[apparmor] [PATCH 15/16] AppArmor: Add mount information to apparmorfs
John Johansen
john.johansen at canonical.com
Wed Feb 22 17:10:40 UTC 2012
Update the apparmorfs introspection interface to reflect that mount rules
are available. As part of this change the namespace entry from a binary
file to a directory so it can store interface information for operations
that affect the namespace like pivot_root.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/apparmorfs.c | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 0cbbfab..d30aa11 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -429,11 +429,22 @@ static struct aa_fs_entry aa_fs_entry_network[] = {
{ }
};
+static struct aa_fs_entry aa_fs_entry_mount[] = {
+ AA_FS_FILE_STRING("mask", "mount umount"),
+ { }
+};
+
+static struct aa_fs_entry aa_fs_entry_namespaces[] = {
+ AA_FS_FILE_BOOLEAN("profile", 1),
+ AA_FS_FILE_BOOLEAN("pivot_root", 1),
+};
+
static struct aa_fs_entry aa_fs_entry_features[] = {
AA_FS_DIR("domain", aa_fs_entry_domain),
AA_FS_DIR("file", aa_fs_entry_file),
+ AA_FS_DIR("mount", aa_fs_entry_mount),
AA_FS_DIR("network", aa_fs_entry_network),
- AA_FS_FILE_BOOLEAN("namespaces", 1),
+ AA_FS_DIR("namespaces", aa_fs_entry_namespaces),
AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
{ }
--
1.7.9
More information about the AppArmor
mailing list