apparmor: advertise the tcp fast open fix is applied

The fix for tcp-fast-open ensures that the connect permission is being
mediated correctly but it didn't add an artifact to the feature set to
advertise the fix is available. Add an artifact so that the test suite
can identify if the fix has not been properly applied or a new
unexpected regression has occurred.

Fixes: 4d587cd8a7215 ("apparmor: mediate the implicit connect of TCP fast open sendmsg")
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index df9cb7c00cac8b6c72cdb13d4eb86adb248fbcfc..cf590dd08540c84f4f7f7498211b116982d21023 100644 (file)
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -22,12 +22,14 @@
 
 struct aa_sfs_entry aa_sfs_entry_network[] = {
        AA_SFS_FILE_STRING("af_mask",   AA_SFS_AF_MASK),
+       AA_SFS_FILE_BOOLEAN("tcp-fast-open",            1),
        { }
 };
 
 struct aa_sfs_entry aa_sfs_entry_networkv9[] = {
        AA_SFS_FILE_STRING("af_mask",   AA_SFS_AF_MASK),
        AA_SFS_FILE_BOOLEAN("af_unix",  1),
+       AA_SFS_FILE_BOOLEAN("tcp-fast-open",            1),
        { }
 };