- fix regression in mount mediation when feature set is pinned
-----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJaUiTsAAoJEAUvNnAY1cPYA1MP/37LQRImjRGq0wGp9RE1BrCI VobxrcnzmfMSTlGYGHJOXt81dy6Xr+qcri9Qfr+x4fb79R49NOS+2usQZ3gHu05+ WZOgTOut87uGDzNSWawn9HrsCs89obi+G8jVBt1gCcG4oazp00EHiFQEy6Lkt9D0 5JB4Sx53aTPcqkS/uDrEIDtClnBn/c5EYInKMh4aTaDOAaOAva67n6QELRWyUHoz y1uf7YQWOoUkuQIgGFhsH/mcvSu71W4ZbIO1CuvsTBcUdXi0q7Hdp23EWdLuYgPe dPTs1ibhE7gEg0xJ5f2lqF8uL8XYAsZGSWhgPDtcbWq+kpRIGa8TuHhuca84tRMU 6hf3xZwqYFItG9fzLxD6ZJdEmYdHFxlY6KHQ+azTxUdkomJJB72wsRdhB679+Xsa GMGJ4W4xxUHX+2u5I7p/5FifzmHf2g6YK+v4kkz1U8d9Vgh68b20V+ioC7RgR6k6 qDuVxs0K3g5ikP8WQKzHwKfEp1Z62uHV8HnsmRmuYzoPzbPy3szmgM8tGk+/02Qw JHEf/umPauG1QjHLMU8HkiB6OP8wFs0Y/mma+Iqy2WrFFPo0oa3A4AW3HKRC5imS lUryPugYAoioAcu4raYZYKw/fv16YKP0wwbcLKKH2jA6TlUqseJaCW6K1asgMqbh 72UyDLCIjrAmlhpSdLhg =b5fz -----END PGP SIGNATURE----- Merge tag 'apparmor-pr-2018-01-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor Pull apparmor fix from John Johansen: "This fixes a regression when the kernel feature set is reported as supporting mount and policy is pinned to a feature set that does not support mount mediation" * tag 'apparmor-pr-2018-01-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: fix regression in mount mediation when feature set is pinned
This commit is contained in:
commit
9cfd403a7c
|
@ -329,6 +329,9 @@ static int match_mnt_path_str(struct aa_profile *profile,
|
|||
AA_BUG(!mntpath);
|
||||
AA_BUG(!buffer);
|
||||
|
||||
if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
|
||||
return 0;
|
||||
|
||||
error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer,
|
||||
&mntpnt, &info, profile->disconnected);
|
||||
if (error)
|
||||
|
@ -380,6 +383,9 @@ static int match_mnt(struct aa_profile *profile, const struct path *path,
|
|||
AA_BUG(!profile);
|
||||
AA_BUG(devpath && !devbuffer);
|
||||
|
||||
if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
|
||||
return 0;
|
||||
|
||||
if (devpath) {
|
||||
error = aa_path_name(devpath, path_flags(profile, devpath),
|
||||
devbuffer, &devname, &info,
|
||||
|
@ -558,6 +564,9 @@ static int profile_umount(struct aa_profile *profile, struct path *path,
|
|||
AA_BUG(!profile);
|
||||
AA_BUG(!path);
|
||||
|
||||
if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
|
||||
return 0;
|
||||
|
||||
error = aa_path_name(path, path_flags(profile, path), buffer, &name,
|
||||
&info, profile->disconnected);
|
||||
if (error)
|
||||
|
@ -613,7 +622,8 @@ static struct aa_label *build_pivotroot(struct aa_profile *profile,
|
|||
AA_BUG(!new_path);
|
||||
AA_BUG(!old_path);
|
||||
|
||||
if (profile_unconfined(profile))
|
||||
if (profile_unconfined(profile) ||
|
||||
!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
|
||||
return aa_get_newest_label(&profile->label);
|
||||
|
||||
error = aa_path_name(old_path, path_flags(profile, old_path),
|
||||
|
|
Loading…
Reference in New Issue