mirror of https://gitee.com/openkylin/linux.git
993b3ab064
The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds hook since it's dealing with the same information, and all of the details are finalized during the first call to the bprm_set_creds hook via prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored via bprm->called_set_creds). Here, all the comments describe how secureexec is actually calculated during bprm_set_creds, so this actually does it, drops the bprm flag that was being used internally by AppArmor, and drops the bprm_secureexec hook. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> |
||
---|---|---|
.. | ||
include | ||
.gitignore | ||
Kconfig | ||
Makefile | ||
apparmorfs.c | ||
audit.c | ||
capability.c | ||
context.c | ||
crypto.c | ||
domain.c | ||
file.c | ||
ipc.c | ||
label.c | ||
lib.c | ||
lsm.c | ||
match.c | ||
nulldfa.in | ||
path.c | ||
policy.c | ||
policy_ns.c | ||
policy_unpack.c | ||
procattr.c | ||
resource.c | ||
secid.c |