[apparmor] [PATCH 15/16] AppArmor: Add mount information to apparmorfs

John Johansen john.johansen at canonical.com
Wed Feb 22 17:10:40 UTC 2012


Update the apparmorfs introspection interface to reflect that mount rules
are available.  As part of this change the namespace entry from a binary
file to a directory so it can store interface information for operations
that affect the namespace like pivot_root.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 security/apparmor/apparmorfs.c |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 0cbbfab..d30aa11 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -429,11 +429,22 @@ static struct aa_fs_entry aa_fs_entry_network[] = {
 	{ }
 };
 
+static struct aa_fs_entry aa_fs_entry_mount[] = {
+	AA_FS_FILE_STRING("mask", "mount umount"),
+	{ }
+};
+
+static struct aa_fs_entry aa_fs_entry_namespaces[] = {
+	AA_FS_FILE_BOOLEAN("profile",		1),
+	AA_FS_FILE_BOOLEAN("pivot_root",	1),
+};
+
 static struct aa_fs_entry aa_fs_entry_features[] = {
 	AA_FS_DIR("domain",			aa_fs_entry_domain),
 	AA_FS_DIR("file",			aa_fs_entry_file),
+	AA_FS_DIR("mount",			aa_fs_entry_mount),
 	AA_FS_DIR("network",			aa_fs_entry_network),
-	AA_FS_FILE_BOOLEAN("namespaces",	1),
+	AA_FS_DIR("namespaces",			aa_fs_entry_namespaces),
 	AA_FS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
 	AA_FS_DIR("rlimit",			aa_fs_entry_rlimit),
 	{ }
-- 
1.7.9




More information about the AppArmor mailing list