]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
projects / thirdparty / kernel / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1b5a619) | patch
apparmor: fix apparmor mediating locking non-fs unix sockets
authorJohn Johansen <john.johansen@canonical.com>
Sat, 7 May 2022 08:58:36 +0000 (01:58 -0700)
committerJohn Johansen <john.johansen@canonical.com>
Mon, 3 Oct 2022 21:49:03 +0000 (14:49 -0700)
commit1cf26c3d2c4c2098e39a9905174d7842b531e693
tree1296514bd9a116969e6b2dc2b936de582d430523tree | snapshot
parent1b5a6198f5a9d0aa5497da0dc4bcd4fc166ee516commit | diff
apparmor: fix apparmor mediating locking non-fs unix sockets

the v8 and earlier policy does not encode the locking permission for
no-fs unix sockets. However the kernel is enforcing mediation.

Add the AA_MAY_LOCK perm to v8 and earlier computed perm mask which will
grant permission for all current abi profiles, but still allow specifying
auditing of the operation if needed.

Link: http://bugs.launchpad.net/bugs/1780227
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/policy_unpack.c diff | blob | blame | history
A mirror of Linus' kernel repository