[PATCH 3/3] UBUNTU: SAUCE: AppArmor: allow newer tools to load policyon older kernels
John Johansen
john.johansen at canonical.com
Thu Sep 16 11:41:19 UTC 2010
On 09/15/2010 02:41 PM, Tetsuo Handa wrote:
> John Johansen wrote:
>> security/apparmor/policy_unpack.c | 3 ---
>> 1 files changed, 0 insertions(+), 3 deletions(-)
>>
>> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
>> index 6b0637b..ef11ba9 100644
>> --- a/security/apparmor/policy_unpack.c
>> +++ b/security/apparmor/policy_unpack.c
>> @@ -575,9 +575,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
>>
>> size = unpack_array(e, "net_allowed_af");
>> if (size) {
>> - if (size > AF_MAX)
>> - goto fail;
>> -
>> for (i = 0; i < size; i++) {
>> if (!unpack_u16(e, &profile->net.allow[i], NULL))
>
> If this patch changes to accept size > AF_MAX , this patch should change
> to allocate net.allow[size] rather than net.allow[AF_MAX] .
>
>> goto fail;
yes it should, I did make that change but it looks like I didn't push it
to the remote repo from which I pulled :(
thanks Tetsuo
More information about the kernel-team
mailing list