[apparmor] [patch] libapparmor: aa_query_label symbol versioning

Steve Beattie steve at nxnw.org
Fri Feb 28 21:46:30 UTC 2014 

In the course of developing apparmor dbus mediation, the aa_query_label
symbol was added to libapparmor on trunk, and given the symbol version
(via libapparmor.map) of APPARMOR_3.0. As apparmor upstream, we have
not made a release where this would have been exported.

Unfortunately, in Ubuntu, a version was released in 13.10 that included
the aa_query_label() symbol with a version of APPARMOR_1.1. This
can cause a breakage on that platform with the incorporation of the
impending apparmor 2.9 release.

Given that no other version of this symbol should exist anywhere,
one solution to this is to simply re-version the symbol to match the
version used in Ubuntu. The first patch I've attached does this,
as well as adding a comment on where to add symbols, as well as
re-versioning the APPARMOR_3.0 section to APPARMOR_2.9 (but there
are no other symbols there, so it's a bit of a no-op section).

A slightly more invasive but conservative solution is to provide both
versions (APPARMOR_1.1 and APPARMOR_3.0) of the aa_query_label()
symbol. It requires the function name in kernel_interface.c to
be renamed (similar to how the deprecated change_hat() symbol is
named in the source as __change_hat()), otherwise linking fails
with duplicated symbols. The default symbol used will still be the
APPARMOR_3.0 version, but binaries linked with the APPARMOR_1.1 version
would still continue to work unchanged. Keeping the (misleading)
APPARMOR_3.0 version would prevent breaking anyone currently using
a snapshot of trunk. This is the second patch attached.

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libapparmor-adjust_symbol_map.patch
Type: text/x-diff
Size: 1025 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140228/f33b9252/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libapparmor-adjust_symbol_map-more_invasive_version.patch
Type: text/x-diff
Size: 2043 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140228/f33b9252/attachment-0003.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140228/f33b9252/attachment-0001.pgp>

More information about the AppArmor mailing list