#
d61c57fd |
| 01-Feb-2021 |
John Johansen <john.johansen@canonical.com> |
apparmor: make export of raw binary profile to userspace optional
Embedded systems have limited space and don't need the introspection or checkpoint restore capability provided by exporting the raw
apparmor: make export of raw binary profile to userspace optional
Embedded systems have limited space and don't need the introspection or checkpoint restore capability provided by exporting the raw profile binary data so make it so make it a config option.
This will reduce run time memory use and also speed up policy loads.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
d0d845a7 |
| 30-Jul-2021 |
Hamza Mahfooz <someguy@effective-light.com> |
apparmor: use per file locks for transactional queries
As made mention of in commit 1dea3b41e84c5 ("apparmor: speed up transactional queries"), a single lock is currently used to synchronize transac
apparmor: use per file locks for transactional queries
As made mention of in commit 1dea3b41e84c5 ("apparmor: speed up transactional queries"), a single lock is currently used to synchronize transactional queries. We can, use the lock allocated for each file by VFS instead.
Signed-off-by: Hamza Mahfooz <someguy@effective-light.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
aa4ceed7 |
| 07-Jun-2021 |
ChenXiaoSong <chenxiaosong2@huawei.com> |
apparmor: fix doc warning
Fix gcc W=1 warning:
security/apparmor/apparmorfs.c:2125: warning: Function parameter or member 'p' not described in '__next_profile'
Signed-off-by: ChenXiaoSong <chenxia
apparmor: fix doc warning
Fix gcc W=1 warning:
security/apparmor/apparmorfs.c:2125: warning: Function parameter or member 'p' not described in '__next_profile'
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
92de220a |
| 30-Jun-2020 |
John Johansen <john.johansen@canonical.com> |
apparmor: update policy capable checks to use a label
Previously the policy capable checks assumed they were using the current task. Make them take the task label so the query can be made against an
apparmor: update policy capable checks to use a label
Previously the policy capable checks assumed they were using the current task. Make them take the task label so the query can be made against an arbitrary task.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
bf7ebebc |
| 14-Jun-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management stru
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
bf7ebebc |
| 14-Jun-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management stru
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
bf7ebebc |
| 14-Jun-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management stru
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
bf7ebebc |
| 14-Jun-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management stru
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
bf7ebebc |
| 14-Jun-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management stru
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
bf7ebebc |
| 14-Jun-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management stru
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
bf7ebebc |
| 14-Jun-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management stru
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
bf7ebebc |
| 14-Jun-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management stru
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
bf7ebebc |
| 14-Jun-2022 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management stru
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
549c7297 |
| 21-Jan-2021 |
Christian Brauner <christian.brauner@ubuntu.com> |
fs: make helpers idmap mount aware
Extend some inode methods with an additional user namespace argument. A filesystem that is aware of idmapped mounts will receive the user namespace the mount has b
fs: make helpers idmap mount aware
Extend some inode methods with an additional user namespace argument. A filesystem that is aware of idmapped mounts will receive the user namespace the mount has been marked with. This can be used for additional permission checking and also to enable filesystems to translate between uids and gids if they need to. We have implemented all relevant helpers in earlier patches.
As requested we simply extend the exisiting inode method instead of introducing new ones. This is a little more code churn but it's mostly mechanical and doesnt't leave us with additional inode methods.
Link: https://lore.kernel.org/r/20210121131959.646623-25-christian.brauner@ubuntu.com Cc: Christoph Hellwig <hch@lst.de> Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
show more ...
|
#
9801ca27 |
| 15-Dec-2020 |
Andy Shevchenko <andriy.shevchenko@linux.intel.com> |
apparmor: remove duplicate macro list_entry_is_head()
Strangely I hadn't had noticed the existence of the list_entry_is_head() in apparmor code when added the same one in the list.h. Luckily it's f
apparmor: remove duplicate macro list_entry_is_head()
Strangely I hadn't had noticed the existence of the list_entry_is_head() in apparmor code when added the same one in the list.h. Luckily it's fully identical and didn't break builds. In any case we don't need a duplicate anymore, thus remove it from apparmor code.
Link: https://lkml.kernel.org/r/20201208100639.88182-1-andriy.shevchenko@linux.intel.com Fixes: e130816164e244 ("include/linux/list.h: add a macro to test if entry is pointing to the head") Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by: John Johansen <john.johansen@canonical.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E . Hallyn " <serge@hallyn.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
show more ...
|
#
c6b39f07 |
| 20-Apr-2020 |
Xiyu Yang <xiyuyang19@fudan.edu.cn> |
apparmor: Fix aa_label refcnt leak in policy_update
policy_update() invokes begin_current_label_crit_section(), which returns a reference of the updated aa_label object to "label" with increased ref
apparmor: Fix aa_label refcnt leak in policy_update
policy_update() invokes begin_current_label_crit_section(), which returns a reference of the updated aa_label object to "label" with increased refcount.
When policy_update() returns, "label" becomes invalid, so the refcount should be decreased to keep refcount balanced.
The reference counting issue happens in one exception handling path of policy_update(). When aa_may_manage_policy() returns not NULL, the refcnt increased by begin_current_label_crit_section() is not decreased, causing a refcnt leak.
Fix this issue by jumping to "end_section" label when aa_may_manage_policy() returns not NULL.
Fixes: 5ac8c355ae00 ("apparmor: allow introspecting the loaded policy pre internal transform") Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
fe9fd23e |
| 07-May-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
apparmor: Replace zero-length array with flexible-array
The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variabl
apparmor: Replace zero-length array with flexible-array
The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99:
struct foo { int stuff; struct boo array[]; };
By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by this change:
"Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1]
sizeof(flexible-array-member) triggers a warning because flexible array members have incomplete type[1]. There are some instances of code in which the sizeof operator is being incorrectly/erroneously applied to zero-length arrays and the result is zero. Such instances may be hiding some bugs. So, this work (flexible-array member conversions) will also help to get completely rid of those sorts of issues.
This issue was found with the help of Coccinelle.
[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
Revision tags: v5.6, v5.4.28, v5.4.27, v5.4.26, v5.4.25, v5.4.24, v5.4.23, v5.4.22, v5.4.21, v5.4.20, v5.4.19, v5.4.18, v5.4.17, v5.4.16, v5.5, v5.4.15, v5.4.14, v5.4.13, v5.4.12, v5.4.11, v5.4.10, v5.4.9, v5.4.8, v5.4.7, v5.4.6, v5.4.5, v5.4.4, v5.4.3, v5.3.15, v5.4.2, v5.4.1, v5.3.14, v5.4, v5.3.13, v5.3.12, v5.3.11, v5.3.10, v5.3.9, v5.3.8, v5.3.7, v5.3.6, v5.3.5, v5.3.4, v5.3.3, v5.3.2, v5.3.1, v5.3, v5.2.14, v5.3-rc8, v5.2.13, v5.2.12, v5.2.11, v5.2.10, v5.2.9, v5.2.8, v5.2.7, v5.2.6, v5.2.5 |
|
#
0df34a64 |
| 30-Jul-2019 |
John Johansen <john.johansen@canonical.com> |
apparmor: add outofband transition and use it in xattr match
There are cases where the a special out of band transition that can not be triggered by input is useful in separating match conditions in
apparmor: add outofband transition and use it in xattr match
There are cases where the a special out of band transition that can not be triggered by input is useful in separating match conditions in the dfa encoding.
The null_transition is currently used as an out of band transition for match conditions that can not contain a \0 in their input but apparmor needs an out of band transition for cases where the match condition is allowed to contain any input character.
Achieve this by allowing for an explicit transition out of input range that can only be triggered by code.
Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
a68d59ff |
| 24-Sep-2019 |
John Johansen <john.johansen@canonical.com> |
apparmor: remove useless aafs_create_symlink
commit 1180b4c757aa ("apparmor: fix dangling symlinks to policy rawdata after replacement") reworked how the rawdata symlink is handled but failedto remo
apparmor: remove useless aafs_create_symlink
commit 1180b4c757aa ("apparmor: fix dangling symlinks to policy rawdata after replacement") reworked how the rawdata symlink is handled but failedto remove aafs_create_symlink which was reduced to a useles stub.
Fixes: 1180b4c757aa ("apparmor: fix dangling symlinks to policy rawdata after replacement") Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
8c62ed27 |
| 02-Jan-2020 |
John Johansen <john.johansen@canonical.com> |
apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock
aa_xattrs_match() is unfortunately calling vfs_getxattr_alloc() from a context protected by an rcu_read_lock. This can not be done
apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock
aa_xattrs_match() is unfortunately calling vfs_getxattr_alloc() from a context protected by an rcu_read_lock. This can not be done as vfs_getxattr_alloc() may sleep regardles of the gfp_t value being passed to it.
Fix this by breaking the rcu_read_lock on the policy search when the xattr match feature is requested and restarting the search if a policy changes occur.
Fixes: 8e51f9087f40 ("apparmor: Add support for attaching profiles via xattr, presence and value") Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com> Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|
#
1bc82070 |
| 06-Dec-2019 |
Aleksa Sarai <cyphar@cyphar.com> |
namei: allow nd_jump_link() to produce errors
In preparation for LOOKUP_NO_MAGICLINKS, it's necessary to add the ability for nd_jump_link() to return an error which the corresponding get_link() call
namei: allow nd_jump_link() to produce errors
In preparation for LOOKUP_NO_MAGICLINKS, it's necessary to add the ability for nd_jump_link() to return an error which the corresponding get_link() caller must propogate back up to the VFS.
Suggested-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
show more ...
|
Revision tags: v5.2.4, v5.2.3, v5.2.2, v5.2.1, v5.2, v5.1.16, v5.1.15, v5.1.14, v5.1.13, v5.1.12, v5.1.11, v5.1.10, v5.1.9, v5.1.8, v5.1.7, v5.1.6, v5.1.5, v5.1.4, v5.1.3, v5.1.2, v5.1.1, v5.0.14, v5.1, v5.0.13, v5.0.12, v5.0.11, v5.0.10, v5.0.9, v5.0.8, v5.0.7, v5.0.6, v5.0.5 |
|
#
b0ecc9da |
| 25-Mar-2019 |
David Howells <dhowells@redhat.com> |
vfs: Convert apparmorfs to use the new mount API
Convert the apparmorfs filesystem to the new internal mount API as the old one will be obsoleted and removed. This allows greater flexibility in com
vfs: Convert apparmorfs to use the new mount API
Convert the apparmorfs filesystem to the new internal mount API as the old one will be obsoleted and removed. This allows greater flexibility in communication of mount parameters between userspace, the VFS and the filesystem.
See Documentation/filesystems/mount_api.txt for more information.
Signed-off-by: David Howells <dhowells@redhat.com> cc: John Johansen <john.johansen@canonical.com> cc: apparmor@lists.ubuntu.com cc: linux-security-module@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
show more ...
|
#
b886d83c |
| 01-Jun-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of th
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 315 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Armijn Hemel <armijn@tjaldur.nl> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
27afa27d |
| 15-Apr-2019 |
Al Viro <viro@zeniv.linux.org.uk> |
apparmor: switch to ->free_inode()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
Revision tags: v5.0.4, v5.0.3, v4.19.29, v5.0.2, v4.19.28, v5.0.1, v4.19.27, v5.0, v4.19.26, v4.19.25, v4.19.24, v4.19.23, v4.19.22, v4.19.21, v4.19.20, v4.19.19, v4.19.18 |
|
#
63c16c3a |
| 23-Jan-2019 |
Chris Coulson <chris.coulson@canonical.com> |
apparmor: Initial implementation of raw policy blob compression
This adds an initial implementation of raw policy blob compression, using deflate. Compression level can be controlled via a new sysct
apparmor: Initial implementation of raw policy blob compression
This adds an initial implementation of raw policy blob compression, using deflate. Compression level can be controlled via a new sysctl, "apparmor.rawdata_compression_level", which can be set to a value between 0 (no compression) and 9 (highest compression).
Signed-off-by: Chris Coulson <chris.coulson@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
show more ...
|