[PATCH][quantal] Revert "UBUNTU: SAUCE: (no-up) AppArmor: Disable Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs"
Andy Whitcroft
apw at canonical.com
Tue Aug 13 09:02:18 UTC 2013
On Mon, Aug 12, 2013 at 02:23:12PM -0700, John Johansen wrote:
> BugLink: http://bugs.launchpad.net/bugs/1202161
>
> Reverts commit c27debc6b9cc939ac6919074f4ed3c82cb745ca5 which was fixed in
> c29bceb3
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> security/apparmor/domain.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
> index 31a3f52..afa8671 100644
> --- a/security/apparmor/domain.c
> +++ b/security/apparmor/domain.c
> @@ -360,10 +360,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
> if (bprm->cred_prepared)
> return 0;
>
> - /* XXX: no_new_privs is not usable with AppArmor yet */
> - if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
> - return -EPERM;
> -
> cxt = bprm->cred->security;
> BUG_ON(!cxt);
>
Looks like we had this as a sauce patch, which also went upstream, and
then you fixed it (in 3.4-rc4), and we rebased and the sauce version
survived the
process?
Cirtainly it looks appropriate to remove this.
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list