GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-23 07:12:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

apparmor: allow setting any profile into the unconfined state

Browse source 
Allow emulating the default profile behavior from boot, by allowing
loading of a profile in the unconfined state into a new NS.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
John Johansen 2013-07-10 21:12:43 -07:00
parent 8651e1d657
commit 038165070a
5 changed files with 22 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
security/apparmor/include/policy.h
View file

@ -56,11 +56,11 @@ enum profile_mode {
APPARMOR_ENFORCE, /* enforce access rules */
APPARMOR_COMPLAIN, /* allow and log access violations */
APPARMOR_KILL, /* kill task on access violation */
APPARMOR_UNCONFINED, /* profile set to unconfined */
};
enum profile_flags {
PFLAG_HAT = 1, /* profile is a hat */
PFLAG_UNCONFINED = 2, /* profile is an unconfined profile */
PFLAG_NULL = 4, /* profile is null learning profile */
PFLAG_IX_ON_NAME_ERROR = 8, /* fallback to ix on name lookup fail */
PFLAG_IMMUTABLE = 0x10, /* don't allow changes/replacement */
@ -199,7 +199,7 @@ struct aa_profile {
struct aa_dfa *xmatch;
int xmatch_len;
enum audit_mode audit;
enum profile_mode mode;
long mode;
long flags;
u32 path_flags;
int size;
@ -240,7 +240,7 @@ ssize_t aa_remove_profiles(char *name, size_t size);
#define PROF_ADD 1
#define PROF_REPLACE 0
#define unconfined(X) ((X)->flags & PFLAG_UNCONFINED)
#define unconfined(X) ((X)->mode == APPARMOR_UNCONFINED)
/**