Google Git
Sign in
kernel/pub/scm/linux/kernel/git/jj/linux-apparmor/refs/heads/debian-two-patch-1780227
commit
5344401b1fed6ff96b70097013f46d95f0b038db
[log] [tgz]
author
John Johansen <john.johansen@canonical.com>
Sat May 07 01:58:36 2022 -0700
committer
John Johansen <john.johansen@canonical.com>
Fri May 24 14:31:13 2024 -0700
tree
e740e079d71e4c636134ddbb640fbe56b9dedd42
parent
c9e680e81b9db487e3627af3df8b13e1675892b3 [diff]
apparmor: fix apparmor mediating locking non-fs unix sockets

[ Upstream commit 1cf26c3d2c4c2098e39a9905174d7842b531e693 ]

the v8 and earlier policy does not encode the locking permission for
no-fs unix sockets. However the kernel is enforcing mediation.

Add the AA_MAY_LOCK perm to v8 and earlier computed perm mask which will
grant permission for all current abi profiles, but still allow specifying
auditing of the operation if needed.

Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052130
Link: http://bugs.launchpad.net/bugs/1780227
Fixes: 56974a6fcfef ("apparmor: add base infastructure for socket mediation")
Signed-off-by: John Johansen <john.johansen@canonical.com>
[ jj: backport to v6.1 by replacing aa_state_t with unsigned int
  as commit 33fc95d8293c is not present. ]
Tested-by: Mathias Gibbens <gibmat@debian.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
1 file changed
tree: e740e079d71e4c636134ddbb640fbe56b9dedd42
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .cocciconfig
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .mailmap
  31. .rustfmt.toml
  32. COPYING
  33. CREDITS
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README