]>
Commit | Line | Data |
---|---|---|
6a930a95 BS |
1 | From: Jeff Mahoney <jeffm@suse.com> |
2 | Subject: apparmor: use new ptrace security_operations | |
3 | ||
4 | This patch implements the new ptrace security_operations members. | |
5 | ||
6 | ->ptrace was changed to ->ptrace_may_access and ->ptrace_traceme. | |
7 | ||
8 | The apparmor versions are really just wrappers for the old function. | |
9 | ||
10 | Signed-off-by: Jeff Mahoney <jeffm@suse.com> | |
11 | ||
12 | --- | |
13 | security/apparmor/lsm.c | 17 +++++++++++++++-- | |
14 | 1 file changed, 15 insertions(+), 2 deletions(-) | |
15 | ||
16 | --- a/security/apparmor/lsm.c | |
17 | +++ b/security/apparmor/lsm.c | |
18 | @@ -158,7 +158,7 @@ static int aa_reject_syscall(struct task | |
19 | } | |
20 | ||
21 | static int apparmor_ptrace(struct task_struct *parent, | |
22 | - struct task_struct *child, unsigned int mode) | |
23 | + struct task_struct *child) | |
24 | { | |
25 | struct aa_task_context *cxt; | |
26 | int error = 0; | |
27 | @@ -207,6 +207,18 @@ static int apparmor_ptrace(struct task_s | |
28 | return error; | |
29 | } | |
30 | ||
31 | +static int apparmor_ptrace_may_access(struct task_struct *child, | |
32 | + unsigned int mode) | |
33 | +{ | |
34 | + return apparmor_ptrace(child->parent, child); | |
35 | +} | |
36 | + | |
37 | + | |
38 | +static int apparmor_ptrace_traceme(struct task_struct *parent) | |
39 | +{ | |
40 | + return apparmor_ptrace(parent, current); | |
41 | +} | |
42 | + | |
43 | static int apparmor_capable(struct task_struct *task, int cap) | |
44 | { | |
45 | int error; | |
46 | @@ -899,7 +911,8 @@ static int apparmor_task_setrlimit(unsig | |
47 | } | |
48 | ||
49 | struct security_operations apparmor_ops = { | |
50 | - .ptrace = apparmor_ptrace, | |
51 | + .ptrace_may_access = apparmor_ptrace_may_access, | |
52 | + .ptrace_traceme = apparmor_ptrace_traceme, | |
53 | .capget = cap_capget, | |
54 | .capset_check = cap_capset_check, | |
55 | .capset_set = cap_capset_set, |