From: John Johansen <john.johansen@canonical.com> To: linux-security-module@vger.kernel.org Cc: linux-kernel@vger.kernel.org Subject: [PATCH 7/8] apparmor: allow specifying an already created dir to create ns entries in Date: Thu, 25 May 2017 08:32:24 -0700 [thread overview] Message-ID: <20170525153225.19070-8-john.johansen@canonical.com> (raw) In-Reply-To: <20170525153225.19070-1-john.johansen@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org> --- security/apparmor/apparmorfs.c | 9 +++++---- security/apparmor/include/apparmorfs.h | 4 ++-- security/apparmor/policy_ns.c | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 74c3bfd1af8d..f45aeb77e1f0 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1338,11 +1338,12 @@ static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir) /* * Requires: @ns->lock held */ -int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name) +int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, + struct dentry *dent) { struct aa_ns *sub; struct aa_profile *child; - struct dentry *dent, *dir; + struct dentry *dir; int error; AA_BUG(!ns); @@ -1372,7 +1373,7 @@ int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name) /* subnamespaces */ list_for_each_entry(sub, &ns->sub_ns, base.list) { mutex_lock(&sub->lock); - error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL); + error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL); mutex_unlock(&sub->lock); if (error) goto fail2; @@ -1928,7 +1929,7 @@ static int __init aa_create_aafs(void) ns_subremove(root_ns) = dent; mutex_lock(&root_ns->lock); - error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy"); + error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy", NULL); mutex_unlock(&root_ns->lock); if (error) diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h index bcad87740cb6..071a59a1f056 100644 --- a/security/apparmor/include/apparmorfs.h +++ b/security/apparmor/include/apparmorfs.h @@ -112,8 +112,8 @@ void __aafs_profile_migrate_dents(struct aa_profile *old, struct aa_profile *new); int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent); void __aafs_ns_rmdir(struct aa_ns *ns); -int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, - const char *name); +int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, + struct dentry *dent); struct aa_loaddata; void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata); diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c index 0a8bc4e887ef..7d7c23705be2 100644 --- a/security/apparmor/policy_ns.c +++ b/security/apparmor/policy_ns.c @@ -196,7 +196,7 @@ static struct aa_ns *__aa_create_ns(struct aa_ns *parent, const char *name, if (!ns) return NULL; mutex_lock(&ns->lock); - error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name); + error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name, dir); if (error) { AA_ERROR("Failed to create interface for ns %s\n", ns->base.name); -- 2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: john.johansen@canonical.com (John Johansen) To: linux-security-module@vger.kernel.org Subject: [PATCH 7/8] apparmor: allow specifying an already created dir to create ns entries in Date: Thu, 25 May 2017 08:32:24 -0700 [thread overview] Message-ID: <20170525153225.19070-8-john.johansen@canonical.com> (raw) In-Reply-To: <20170525153225.19070-1-john.johansen@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org> --- security/apparmor/apparmorfs.c | 9 +++++---- security/apparmor/include/apparmorfs.h | 4 ++-- security/apparmor/policy_ns.c | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 74c3bfd1af8d..f45aeb77e1f0 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1338,11 +1338,12 @@ static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir) /* * Requires: @ns->lock held */ -int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name) +int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, + struct dentry *dent) { struct aa_ns *sub; struct aa_profile *child; - struct dentry *dent, *dir; + struct dentry *dir; int error; AA_BUG(!ns); @@ -1372,7 +1373,7 @@ int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name) /* subnamespaces */ list_for_each_entry(sub, &ns->sub_ns, base.list) { mutex_lock(&sub->lock); - error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL); + error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL); mutex_unlock(&sub->lock); if (error) goto fail2; @@ -1928,7 +1929,7 @@ static int __init aa_create_aafs(void) ns_subremove(root_ns) = dent; mutex_lock(&root_ns->lock); - error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy"); + error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy", NULL); mutex_unlock(&root_ns->lock); if (error) diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h index bcad87740cb6..071a59a1f056 100644 --- a/security/apparmor/include/apparmorfs.h +++ b/security/apparmor/include/apparmorfs.h @@ -112,8 +112,8 @@ void __aafs_profile_migrate_dents(struct aa_profile *old, struct aa_profile *new); int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent); void __aafs_ns_rmdir(struct aa_ns *ns); -int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, - const char *name); +int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, + struct dentry *dent); struct aa_loaddata; void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata); diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c index 0a8bc4e887ef..7d7c23705be2 100644 --- a/security/apparmor/policy_ns.c +++ b/security/apparmor/policy_ns.c @@ -196,7 +196,7 @@ static struct aa_ns *__aa_create_ns(struct aa_ns *parent, const char *name, if (!ns) return NULL; mutex_lock(&ns->lock); - error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name); + error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name, dir); if (error) { AA_ERROR("Failed to create interface for ns %s\n", ns->base.name); -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-05-25 15:33 UTC|newest] Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-05-25 15:32 [Patch v2 0/8] securityfs: add the ability to support symlinks John Johansen 2017-05-25 15:32 ` John Johansen 2017-05-25 15:32 ` [PATCH 1/8] " John Johansen 2017-05-25 15:32 ` John Johansen 2017-05-25 15:32 ` [PATCH 2/8] apparmor: move to per loaddata files, instead of replicating in profiles John Johansen 2017-05-25 15:32 ` John Johansen 2017-05-25 15:32 ` [PATCH 3/8] apparmor: use macro template to simplify profile seq_files John Johansen 2017-05-25 15:32 ` John Johansen 2017-05-25 15:32 ` [PATCH 4/8] apparmor: use macro template to simplify namespace seq_files John Johansen 2017-05-25 15:32 ` John Johansen 2017-05-25 15:32 ` [PATCH 5/8] apparmor: add custom apparmorfs that will be used by policy namespace files John Johansen 2017-05-25 15:32 ` John Johansen 2017-05-25 15:32 ` [PATCH 6/8] apparmor: rename apparmor file fns and data to indicate use John Johansen 2017-05-25 15:32 ` John Johansen 2017-05-25 15:32 ` John Johansen [this message] 2017-05-25 15:32 ` [PATCH 7/8] apparmor: allow specifying an already created dir to create ns entries in John Johansen 2017-05-25 15:32 ` [PATCH 8/8] apparmor: convert from securityfs to apparmorfs for policy ns files John Johansen 2017-05-25 15:32 ` John Johansen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170525153225.19070-8-john.johansen@canonical.com \ --to=john.johansen@canonical.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.