Fix oinkmaster patch.

[ipfire-2.x.git] / src / patches / suse-2.6.27.39 / patches.apparmor / apparmor-ptrace-2.6.27.diff

From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor: use new ptrace security_operations

 This patch implements the new ptrace security_operations members.

 ->ptrace was changed to ->ptrace_may_access and ->ptrace_traceme.

 The apparmor versions are really just wrappers for the old function.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>

---
 security/apparmor/lsm.c |   17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -158,7 +158,7 @@ static int aa_reject_syscall(struct task
 }
 
 static int apparmor_ptrace(struct task_struct *parent,
-                          struct task_struct *child, unsigned int mode)
+                          struct task_struct *child)
 {
        struct aa_task_context *cxt;
        int error = 0;
@@ -207,6 +207,18 @@ static int apparmor_ptrace(struct task_s
        return error;
 }
 
+static int apparmor_ptrace_may_access(struct task_struct *child,
+                                     unsigned int mode)
+{
+       return apparmor_ptrace(child->parent, child);
+}
+
+
+static int apparmor_ptrace_traceme(struct task_struct *parent)
+{
+       return apparmor_ptrace(parent, current);
+}
+
 static int apparmor_capable(struct task_struct *task, int cap)
 {
        int error;
@@ -899,7 +911,8 @@ static int apparmor_task_setrlimit(unsig
 }
 
 struct security_operations apparmor_ops = {
-       .ptrace =                       apparmor_ptrace,
+       .ptrace_may_access =            apparmor_ptrace_may_access,
+       .ptrace_traceme =               apparmor_ptrace_traceme,
        .capget =                       cap_capget,
        .capset_check =                 cap_capset_check,
        .capset_set =                   cap_capset_set,