UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/security/apparmor/include
History
John Johansen 96af45154a apparmor: Fix regression in mount mediation 
[ Upstream commit 157a3537d6bc28ceb9a11fc8cb67f2152d860146 ]

commit 2db154b3ea ("vfs: syscall: Add move_mount(2) to move mounts around")

introduced a new move_mount(2) system call and a corresponding new LSM
security_move_mount hook but did not implement this hook for any
existing LSM. This creates a regression for AppArmor mediation of
mount. This patch provides a base mapping of the move_mount syscall to
the existing mount mediation. In the future we may introduce
additional mediations around the new mount calls.

Fixes: 2db154b3ea ("vfs: syscall: Add move_mount(2) to move mounts around")
CC: stable@vger.kernel.org
Reported-by: Andreas Steinmetz <anstein99@googlemail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-11-28 17:20:07 +00:00
..
apparmor.h apparmor: Fix undefined references to zstd_ symbols 2022-10-03 14:49:04 -07:00
apparmorfs.h apparmor: make export of raw binary profile to userspace optional 2022-07-09 15:13:59 -07:00
audit.h apparmor: pass cred through to audit info. 2023-11-28 17:20:07 +00:00
capability.h apparmor: pass cred through to audit info. 2023-11-28 17:20:07 +00:00
cred.h apparmor: Simplify obtain the newest label on a cred 2022-10-03 14:49:04 -07:00
crypto.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
domain.h apparmor: extend permissions to support a label and tag string 2022-10-03 14:49:03 -07:00
file.h apparmor: pass cred through to audit info. 2023-11-28 17:20:07 +00:00
ipc.h apparmor: pass cred through to audit info. 2023-11-28 17:20:07 +00:00
label.h apparmor: refactor profile rules and attachments 2022-10-03 14:49:04 -07:00
lib.h apparmor: Free up __cleanup() name 2023-06-26 11:14:18 +02:00
match.h apparmor: preparse for state being more than just an integer 2022-10-03 14:49:03 -07:00
mount.h apparmor: Fix regression in mount mediation 2023-11-28 17:20:07 +00:00
net.h apparmor: pass cred through to audit info. 2023-11-28 17:20:07 +00:00
path.h apparmor: allow label to carry debug flags 2022-07-19 02:55:45 -07:00
perms.h apparmor: combine common_audit_data and apparmor_audit_data 2023-11-28 17:20:07 +00:00
policy.h apparmor: pass cred through to audit info. 2023-11-28 17:20:07 +00:00
policy_compat.h apparmor: isolate policy backwards compatibility to its own file 2022-10-03 14:49:03 -07:00
policy_ns.h apparmor: add a kernel label to use on kernel objects 2022-07-13 16:37:21 -07:00
policy_unpack.h + Features 2022-12-14 13:42:09 -08:00
procattr.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
resource.h apparmor: pass cred through to audit info. 2023-11-28 17:20:07 +00:00
secid.h apparmor: disable showing the mode as part of a secid to secctx 2022-07-13 17:18:29 -07:00
sig_names.h apparmor: audit unknown signal numbers 2018-02-09 11:30:01 -08:00
task.h apparmor: pass cred through to audit info. 2023-11-28 17:20:07 +00:00