Revert "Disable build of xen kernel."

[people/pmueller/ipfire-2.x.git] / src / patches / suse-2.6.27.31 / patches.apparmor / apparmor-2.6.25.diff

From: John Johansen <jjohansen@suse.de>
Subject: AppArmor: Patch AppArmor for 2.6.25 kernel

Add 64 bit capabilities support to AppArmor.

Signed-off-by: John Johansen <jjohansen@suse.de>

---
 security/apparmor/module_interface.c |   22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -395,15 +395,29 @@ static struct aa_profile *aa_unpack_prof
        if (!aa_is_nameX(e, AA_STRUCTEND, NULL))
                goto fail;
 
-       if (!aa_is_u32(e, &(profile->capabilities), NULL))
+       if (!aa_is_u32(e, &(profile->capabilities.cap[0]), NULL))
                goto fail;
-       if (!aa_is_u32(e, &(profile->audit_caps), NULL))
+       if (!aa_is_u32(e, &(profile->audit_caps.cap[0]), NULL))
                goto fail;
-       if (!aa_is_u32(e, &(profile->quiet_caps), NULL))
+       if (!aa_is_u32(e, &(profile->quiet_caps.cap[0]), NULL))
                goto fail;
-       if (!aa_is_u32(e, &(profile->set_caps), NULL))
+       if (!aa_is_u32(e, &(profile->set_caps.cap[0]), NULL))
                goto fail;
 
+       if (aa_is_nameX(e, AA_STRUCT, "caps64")) {
+               /* optional upper half of 64 bit caps */
+               if (!aa_is_u32(e, &(profile->capabilities.cap[1]), NULL))
+                       goto fail;
+               if (!aa_is_u32(e, &(profile->audit_caps.cap[1]), NULL))
+                       goto fail;
+               if (!aa_is_u32(e, &(profile->quiet_caps.cap[1]), NULL))
+                       goto fail;
+               if (!aa_is_u32(e, &(profile->set_caps.cap[1]), NULL))
+                       goto fail;
+               if (!aa_is_nameX(e, AA_STRUCTEND, NULL))
+                       goto fail;
+       }
+
        if (!aa_unpack_rlimits(e, profile))
                goto fail;