leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

apparmor: add namespace lookup fns()

Browse Source 
Currently lookups are restricted to a single ns component in the
path. However when namespaces are allowed to have separate views, and
scopes this will not be sufficient, as it will be possible to have
a multiple component ns path in scope.

Add some ns lookup fns() to allow this and use them.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2017-06-02 17:44:27 -07:00
parent ae3b316536
commit 3664268f19
3 changed files with 73 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
security/apparmor/policy.c
View File

@@ -566,7 +566,7 @@ struct aa_profile *aa_fqlookupn_profile(struct aa_profile *base,
name = aa_splitn_fqname(fqname, n, &ns_name, &ns_len);
if (ns_name) {
ns = aa_findn_ns(base->ns, ns_name, ns_len);
ns = aa_lookupn_ns(base->ns, ns_name, ns_len);
if (!ns)
return NULL;
} else
@@ -1108,7 +1108,7 @@ ssize_t aa_remove_profiles(struct aa_ns *view, struct aa_profile *subj,
struct aa_ns *root = NULL, *ns = NULL;
struct aa_profile *profile = NULL;
const char *name = fqname, *info = NULL;
char *ns_name = NULL;
const char *ns_name = NULL;
ssize_t error = 0;
if (*fqname == 0) {
@@ -1120,9 +1120,11 @@ ssize_t aa_remove_profiles(struct aa_ns *view, struct aa_profile *subj,
root = view;
if (fqname[0] == ':') {
name = aa_split_fqname(fqname, &ns_name);
size_t ns_len;
name = aa_splitn_fqname(fqname, size, &ns_name, &ns_len);
/* released below */
ns = aa_find_ns(root, ns_name);
ns = aa_lookupn_ns(root, ns_name, ns_len);
if (!ns) {
info = "namespace does not exist";
error = -ENOENT;