git.ipfire.org Git - people/ms/linux.git/commit

author	John Johansen <john.johansen@canonical.com>
	Tue, 12 Dec 2017 23:28:05 +0000 (15:28 -0800)
committer	John Johansen <john.johansen@canonical.com>
	Fri, 9 Feb 2018 19:30:02 +0000 (11:30 -0800)
commit	73f488cd903938e78979d50e081a0314ad142351
tree	e50e4e5198006f8c6d43a369a45f08dfd3b7a4ba	tree \| snapshot
parent	8e51f9087f4024d20f70f4d9831e1f45d8088331	commit \| diff

apparmor: convert attaching profiles via xattrs to use dfa matching

This converts profile attachment based on xattrs to a fixed extended
conditional using dfa matching.

This has a couple of advantages
- pattern matching can be used for the xattr match

- xattrs can be optional for an attachment or marked as required

- the xattr attachment conditional will be able to be combined with
other extended conditionals when the flexible extended conditional
work lands.

The xattr fixed extended conditional is appended to the xmatch
conditional. If an xattr attachment is specified the profile xmatch
will be generated regardless of whether there is a pattern match on
the executable name.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>

security/apparmor/apparmorfs.c		diff \| blob \| blame \| history
security/apparmor/domain.c		diff \| blob \| blame \| history
security/apparmor/include/policy.h		diff \| blob \| blame \| history
security/apparmor/policy.c		diff \| blob \| blame \| history
security/apparmor/policy_unpack.c		diff \| blob \| blame \| history