[PATCH 1/2] AppArmor: compatibility patch for v5 network controll
Tetsuo Handa
from-ubuntu at I-love.SAKURA.ne.jp
Mon Nov 1 21:36:05 UTC 2010
John Johansen wrote:
> +struct aa_net {
> + u16 allow[AF_MAX];
> + u16 audit[AF_MAX];
> + u16 quiet[AF_MAX];
> +};
> @@ -559,6 +573,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
> if (!unpack_rlimits(e, profile))
> goto fail;
>
> + size = unpack_array(e, "net_allowed_af");
> + if (size) {
> +
> + for (i = 0; i < size; i++) {
> + /* discard extraneous rules that this kernel will
> + * never request
> + */
> + if (i > AF_MAX) {
Please (i >= AF_MAX).
> + u16 tmp;
> + if (!unpack_u16(e, &tmp, NULL) ||
> + !unpack_u16(e, &tmp, NULL) ||
> + !unpack_u16(e, &tmp, NULL))
> + goto fail;
> + continue;
> + }
> + if (!unpack_u16(e, &profile->net.allow[i], NULL))
> + goto fail;
> + if (!unpack_u16(e, &profile->net.audit[i], NULL))
> + goto fail;
> + if (!unpack_u16(e, &profile->net.quiet[i], NULL))
> + goto fail;
> + }
More information about the kernel-team
mailing list