[PATCH 3/3] UBUNTU: SAUCE: AppArmor: allow newer tools to load policy on older kernels
John Johansen
john.johansen at canonical.com
Wed Sep 15 17:16:06 UTC 2010
BugLink: http://bugs.launchpad.net/bugs/639758
Remove an unnecessary restriction from the AppArmor network capability patch.
When a newer version of the tools is used with an older kernel, it may build
in extra rules for newer networking protocols that the older kernel does
not know about.
The older kernel can safely ignore the extra rules as it should never
create sockets using the newer protocols.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy_unpack.c | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 6b0637b..ef11ba9 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -575,9 +575,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
size = unpack_array(e, "net_allowed_af");
if (size) {
- if (size > AF_MAX)
- goto fail;
-
for (i = 0; i < size; i++) {
if (!unpack_u16(e, &profile->net.allow[i], NULL))
goto fail;
--
1.7.1
More information about the kernel-team
mailing list