[apparmor] [PATCH 07/16] apparmor: internal paths should be treated as disconnected
Seth Arnold
seth.arnold at canonical.com
Wed Apr 27 22:58:56 UTC 2016
On Wed, Apr 20, 2016 at 11:52:49PM -0700, John Johansen wrote:
> Internal mounts are not mounted anywhere and as such should be treated
> as disconnected paths.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> security/apparmor/path.c | 63 +++++++++++++++++++++++++++---------------------
> 1 file changed, 35 insertions(+), 28 deletions(-)
>
> diff --git a/security/apparmor/path.c b/security/apparmor/path.c
> index bb2f2c6..6b6ab22 100644
> --- a/security/apparmor/path.c
> +++ b/security/apparmor/path.c
> @@ -25,7 +25,6 @@
> #include "include/path.h"
> #include "include/policy.h"
>
> -
> /* modified from dcache.c */
> static int prepend(char **buffer, int buflen, const char *str, int namelen)
> {
> @@ -39,6 +38,37 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
>
> #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT)
>
> +/* If the path is not connected to the expected root,
> + * check if it is a sysctl and handle specially else remove any
> + * leading / that __d_path may have returned.
> + * Unless
> + * specifically directed to connect the path,
> + * OR
> + * if in a chroot and doing chroot relative paths and the path
> + * resolves to the namespace root (would be connected outside
> + * of chroot) and specifically directed to connect paths to
> + * namespace root.
> + */
> +static int disconnect(struct path *path, char *buf, char **name, int flags)
> +{
> + int error = 0;
> +
> + if (!(flags & PATH_CONNECT_PATH) &&
> + !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
> + our_mnt(path->mnt))) {
> + /* disconnected path, don't return pathname starting
> + * with '/'
> + */
> + error = -EACCES;
> + if (**name == '/')
> + *name = *name + 1;
> + } else if (**name != '/')
> + /* CONNECT_PATH with missing root */
> + error = prepend(name, *name - buf, "/", 1);
> +
> + return error;
> +}
> +
> /**
> * d_namespace_path - lookup a name associated with a given path
> * @path: path to lookup (NOT NULL)
> @@ -74,7 +104,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
> * control instead of hard coded /proc
> */
> return prepend(name, *name - buf, "/proc", 5);
> - }
> + } else
> + return disconnect(path, buf, name, flags);
> return 0;
> }
>
> @@ -120,32 +151,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
> goto out;
> }
>
> - /* If the path is not connected to the expected root,
> - * check if it is a sysctl and handle specially else remove any
> - * leading / that __d_path may have returned.
> - * Unless
> - * specifically directed to connect the path,
> - * OR
> - * if in a chroot and doing chroot relative paths and the path
> - * resolves to the namespace root (would be connected outside
> - * of chroot) and specifically directed to connect paths to
> - * namespace root.
> - */
> - if (!connected) {
> - if (!(flags & PATH_CONNECT_PATH) &&
> - !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
> - our_mnt(path->mnt))) {
> - /* disconnected path, don't return pathname starting
> - * with '/'
> - */
> - error = -EACCES;
> - if (*res == '/')
> - *name = res + 1;
> - } else if (*res != '/')
> - /* CONNECT_PATH with missing root */
> - error = prepend(name, *name - buf, "/", 1);
> -
> - }
> + if (!connected)
> + error = disconnect(path, buf, name, flags);
>
> out:
> return error;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160427/d40f0754/attachment.pgp>
More information about the AppArmor
mailing list