[request-pull] [Zesty] misc apparmor fixes

John Johansen john.johansen at canonical.com
Wed Feb 1 09:19:19 UTC 2017 

The following changes since commit ed1c7a195b011bd5a5942966a721057fcf97cac5:

  UBUNTU: Ubuntu-4.9.0-12.13 (2017-01-09 12:21:59 -0700)

are available in the git repository at:

  git://kernel.ubuntu.com/jj/ubuntu-zesty.git 

for you to fetch changes up to 355b6b64438e1626d53c2783eae90e3645f95eba:

  UBUNTU: SAUCE: apparmor: flock mediation is not being enforced on cache check (2017-02-01 01:14:52 -0800)

----------------------------------------------------------------
John Johansen (14):
      UBUNTU: SAUCE: apparmor: fix cross ns perm of unix domain sockets
      UBUNTU: SAUCE: apparmor: fix replacement race in reading rawdata
      UBUNTU: SAUCE: apparmor: fix reference count bug in label_merge_insert()
      UBUNTU: SAUCE: apparmor: fix label leak when new label is unused
      UBUNTU: SAUCE: apparmor: Don't audit denied access of special apparmor .null file
      UBUNTU: SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails
      UBUNTU: SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails
      UBUNTU: SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode() fails
      UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count
      UBUNTU: SAUCE: apparmor: fix lock ordering for mkdir
      UBUNTU: SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked namespaces
      UBUNTU: SAUCE: apparmor: fix ns ref count link when removing profiles from policy
      UBUNTU: SAUCE: apparmor: null profiles should inherit parent control flags
      UBUNTU: SAUCE: apparmor: flock mediation is not being enforced on cache check

 include/linux/security.h              |  5 +-
 security/apparmor/af_unix.c           |  2 +-
 security/apparmor/apparmorfs.c        | 36 +++++++++-----
 security/apparmor/domain.c            | 92 ++++++++++++++++++++++-------------
 security/apparmor/file.c              | 13 +++--
 security/apparmor/include/policy_ns.h |  4 +-
 security/apparmor/label.c             | 24 +++++++--
 security/apparmor/lsm.c               |  3 ++
 security/apparmor/mount.c             |  1 +
 security/apparmor/policy.c            |  3 ++
 security/apparmor/policy_ns.c         |  8 +--
 security/inode.c                      |  5 ++
 12 files changed, 133 insertions(+), 63 deletions(-)

More information about the kernel-team mailing list