GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-23 07:12:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

apparmor: allow setting any profile into the unconfined state

Browse source 
Allow emulating the default profile behavior from boot, by allowing
loading of a profile in the unconfined state into a new NS.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
John Johansen 2013-07-10 21:12:43 -07:00
parent 8651e1d657
commit 038165070a
5 changed files with 22 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
security/apparmor/policy.c
View file

@ -96,6 +96,7 @@ const char *const profile_mode_names[] = {
"enforce",
"complain",
"kill",
"unconfined",
};
/**
@ -290,8 +291,9 @@ static struct aa_namespace *alloc_namespace(const char *prefix,
if (!ns->unconfined)
goto fail_unconfined;
ns->unconfined->flags = PFLAG_UNCONFINED | PFLAG_IX_ON_NAME_ERROR |
PFLAG_IMMUTABLE | PFLAG_NS_COUNT;
ns->unconfined->flags = PFLAG_IX_ON_NAME_ERROR |
PFLAG_IMMUTABLE | PFLAG_NS_COUNT;
ns->unconfined->mode = APPARMOR_UNCONFINED;
/* ns and ns->unconfined share ns->unconfined refcount */
ns->unconfined->ns = ns;