry)
+		return;
+
+	securityfs_remove(fs_file->dentry);
+	fs_file->dentry = NULL;
+}
+
+/**
+ * aafs_remove_dir - recursively drop a directory entry from the securityfs
+ * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
+ */
+static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir)
+{
+	struct aa_fs_entry *fs_file;
+
+	for (fs_file = fs_dir->v.files; fs_file->name; ++fs_file) {
+		if (fs_file->v_type == AA_FS_TYPE_DIR)
+			aafs_remove_dir(fs_file);
+		else
+			aafs_remove_file(fs_file);
+	}
+
+	aafs_remove_file(fs_dir);
 }
 
 /**
@@ -183,14 +250,7 @@ static int __init aafs_create(const char *name, umode_t mask,
  */
 void __init aa_destroy_aafs(void)
 {
-	if (aa_fs_dentry) {
-		aafs_remove(".remove");
-		aafs_remove(".replace");
-		aafs_remove(".load");
-
-		securityfs_remove(aa_fs_dentry);
-		aa_fs_dentry = NULL;
-	}
+	aafs_remove_dir(&aa_fs_entry);
 }
 
 /**
@@ -207,25 +267,13 @@ static int __init aa_create_aafs(void)
 	if (!apparmor_initialized)
 		return 0;
 
-	if (aa_fs_dentry) {
+	if (aa_fs_entry.dentry) {
 		AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
 		return -EEXIST;
 	}
 
-	aa_fs_dentry = securityfs_create_dir("apparmor", NULL);
-	if (IS_ERR(aa_fs_dentry)) {
-		error = PTR_ERR(aa_fs_dentry);
-		aa_fs_dentry = NULL;
-		goto error;
-	}
-
-	error = aafs_create(".load", 0640, &aa_fs_profile_load);
-	if (error)
-		goto error;
-	error = aafs_create(".replace", 0640, &aa_fs_profile_replace);
-	if (error)
-		goto error;
-	error = aafs_create(".remove", 0640, &aa_fs_profile_remove);
+	/* Populate fs tree. */
+	error = aafs_create_dir(&aa_fs_entry, NULL);
 	if (error)
 		goto error;
 
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index cb1e93a..4fdf02f 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -15,6 +15,30 @@
 #ifndef __AA_APPARMORFS_H
 #define __AA_APPARMORFS_H
 
+enum aa_fs_type {
+	AA_FS_TYPE_FOPS,
+	AA_FS_TYPE_DIR,
+};
+
+struct aa_fs_entry;
+
+struct aa_fs_entry {
+	const char *name;
+	struct dentry *dentry;
+	umode_t mode;
+	enum aa_fs_type v_type;
+	union {
+		struct aa_fs_entry *files;
+	} v;
+	const struct file_operations *file_ops;
+};
+
+#define AA_FS_FILE_FOPS(_name, _mode, _fops) \
+	{ .name = (_name), .v_type = AA_FS_TYPE_FOPS, \
+	  .mode = (_mode), .file_ops = (_fops) }
+#define AA_FS_DIR(_name, _value) \
+	{ .name = (_name), .v_type = AA_FS_TYPE_DIR, .v.files = (_value) }
+
 extern void __init aa_destroy_aafs(void);
 
 #endif /* __AA_APPARMORFS_H */
-- 
1.7.0.4

[PATCH 2/4] AppArmor: add initial "features" directory to securityfs

[Kees Cook]

From: Kees Cook <kees@outflux.net>

This adds the "features" subdirectory to the AppArmor securityfs
to display boolean features flags and the known capability mask.

Signed-off-by: Kees Cook <kees@ubuntu.com>
---
 security/apparmor/apparmorfs.c         |   52 ++++++++++++++++++++++++++++++++
 security/apparmor/include/apparmorfs.h |   14 ++++++++
 2 files changed, 66 insertions(+), 0 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 1e22bb3..36efe64 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -18,6 +18,7 @@
 #include <linux/seq_file.h>
 #include <linux/uaccess.h>
 #include <linux/namei.h>
+#include <linux/capability.h>
 
 #include "include/apparmor.h"
 #include "include/apparmorfs.h"
@@ -142,12 +143,63 @@ static const struct file_operations aa_fs_profile_remove = {
 	.llseek = default_llseek,
 };
 
+static int aa_fs_seq_show(struct seq_file *seq, void *v)
+{
+	struct aa_fs_entry *fs_file = seq->private;
+
+	if (!fs_file)
+		return 0;
+
+	switch (fs_file->v_type) {
+	case AA_FS_TYPE_BOOLEAN:
+		seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
+		break;
+	case AA_FS_TYPE_U64:
+		seq_printf(seq, "%#08lx\n", fs_file->v.u64);
+		break;
+	default:
+		/* Ignore unpritable entry types. */
+		break;
+	}
+
+	return 0;
+}
+
+static int aa_fs_seq_open(struct inode *inode, struct file *file)
+{
+	return single_open(file, aa_fs_seq_show, inode->i_private);
+}
+
+const struct file_operations aa_fs_seq_file_ops = {
+	.owner		= THIS_MODULE,
+	.open		= aa_fs_seq_open,
+	.read		= seq_read,
+	.llseek		= seq_lseek,
+	.release	= single_release,
+};
+
 /** Base file system setup **/
 
+static struct aa_fs_entry aa_fs_entry_domain[] = {
+	AA_FS_FILE_BOOLEAN("change_hat",	1),
+	AA_FS_FILE_BOOLEAN("change_hatv",	1),
+	AA_FS_FILE_BOOLEAN("change_onexec",	1),
+	AA_FS_FILE_BOOLEAN("change_profile",	1),
+	{ }
+};
+
+static struct aa_fs_entry aa_fs_entry_features[] = {
+	AA_FS_DIR("domain",			aa_fs_entry_domain),
+	AA_FS_FILE_BOOLEAN("namespaces",	1),
+	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
+	{ }
+};
+
 static struct aa_fs_entry aa_fs_entry_apparmor[] = {
 	AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load),
 	AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace),
 	AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove),
+	AA_FS_DIR("features", aa_fs_entry_features),
 	{ }
 };
 
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index 4fdf02f..16e6545 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -16,6 +16,8 @@
 #define __AA_APPARMORFS_H
 
 enum aa_fs_type {
+	AA_FS_TYPE_BOOLEAN,
+	AA_FS_TYPE_U64,
 	AA_FS_TYPE_FOPS,
 	AA_FS_TYPE_DIR,
 };
@@ -28,11 +30,23 @@ struct aa_fs_entry {
 	umode_t mode;
 	enum aa_fs_type v_type;
 	union {
+		bool boolean;
+		unsigned long u64;
 		struct aa_fs_entry *files;
 	} v;
 	const struct file_operations *file_ops;
 };
 
+extern const struct file_operations aa_fs_seq_file_ops;
+
+#define AA_FS_FILE_BOOLEAN(_name, _value) \
+	{ .name = (_name), .mode = 0444, \
+	  .v_type = AA_FS_TYPE_BOOLEAN, .v.boolean = (_value), \
+	  .file_ops = &aa_fs_seq_file_ops }
+#define AA_FS_FILE_U64(_name, _value) \
+	{ .name = (_name), .mode = 0444, \
+	  .v_type = AA_FS_TYPE_U64, .v.u64 = (_value), \
+	  .file_ops = &aa_fs_seq_file_ops }
 #define AA_FS_FILE_FOPS(_name, _mode, _fops) \
 	{ .name = (_name), .v_type = AA_FS_TYPE_FOPS, \
 	  .mode = (_mode), .file_ops = (_fops) }
-- 
1.7.0.4

[PATCH 3/4] AppArmor: add "file" details to securityfs

[Kees Cook]

Create the "file" directory in the securityfs for tracking features
related to files.

Signed-off-by: Kees Cook <kees@ubuntu.com>
---
 security/apparmor/apparmorfs.c         |   10 ++++++++++
 security/apparmor/include/apparmorfs.h |    6 ++++++
 2 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 36efe64..68ce771 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -154,6 +154,9 @@ static int aa_fs_seq_show(struct seq_file *seq, void *v)
 	case AA_FS_TYPE_BOOLEAN:
 		seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
 		break;
+	case AA_FS_TYPE_STRING:
+		seq_printf(seq, "%s\n", fs_file->v.string);
+		break;
 	case AA_FS_TYPE_U64:
 		seq_printf(seq, "%#08lx\n", fs_file->v.u64);
 		break;
@@ -180,6 +183,12 @@ const struct file_operations aa_fs_seq_file_ops = {
 
 /** Base file system setup **/
 
+static struct aa_fs_entry aa_fs_entry_file[] = {
+	AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
+				  "link lock"),
+	{ }
+};
+
 static struct aa_fs_entry aa_fs_entry_domain[] = {
 	AA_FS_FILE_BOOLEAN("change_hat",	1),
 	AA_FS_FILE_BOOLEAN("change_hatv",	1),
@@ -190,6 +199,7 @@ static struct aa_fs_entry aa_fs_entry_domain[] = {
 
 static struct aa_fs_entry aa_fs_entry_features[] = {
 	AA_FS_DIR("domain",			aa_fs_entry_domain),
+	AA_FS_DIR("file",			aa_fs_entry_file),
 	AA_FS_FILE_BOOLEAN("namespaces",	1),
 	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
 	{ }
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index 16e6545..7ea4769 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -17,6 +17,7 @@
 
 enum aa_fs_type {
 	AA_FS_TYPE_BOOLEAN,
+	AA_FS_TYPE_STRING,
 	AA_FS_TYPE_U64,
 	AA_FS_TYPE_FOPS,
 	AA_FS_TYPE_DIR,
@@ -31,6 +32,7 @@ struct aa_fs_entry {
 	enum aa_fs_type v_type;
 	union {
 		bool boolean;
+		char *string;
 		unsigned long u64;
 		struct aa_fs_entry *files;
 	} v;
@@ -43,6 +45,10 @@ extern const struct file_operations aa_fs_seq_file_ops;
 	{ .name = (_name), .mode = 0444, \
 	  .v_type = AA_FS_TYPE_BOOLEAN, .v.boolean = (_value), \
 	  .file_ops = &aa_fs_seq_file_ops }
+#define AA_FS_FILE_STRING(_name, _value) \
+	{ .name = (_name), .mode = 0444, \
+	  .v_type = AA_FS_TYPE_STRING, .v.string = (_value), \
+	  .file_ops = &aa_fs_seq_file_ops }
 #define AA_FS_FILE_U64(_name, _value) \
 	{ .name = (_name), .mode = 0444, \
 	  .v_type = AA_FS_TYPE_U64, .v.u64 = (_value), \
-- 
1.7.0.4

[PATCH 4/4] AppArmor: export known rlimit names/value mappings in securityfs

[Kees Cook]

Since the parser needs to know which rlimits are known to the kernel,
export the list via a mask file in the "rlimit" subdirectory in the
securityfs "features" directory.

Signed-off-by: Kees Cook <kees@ubuntu.com>
---
 security/apparmor/Makefile           |   24 ++++++++++++++++++------
 security/apparmor/apparmorfs.c       |    2 ++
 security/apparmor/include/resource.h |    4 ++++
 security/apparmor/resource.c         |    5 +++++
 4 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index 2dafe50..86103ce 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -28,25 +28,37 @@ cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ;\
 #    [RLIMIT_STACK] = "stack",
 #
 # and build a second integer table (with the second sed cmd), that maps
-# RLIMIT defines to the order defined in asm-generic/resource.h  Thi is
+# RLIMIT defines to the order defined in asm-generic/resource.h  This is
 # required by policy load to map policy ordering of RLIMITs to internal
 # ordering for architectures that redefine an RLIMIT.
 # Transforms lines from
 #    #define RLIMIT_STACK		3	/* max stack size */
 # to
 # RLIMIT_STACK, 
+#
+# and build the securityfs entries for the mapping.
+# Transforms lines from
+#    #define RLIMIT_FSIZE        1   /* Maximum filesize */
+#    #define RLIMIT_STACK		3	/* max stack size */
+# to
+# #define AA_FS_RLIMIT_MASK "fsize stack"
 quiet_cmd_make-rlim = GEN     $@
-cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ;\
+cmd_make-rlim = echo "static const char *rlim_names[RLIM_NLIMITS] = {" > $@ ;\
 	sed $< >> $@ -r -n \
 	    -e 's/^\# ?define[ \t]+(RLIMIT_([A-Z0-9_]+)).*/[\1] = "\L\2",/p';\
 	echo "};" >> $@ ;\
-	echo "static const int rlim_map[] = {" >> $@ ;\
+	echo "static const int rlim_map[RLIM_NLIMITS] = {" >> $@ ;\
 	sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
-	echo "};" >> $@
+	echo "};" >> $@ ; \
+	echo -n '\#define AA_FS_RLIMIT_MASK "' >> $@ ;\
+	sed -r -n 's/^\# ?define[ \t]+RLIMIT_([A-Z0-9_]+).*/\L\1/p' $< | \
+	    tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
 
 $(obj)/capability.o : $(obj)/capability_names.h
 $(obj)/resource.o : $(obj)/rlim_names.h
-$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
+$(obj)/capability_names.h : $(srctree)/include/linux/capability.h \
+			    $(src)/Makefile
 	$(call cmd,make-caps)
-$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
+$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h \
+		      $(src)/Makefile
 	$(call cmd,make-rlim)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 68ce771..38d6262 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -25,6 +25,7 @@
 #include "include/audit.h"
 #include "include/context.h"
 #include "include/policy.h"
+#include "include/resource.h"
 
 /**
  * aa_simple_write_to_buffer - common routine for getting policy from user
@@ -202,6 +203,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
 	AA_FS_DIR("file",			aa_fs_entry_file),
 	AA_FS_FILE_BOOLEAN("namespaces",	1),
 	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
+	AA_FS_DIR("rlimit",			aa_fs_entry_rlimit),
 	{ }
 };
 
diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
index 02baec7..d3f4cf0 100644
--- a/security/apparmor/include/resource.h
+++ b/security/apparmor/include/resource.h
@@ -18,6 +18,8 @@
 #include <linux/resource.h>
 #include <linux/sched.h>
 
+#include "apparmorfs.h"
+
 struct aa_profile;
 
 /* struct aa_rlimit - rlimit settings for the profile
@@ -32,6 +34,8 @@ struct aa_rlimit {
 	struct rlimit limits[RLIM_NLIMITS];
 };
 
+extern struct aa_fs_entry aa_fs_entry_rlimit[];
+
 int aa_map_resource(int resource);
 int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,
 		      unsigned int resource, struct rlimit *new_rlim);
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index a4136c1..72c25a4 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -23,6 +23,11 @@
  */
 #include "rlim_names.h"
 
+struct aa_fs_entry aa_fs_entry_rlimit[] = {
+	AA_FS_FILE_STRING("mask", AA_FS_RLIMIT_MASK),
+	{ }
+};
+
 /* audit callback for resource specific fields */
 static void audit_cb(struct audit_buffer *ab, void *va)
 {
-- 
1.7.0.4

Re: [PATCH 0/4] AppArmor: refactor securityfs to use structures

[Casey Schaufler]

On 1/26/2012 4:29 PM, Kees Cook wrote:
> This is the ground-work for expanding the AppArmor securityfs to include
> useful information that the userspace tools can more easily interact with.
> Presently, this is only static information about the state of AppArmor.

If you're making changes for securityfs do you suppose that
you might do all of us LSM developers a huge favor and add an
entry that reports the active LSM? It's something that has been
on my todo list for ages and would make everyone's life so much
easier. /sys/kernel/security/LSM which contains the name of the
active LSM would be very handy.


>
> -Kees
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: [PATCH 1/4] AppArmor: refactor securityfs to use structures

[John Johansen]

On 01/26/2012 04:29 PM, Kees Cook wrote:
> From: Kees Cook <kees@outflux.net>
> 
> Use a file tree structure to represent the AppArmor securityfs.
> 
> Signed-off-by: Kees Cook <kees@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>

> ---
>  security/apparmor/apparmorfs.c         |  132 ++++++++++++++++++++++----------
>  security/apparmor/include/apparmorfs.h |   24 ++++++
>  2 files changed, 114 insertions(+), 42 deletions(-)
> 
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index e39df6d..1e22bb3 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -144,36 +144,103 @@ static const struct file_operations aa_fs_profile_remove = {
>  
>  /** Base file system setup **/
>  
> -static struct dentry *aa_fs_dentry __initdata;
> +static struct aa_fs_entry aa_fs_entry_apparmor[] = {
> +	AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load),
> +	AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace),
> +	AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove),
> +	{ }
> +};
>  
> -static void __init aafs_remove(const char *name)
> -{
> -	struct dentry *dentry;
> +static struct aa_fs_entry aa_fs_entry =
> +	AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
>  
> -	dentry = lookup_one_len(name, aa_fs_dentry, strlen(name));
> -	if (!IS_ERR(dentry)) {
> -		securityfs_remove(dentry);
> -		dput(dentry);
> +/**
> + * aafs_create_file - create a file entry in the apparmor securityfs
> + * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
> + * @parent: the parent dentry in the securityfs
> + *
> + * Use aafs_remove_file to remove entries created with this fn.
> + */
> +static int __init aafs_create_file(struct aa_fs_entry *fs_file,
> +				   struct dentry *parent)
> +{
> +	int error = 0;
> +
> +	fs_file->dentry = securityfs_create_file(fs_file->name,
> +						 S_IFREG | fs_file->mode,
> +						 parent, fs_file,
> +						 fs_file->file_ops);
> +	if (IS_ERR(fs_file->dentry)) {
> +		error = PTR_ERR(fs_file->dentry);
> +		fs_file->dentry = NULL;
>  	}
> +	return error;
>  }
>  
>  /**
> - * aafs_create - create an entry in the apparmor filesystem
> - * @name: name of the entry (NOT NULL)
> - * @mask: file permission mask of the file
> - * @fops: file operations for the file (NOT NULL)
> + * aafs_create_dir - recursively create a directory entry in the securityfs
> + * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
> + * @parent: the parent dentry in the securityfs
>   *
> - * Used aafs_remove to remove entries created with this fn.
> + * Use aafs_remove_dir to remove entries created with this fn.
>   */
> -static int __init aafs_create(const char *name, umode_t mask,
> -			      const struct file_operations *fops)
> +static int __init aafs_create_dir(struct aa_fs_entry *fs_dir,
> +				  struct dentry *parent)
>  {
> -	struct dentry *dentry;
> +	int error;
> +	struct aa_fs_entry *fs_file;
>  
> -	dentry = securityfs_create_file(name, S_IFREG | mask, aa_fs_dentry,
> -					NULL, fops);
> +	fs_dir->dentry = securityfs_create_dir(fs_dir->name, parent);
> +	if (IS_ERR(fs_dir->dentry)) {
> +		error = PTR_ERR(fs_dir->dentry);
> +		fs_dir->dentry = NULL;
> +		goto failed;
> +	}
>  
> -	return IS_ERR(dentry) ? PTR_ERR(dentry) : 0;
> +	for (fs_file = fs_dir->v.files; fs_file->name; ++fs_file) {
> +		if (fs_file->v_type == AA_FS_TYPE_DIR)
> +			error = aafs_create_dir(fs_file, fs_dir->dentry);
> +		else
> +			error = aafs_create_file(fs_file, fs_dir->dentry);
> +		if (error)
> +			goto failed;
> +	}
> +
> +	return 0;
> +
> +failed:
> +	return error;
> +}
> +
> +/**
> + * aafs_remove_file - drop a single file entry in the apparmor securityfs
> + * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
> + */
> +static void __init aafs_remove_file(struct aa_fs_entry *fs_file)
> +{
> +	if (!fs_file->dentry)
> +		return;
> +
> +	securityfs_remove(fs_file->dentry);
> +	fs_file->dentry = NULL;
> +}
> +
> +/**
> + * aafs_remove_dir - recursively drop a directory entry from the securityfs
> + * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
> + */
> +static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir)
> +{
> +	struct aa_fs_entry *fs_file;
> +
> +	for (fs_file = fs_dir->v.files; fs_file->name; ++fs_file) {
> +		if (fs_file->v_type == AA_FS_TYPE_DIR)
> +			aafs_remove_dir(fs_file);
> +		else
> +			aafs_remove_file(fs_file);
> +	}
> +
> +	aafs_remove_file(fs_dir);
>  }
>  
>  /**
> @@ -183,14 +250,7 @@ static int __init aafs_create(const char *name, umode_t mask,
>   */
>  void __init aa_destroy_aafs(void)
>  {
> -	if (aa_fs_dentry) {
> -		aafs_remove(".remove");
> -		aafs_remove(".replace");
> -		aafs_remove(".load");
> -
> -		securityfs_remove(aa_fs_dentry);
> -		aa_fs_dentry = NULL;
> -	}
> +	aafs_remove_dir(&aa_fs_entry);
>  }
>  
>  /**
> @@ -207,25 +267,13 @@ static int __init aa_create_aafs(void)
>  	if (!apparmor_initialized)
>  		return 0;
>  
> -	if (aa_fs_dentry) {
> +	if (aa_fs_entry.dentry) {
>  		AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
>  		return -EEXIST;
>  	}
>  
> -	aa_fs_dentry = securityfs_create_dir("apparmor", NULL);
> -	if (IS_ERR(aa_fs_dentry)) {
> -		error = PTR_ERR(aa_fs_dentry);
> -		aa_fs_dentry = NULL;
> -		goto error;
> -	}
> -
> -	error = aafs_create(".load", 0640, &aa_fs_profile_load);
> -	if (error)
> -		goto error;
> -	error = aafs_create(".replace", 0640, &aa_fs_profile_replace);
> -	if (error)
> -		goto error;
> -	error = aafs_create(".remove", 0640, &aa_fs_profile_remove);
> +	/* Populate fs tree. */
> +	error = aafs_create_dir(&aa_fs_entry, NULL);
>  	if (error)
>  		goto error;
>  
> diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
> index cb1e93a..4fdf02f 100644
> --- a/security/apparmor/include/apparmorfs.h
> +++ b/security/apparmor/include/apparmorfs.h
> @@ -15,6 +15,30 @@
>  #ifndef __AA_APPARMORFS_H
>  #define __AA_APPARMORFS_H
>  
> +enum aa_fs_type {
> +	AA_FS_TYPE_FOPS,
> +	AA_FS_TYPE_DIR,
> +};
> +
> +struct aa_fs_entry;
> +
> +struct aa_fs_entry {
> +	const char *name;
> +	struct dentry *dentry;
> +	umode_t mode;
> +	enum aa_fs_type v_type;
> +	union {
> +		struct aa_fs_entry *files;
> +	} v;
> +	const struct file_operations *file_ops;
> +};
> +
> +#define AA_FS_FILE_FOPS(_name, _mode, _fops) \
> +	{ .name = (_name), .v_type = AA_FS_TYPE_FOPS, \
> +	  .mode = (_mode), .file_ops = (_fops) }
> +#define AA_FS_DIR(_name, _value) \
> +	{ .name = (_name), .v_type = AA_FS_TYPE_DIR, .v.files = (_value) }
> +
>  extern void __init aa_destroy_aafs(void);
>  
>  #endif /* __AA_APPARMORFS_H */

Re: [PATCH 2/4] AppArmor: add initial "features" directory to securityfs

[John Johansen]

On 01/26/2012 04:29 PM, Kees Cook wrote:
> From: Kees Cook <kees@outflux.net>
> 
> This adds the "features" subdirectory to the AppArmor securityfs
> to display boolean features flags and the known capability mask.
> 
> Signed-off-by: Kees Cook <kees@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>

> ---
>  security/apparmor/apparmorfs.c         |   52 ++++++++++++++++++++++++++++++++
>  security/apparmor/include/apparmorfs.h |   14 ++++++++
>  2 files changed, 66 insertions(+), 0 deletions(-)
> 
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 1e22bb3..36efe64 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -18,6 +18,7 @@
>  #include <linux/seq_file.h>
>  #include <linux/uaccess.h>
>  #include <linux/namei.h>
> +#include <linux/capability.h>
>  
>  #include "include/apparmor.h"
>  #include "include/apparmorfs.h"
> @@ -142,12 +143,63 @@ static const struct file_operations aa_fs_profile_remove = {
>  	.llseek = default_llseek,
>  };
>  
> +static int aa_fs_seq_show(struct seq_file *seq, void *v)
> +{
> +	struct aa_fs_entry *fs_file = seq->private;
> +
> +	if (!fs_file)
> +		return 0;
> +
> +	switch (fs_file->v_type) {
> +	case AA_FS_TYPE_BOOLEAN:
> +		seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
> +		break;
> +	case AA_FS_TYPE_U64:
> +		seq_printf(seq, "%#08lx\n", fs_file->v.u64);
> +		break;
> +	default:
> +		/* Ignore unpritable entry types. */
> +		break;
> +	}
> +
> +	return 0;
> +}
> +
> +static int aa_fs_seq_open(struct inode *inode, struct file *file)
> +{
> +	return single_open(file, aa_fs_seq_show, inode->i_private);
> +}
> +
> +const struct file_operations aa_fs_seq_file_ops = {
> +	.owner		= THIS_MODULE,
> +	.open		= aa_fs_seq_open,
> +	.read		= seq_read,
> +	.llseek		= seq_lseek,
> +	.release	= single_release,
> +};
> +
>  /** Base file system setup **/
>  
> +static struct aa_fs_entry aa_fs_entry_domain[] = {
> +	AA_FS_FILE_BOOLEAN("change_hat",	1),
> +	AA_FS_FILE_BOOLEAN("change_hatv",	1),
> +	AA_FS_FILE_BOOLEAN("change_onexec",	1),
> +	AA_FS_FILE_BOOLEAN("change_profile",	1),
> +	{ }
> +};
> +
> +static struct aa_fs_entry aa_fs_entry_features[] = {
> +	AA_FS_DIR("domain",			aa_fs_entry_domain),
> +	AA_FS_FILE_BOOLEAN("namespaces",	1),
> +	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
> +	{ }
> +};
> +
>  static struct aa_fs_entry aa_fs_entry_apparmor[] = {
>  	AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load),
>  	AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace),
>  	AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove),
> +	AA_FS_DIR("features", aa_fs_entry_features),
>  	{ }
>  };
>  
> diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
> index 4fdf02f..16e6545 100644
> --- a/security/apparmor/include/apparmorfs.h
> +++ b/security/apparmor/include/apparmorfs.h
> @@ -16,6 +16,8 @@
>  #define __AA_APPARMORFS_H
>  
>  enum aa_fs_type {
> +	AA_FS_TYPE_BOOLEAN,
> +	AA_FS_TYPE_U64,
>  	AA_FS_TYPE_FOPS,
>  	AA_FS_TYPE_DIR,
>  };
> @@ -28,11 +30,23 @@ struct aa_fs_entry {
>  	umode_t mode;
>  	enum aa_fs_type v_type;
>  	union {
> +		bool boolean;
> +		unsigned long u64;
>  		struct aa_fs_entry *files;
>  	} v;
>  	const struct file_operations *file_ops;
>  };
>  
> +extern const struct file_operations aa_fs_seq_file_ops;
> +
> +#define AA_FS_FILE_BOOLEAN(_name, _value) \
> +	{ .name = (_name), .mode = 0444, \
> +	  .v_type = AA_FS_TYPE_BOOLEAN, .v.boolean = (_value), \
> +	  .file_ops = &aa_fs_seq_file_ops }
> +#define AA_FS_FILE_U64(_name, _value) \
> +	{ .name = (_name), .mode = 0444, \
> +	  .v_type = AA_FS_TYPE_U64, .v.u64 = (_value), \
> +	  .file_ops = &aa_fs_seq_file_ops }
>  #define AA_FS_FILE_FOPS(_name, _mode, _fops) \
>  	{ .name = (_name), .v_type = AA_FS_TYPE_FOPS, \
>  	  .mode = (_mode), .file_ops = (_fops) }

Re: [PATCH 3/4] AppArmor: add "file" details to securityfs

[John Johansen]

On 01/26/2012 04:29 PM, Kees Cook wrote:
> Create the "file" directory in the securityfs for tracking features
> related to files.
> 
> Signed-off-by: Kees Cook <kees@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>

> ---
>  security/apparmor/apparmorfs.c         |   10 ++++++++++
>  security/apparmor/include/apparmorfs.h |    6 ++++++
>  2 files changed, 16 insertions(+), 0 deletions(-)
> 
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 36efe64..68ce771 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -154,6 +154,9 @@ static int aa_fs_seq_show(struct seq_file *seq, void *v)
>  	case AA_FS_TYPE_BOOLEAN:
>  		seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
>  		break;
> +	case AA_FS_TYPE_STRING:
> +		seq_printf(seq, "%s\n", fs_file->v.string);
> +		break;
>  	case AA_FS_TYPE_U64:
>  		seq_printf(seq, "%#08lx\n", fs_file->v.u64);
>  		break;
> @@ -180,6 +183,12 @@ const struct file_operations aa_fs_seq_file_ops = {
>  
>  /** Base file system setup **/
>  
> +static struct aa_fs_entry aa_fs_entry_file[] = {
> +	AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
> +				  "link lock"),
> +	{ }
> +};
> +
>  static struct aa_fs_entry aa_fs_entry_domain[] = {
>  	AA_FS_FILE_BOOLEAN("change_hat",	1),
>  	AA_FS_FILE_BOOLEAN("change_hatv",	1),
> @@ -190,6 +199,7 @@ static struct aa_fs_entry aa_fs_entry_domain[] = {
>  
>  static struct aa_fs_entry aa_fs_entry_features[] = {
>  	AA_FS_DIR("domain",			aa_fs_entry_domain),
> +	AA_FS_DIR("file",			aa_fs_entry_file),
>  	AA_FS_FILE_BOOLEAN("namespaces",	1),
>  	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
>  	{ }
> diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
> index 16e6545..7ea4769 100644
> --- a/security/apparmor/include/apparmorfs.h
> +++ b/security/apparmor/include/apparmorfs.h
> @@ -17,6 +17,7 @@
>  
>  enum aa_fs_type {
>  	AA_FS_TYPE_BOOLEAN,
> +	AA_FS_TYPE_STRING,
>  	AA_FS_TYPE_U64,
>  	AA_FS_TYPE_FOPS,
>  	AA_FS_TYPE_DIR,
> @@ -31,6 +32,7 @@ struct aa_fs_entry {
>  	enum aa_fs_type v_type;
>  	union {
>  		bool boolean;
> +		char *string;
>  		unsigned long u64;
>  		struct aa_fs_entry *files;
>  	} v;
> @@ -43,6 +45,10 @@ extern const struct file_operations aa_fs_seq_file_ops;
>  	{ .name = (_name), .mode = 0444, \
>  	  .v_type = AA_FS_TYPE_BOOLEAN, .v.boolean = (_value), \
>  	  .file_ops = &aa_fs_seq_file_ops }
> +#define AA_FS_FILE_STRING(_name, _value) \
> +	{ .name = (_name), .mode = 0444, \
> +	  .v_type = AA_FS_TYPE_STRING, .v.string = (_value), \
> +	  .file_ops = &aa_fs_seq_file_ops }
>  #define AA_FS_FILE_U64(_name, _value) \
>  	{ .name = (_name), .mode = 0444, \
>  	  .v_type = AA_FS_TYPE_U64, .v.u64 = (_value), \

Re: [PATCH 4/4] AppArmor: export known rlimit names/value mappings in securityfs

[John Johansen]

On 01/26/2012 04:29 PM, Kees Cook wrote:
> Since the parser needs to know which rlimits are known to the kernel,
> export the list via a mask file in the "rlimit" subdirectory in the
> securityfs "features" directory.
> 
> Signed-off-by: Kees Cook <kees@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>


> ---
>  security/apparmor/Makefile           |   24 ++++++++++++++++++------
>  security/apparmor/apparmorfs.c       |    2 ++
>  security/apparmor/include/resource.h |    4 ++++
>  security/apparmor/resource.c         |    5 +++++
>  4 files changed, 29 insertions(+), 6 deletions(-)
> 
> diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
> index 2dafe50..86103ce 100644
> --- a/security/apparmor/Makefile
> +++ b/security/apparmor/Makefile
> @@ -28,25 +28,37 @@ cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ;\
>  #    [RLIMIT_STACK] = "stack",
>  #
>  # and build a second integer table (with the second sed cmd), that maps
> -# RLIMIT defines to the order defined in asm-generic/resource.h  Thi is
> +# RLIMIT defines to the order defined in asm-generic/resource.h  This is
>  # required by policy load to map policy ordering of RLIMITs to internal
>  # ordering for architectures that redefine an RLIMIT.
>  # Transforms lines from
>  #    #define RLIMIT_STACK		3	/* max stack size */
>  # to
>  # RLIMIT_STACK, 
> +#
> +# and build the securityfs entries for the mapping.
> +# Transforms lines from
> +#    #define RLIMIT_FSIZE        1   /* Maximum filesize */
> +#    #define RLIMIT_STACK		3	/* max stack size */
> +# to
> +# #define AA_FS_RLIMIT_MASK "fsize stack"
>  quiet_cmd_make-rlim = GEN     $@
> -cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ;\
> +cmd_make-rlim = echo "static const char *rlim_names[RLIM_NLIMITS] = {" > $@ ;\
>  	sed $< >> $@ -r -n \
>  	    -e 's/^\# ?define[ \t]+(RLIMIT_([A-Z0-9_]+)).*/[\1] = "\L\2",/p';\
>  	echo "};" >> $@ ;\
> -	echo "static const int rlim_map[] = {" >> $@ ;\
> +	echo "static const int rlim_map[RLIM_NLIMITS] = {" >> $@ ;\
>  	sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
> -	echo "};" >> $@
> +	echo "};" >> $@ ; \
> +	echo -n '\#define AA_FS_RLIMIT_MASK "' >> $@ ;\
> +	sed -r -n 's/^\# ?define[ \t]+RLIMIT_([A-Z0-9_]+).*/\L\1/p' $< | \
> +	    tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
>  
>  $(obj)/capability.o : $(obj)/capability_names.h
>  $(obj)/resource.o : $(obj)/rlim_names.h
> -$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
> +$(obj)/capability_names.h : $(srctree)/include/linux/capability.h \
> +			    $(src)/Makefile
>  	$(call cmd,make-caps)
> -$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
> +$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h \
> +		      $(src)/Makefile
>  	$(call cmd,make-rlim)
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 68ce771..38d6262 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -25,6 +25,7 @@
>  #include "include/audit.h"
>  #include "include/context.h"
>  #include "include/policy.h"
> +#include "include/resource.h"
>  
>  /**
>   * aa_simple_write_to_buffer - common routine for getting policy from user
> @@ -202,6 +203,7 @@ static struct aa_fs_entry aa_fs_entry_features[] = {
>  	AA_FS_DIR("file",			aa_fs_entry_file),
>  	AA_FS_FILE_BOOLEAN("namespaces",	1),
>  	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
> +	AA_FS_DIR("rlimit",			aa_fs_entry_rlimit),
>  	{ }
>  };
>  
> diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
> index 02baec7..d3f4cf0 100644
> --- a/security/apparmor/include/resource.h
> +++ b/security/apparmor/include/resource.h
> @@ -18,6 +18,8 @@
>  #include <linux/resource.h>
>  #include <linux/sched.h>
>  
> +#include "apparmorfs.h"
> +
>  struct aa_profile;
>  
>  /* struct aa_rlimit - rlimit settings for the profile
> @@ -32,6 +34,8 @@ struct aa_rlimit {
>  	struct rlimit limits[RLIM_NLIMITS];
>  };
>  
> +extern struct aa_fs_entry aa_fs_entry_rlimit[];
> +
>  int aa_map_resource(int resource);
>  int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,
>  		      unsigned int resource, struct rlimit *new_rlim);
> diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
> index a4136c1..72c25a4 100644
> --- a/security/apparmor/resource.c
> +++ b/security/apparmor/resource.c
> @@ -23,6 +23,11 @@
>   */
>  #include "rlim_names.h"
>  
> +struct aa_fs_entry aa_fs_entry_rlimit[] = {
> +	AA_FS_FILE_STRING("mask", AA_FS_RLIMIT_MASK),
> +	{ }
> +};
> +
>  /* audit callback for resource specific fields */
>  static void audit_cb(struct audit_buffer *ab, void *va)
>  {

Re: [PATCH 0/4] AppArmor: refactor securityfs to use structures

[John Johansen]

On 01/26/2012 04:29 PM, Kees Cook wrote:
> This is the ground-work for expanding the AppArmor securityfs to include
> useful information that the userspace tools can more easily interact with.
> Presently, this is only static information about the state of AppArmor.
> 
James,

if no one else has issues with these, I will pull these patches into the
apparmor tree to batch them together as pull request with some other
apparmor patches

Re: [PATCH 0/4] AppArmor: refactor securityfs to use structures

[Kees Cook]

Hi Casey,

On Fri, Jan 27, 2012 at 10:54:12AM -0800, Casey Schaufler wrote:
> On 1/26/2012 4:29 PM, Kees Cook wrote:
> >This is the ground-work for expanding the AppArmor securityfs to include
> >useful information that the userspace tools can more easily interact with.
> >Presently, this is only static information about the state of AppArmor.
> 
> If you're making changes for securityfs do you suppose that
> you might do all of us LSM developers a huge favor and add an
> entry that reports the active LSM? It's something that has been
> on my todo list for ages and would make everyone's life so much
> easier. /sys/kernel/security/LSM which contains the name of the
> active LSM would be very handy.

Should that appear in the securityfs? Normally one can just mount it
and look to see what's in there. And, I'm nervous to add a file here
without a good LSM stacking plan yet. I'd hate to create another interface
that needs to be redefined later. :)

-Kees

-- 
Kees Cook

Re: [PATCH 0/4] AppArmor: refactor securityfs to use structures

[James Morris]

On Fri, 27 Jan 2012, John Johansen wrote:

> On 01/26/2012 04:29 PM, Kees Cook wrote:
> > This is the ground-work for expanding the AppArmor securityfs to include
> > useful information that the userspace tools can more easily interact with.
> > Presently, this is only static information about the state of AppArmor.
> > 
> James,
> 
> if no one else has issues with these, I will pull these patches into the
> apparmor tree to batch them together as pull request with some other
> apparmor patches

Great.


-- 
James Morris
<jmorris@namei.org>