[SRU][X][PATCH 0/1] Provide AppArmor flag indicating binfmt_elf_mmap change
Steve Beattie
sbeattie at ubuntu.com
Thu May 30 01:26:55 UTC 2019
BugLink: http://bugs.launchpad.net/bugs/1830984
[Impact]
The upstream commit 9f834ec18def (binfmt_elf: switch to new creds when
switching to new mm) was backported to the 4.4.x xenial kernel series
to address CVE-2019-11190. However, the change introduces subtle
changes to apparmor policy, including in the apparmor regression tests.
[Fix]
Backport the corresponding change:
34c426acb75c apparmor: provide userspace flag indicating binfmt_elf_mmap change
to apparmor's securityfs features tree to add a flag indicating the
different semantic requirements around mmap() for user space tools.
[Test Case]
Ensure that /sys/kernel/security/apparmor/features/domain/fix_binfmt_elf_mmap
exists and contains "yes"
[Regression Risk]
Low, introduces a new file in the apparmor securityfs filesystem, no
other kernel side behavioral changes.
John Johansen (1):
apparmor: provide userspace flag indicating binfmt_elf_mmap change
security/apparmor/apparmorfs.c | 1 +
1 file changed, 1 insertion(+)
--
2.20.1
More information about the kernel-team
mailing list