[people/pmueller/ipfire-2.x.git] / src / patches / suse-2.6.27.31 / patches.apparmor / apparmor-ptrace-2.6.27.diff

From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor: use new ptrace security_operations

 This patch implements the new ptrace security_operations members.

 ->ptrace was changed to ->ptrace_may_access and ->ptrace_traceme.

 The apparmor versions are really just wrappers for the old function.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>

---
 security/apparmor/lsm.c |   17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -158,7 +158,7 @@ static int aa_reject_syscall(struct task
 }
 
 static int apparmor_ptrace(struct task_struct *parent,
-			   struct task_struct *child, unsigned int mode)
+			   struct task_struct *child)
 {
 	struct aa_task_context *cxt;
 	int error = 0;
@@ -207,6 +207,18 @@ static int apparmor_ptrace(struct task_s
 	return error;
 }
 
+static int apparmor_ptrace_may_access(struct task_struct *child,
+				      unsigned int mode)
+{
+	return apparmor_ptrace(child->parent, child);
+}
+
+
+static int apparmor_ptrace_traceme(struct task_struct *parent)
+{
+	return apparmor_ptrace(parent, current);
+}
+
 static int apparmor_capable(struct task_struct *task, int cap)
 {
 	int error;
@@ -899,7 +911,8 @@ static int apparmor_task_setrlimit(unsig
 }
 
 struct security_operations apparmor_ops = {
-	.ptrace =			apparmor_ptrace,
+	.ptrace_may_access =		apparmor_ptrace_may_access,
+	.ptrace_traceme =		apparmor_ptrace_traceme,
 	.capget =			cap_capget,
 	.capset_check =			cap_capset_check,
 	.capset_set =			cap_capset_set,
Commit	Line	Data
6a930a95 BS	1	From: Jeff Mahoney <jeffm@suse.com>
	2	Subject: apparmor: use new ptrace security_operations
	3
	4	This patch implements the new ptrace security_operations members.
	5
	6	->ptrace was changed to ->ptrace_may_access and ->ptrace_traceme.
	7
	8	The apparmor versions are really just wrappers for the old function.
	9
	10	Signed-off-by: Jeff Mahoney <jeffm@suse.com>
	11
	12	---
	13	security/apparmor/lsm.c \| 17 +++++++++++++++--
	14	1 file changed, 15 insertions(+), 2 deletions(-)
	15
	16	--- a/security/apparmor/lsm.c
	17	+++ b/security/apparmor/lsm.c
	18	@@ -158,7 +158,7 @@ static int aa_reject_syscall(struct task
	19	}
	20
	21	static int apparmor_ptrace(struct task_struct *parent,
	22	- struct task_struct *child, unsigned int mode)
	23	+ struct task_struct *child)
	24	{
	25	struct aa_task_context *cxt;
	26	int error = 0;
	27	@@ -207,6 +207,18 @@ static int apparmor_ptrace(struct task_s
	28	return error;
	29	}
	30
	31	+static int apparmor_ptrace_may_access(struct task_struct *child,
	32	+ unsigned int mode)
	33	+{
	34	+ return apparmor_ptrace(child->parent, child);
	35	+}
	36	+
	37	+
	38	+static int apparmor_ptrace_traceme(struct task_struct *parent)
	39	+{
	40	+ return apparmor_ptrace(parent, current);
	41	+}
	42	+
	43	static int apparmor_capable(struct task_struct *task, int cap)
	44	{
	45	int error;
	46	@@ -899,7 +911,8 @@ static int apparmor_task_setrlimit(unsig
	47	}
	48
	49	struct security_operations apparmor_ops = {
	50	- .ptrace = apparmor_ptrace,
	51	+ .ptrace_may_access = apparmor_ptrace_may_access,
	52	+ .ptrace_traceme = apparmor_ptrace_traceme,
	53	.capget = cap_capget,
	54	.capset_check = cap_capset_check,
	55	.capset_set = cap_capset_set,