[Patch 0/14] [Yakkety] misc fixes for apparmor

John Johansen john.johansen at canonical.com
Wed Feb 1 09:12:56 UTC 2017


The following patch sequence fixes various out bugs in apparmor in
yakkety.

The patch sequence is also available via the following pull request


The following changes since commit 54329dadde7c14dd194e58c1676be8f3b2144332:

  UBUNTU: Ubuntu-4.8.0-34.36 (2016-12-21 16:30:49 +0000)

are available in the git repository at:

  git://kernel.ubuntu.com/jj/ubuntu-yakkety.git master

for you to fetch changes up to 8ce7ef90c2e8476afeeb2b5c1f39ba3c6aea7891:

  UBUNTU: SAUCE: apparmor: flock mediation is not being enforced on cache check (2017-02-01 01:09:00 -0800)

----------------------------------------------------------------
John Johansen (14):
      UBUNTU: SAUCE: apparmor: fix cross ns perm of unix domain sockets
      UBUNTU: SAUCE: apparmor: fix replacement race in reading rawdata
      UBUNTU: SAUCE: apparmor: fix reference count bug in label_merge_insert()
      UBUNTU: SAUCE: apparmor: fix label leak when new label is unused
      UBUNTU: SAUCE: apparmor: Don't audit denied access of special apparmor .null file
      UBUNTU: SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails
      UBUNTU: SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails
      UBUNTU: SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode() fails
      UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count
      UBUNTU: SAUCE: apparmor: fix lock ordering for mkdir
      UBUNTU: SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked namespaces
      UBUNTU: SAUCE: apparmor: fix ns ref count link when removing profiles from policy
      UBUNTU: SAUCE: apparmor: null profiles should inherit parent control flags
      UBUNTU: SAUCE: apparmor: flock mediation is not being enforced on cache check

 include/linux/security.h              |  5 +-
 security/apparmor/af_unix.c           |  2 +-
 security/apparmor/apparmorfs.c        | 36 +++++++++-----
 security/apparmor/domain.c            | 92 ++++++++++++++++++++++-------------
 security/apparmor/file.c              | 13 +++--
 security/apparmor/include/policy_ns.h |  4 +-
 security/apparmor/label.c             | 24 +++++++--
 security/apparmor/lsm.c               |  3 ++
 security/apparmor/mount.c             |  1 +
 security/apparmor/policy.c            |  3 ++
 security/apparmor/policy_ns.c         |  8 +--
 security/inode.c                      |  5 ++
 12 files changed, 133 insertions(+), 63 deletions(-)





More information about the kernel-team mailing list