[GIT PULL][UTOPIC][GOLDFISH] AppArmor sync to apparmor3 - RC1 snapshot

Tyler Hicks tyhicks at canonical.com
Fri Sep 19 01:25:12 UTC 2014


This cleans up several functions over the alpha6 sync, and includes multiple
bug fixes. In addition it picks up
- new network mediation
- fine grained mediation of all unix socket types

While I've prepared the branch and pull request, it should be noted that John
Johansen authored nearly all of the code. We've written an extensive set of
unix socket tests for both the parser and the kernel mediation code. The
required userspace changes (parser, utilities, and policy) have already landed
in Utopic and have been tested with these kernel changes. Please see
LP: #1362199 for more information.

The individual, non-squashed patches can be found with the apparmor-3.RC1 tag
in git://kernel.ubuntu.com/jj/ubuntu-utopic.git

The following changes since commit 69dea1fc19b24fe4790ae195c08c82454c859a02:

  UBUNTU: Ubuntu-goldfish-3.4.0-4.21 (2014-09-03 12:38:01 -0700)

are available in the git repository at:

  git://kernel.ubuntu.com/tyhicks/ubuntu-utopic.git goldfish-aa3-backport

for you to fetch changes up to 1ad1285f1c8d5cc0e81a155b4a37a439e06ba697:

  UBUNTU: SAUCE: (no-up) apparmor: update configs for apparmor3 - RC1 (2014-09-18 17:20:03 -0500)

----------------------------------------------------------------
John Johansen (1):
      UBUNTU: SAUCE: (no-up) apparmor: Sync to apparmor3 - RC1 snapshot

Tyler Hicks (10):
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix disconnected bind mnts reconnection"
      Revert "UBUNTU: SAUCE: (no-up) apparmor fix: remove unused cxt var for unix_sendmsg"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: use custom write_is_locked macro"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix bug that constantly spam the console"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix apparmor refcount bug in apparmor_kill"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix refcount bug in apparmor pivotroot"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: fix apparmor spams log with warning message"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: update configs for apparmor 3 alpha 6"
      Revert "UBUNTU: SAUCE: (no-up) apparmor: Sync to apparmor 3 - alpha 6 snapshot"
      UBUNTU: SAUCE: (no-up) apparmor: update configs for apparmor3 - RC1

 security/apparmor/Makefile           |   9 +-
 security/apparmor/af_unix.c          | 632 +++++++++++++++++++++++++++++++++++
 security/apparmor/apparmorfs.c       | 115 +++++--
 security/apparmor/context.c          |   2 +-
 security/apparmor/domain.c           |  11 +-
 security/apparmor/file.c             | 142 +++++---
 security/apparmor/include/af_unix.h  | 121 +++++++
 security/apparmor/include/apparmor.h |   1 +
 security/apparmor/include/audit.h    |  12 +-
 security/apparmor/include/context.h  |  56 ++--
 security/apparmor/include/file.h     |   5 +-
 security/apparmor/include/label.h    |  62 +++-
 security/apparmor/include/net.h      |  62 +++-
 security/apparmor/include/path.h     |   3 +-
 security/apparmor/include/perms.h    |  82 ++---
 security/apparmor/include/policy.h   |  58 +++-
 security/apparmor/ipc.c              |  26 +-
 security/apparmor/label.c            | 380 ++++++++++++++++-----
 security/apparmor/lib.c              | 250 +++++++++++---
 security/apparmor/lsm.c              | 249 +++++++-------
 security/apparmor/mount.c            |  45 ++-
 security/apparmor/net.c              | 352 +++++++++++++++----
 security/apparmor/path.c             |  79 +++--
 security/apparmor/policy.c           |  49 ++-
 security/apparmor/policy_unpack.c    |  24 +-
 security/apparmor/procattr.c         |   2 +-
 26 files changed, 2249 insertions(+), 580 deletions(-)
 create mode 100644 security/apparmor/af_unix.c
 create mode 100644 security/apparmor/include/af_unix.h
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20140918/a2db7724/attachment.sig>


More information about the kernel-team mailing list