[SRU][Jammy][PULL] apparmor: add fine grained posix mqueue mediation

John Johansen john.johansen at canonical.com
Thu Dec 14 00:30:00 UTC 2023 

This pull request (2 commits) backports apparmor mqueue mediation to the 5.15 kernel, as
this has been requested by customers.

     BugLink: https://bugs.launchpad.net/bugs/2045384

Note: this patche set is present in Ubuntu 22.10, 23.04, 23.10 kernels and the SRU for
the apparmor userspace to support this feature via HWE kernels have already been done in
     https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1993353

The following changes since commit 47b1356c95e2b0281f0bf4a45b0604ecadea2f14:

   selftests/ftrace: Stop tracing while reading the trace file by default (2023-12-01 11:08:18 +0100)

are available in the Git repository at:

   https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next tags/apparmor-jammy-mqueue-sru-12.13.23

for you to fetch changes up to 0e16b6045859b35ed0403769604a66c0385df79b:

   UBUNTU: SAUCE: (no-up) apparmor: Add fine grained mediation of posix mqueues (2023-12-13 15:53:17 -0800)

----------------------------------------------------------------
patches necessary to SRU mqueue mediation to jammy (22.04) 5.15 kernel.

Note: backport of mqueue feature required resolving merge conflicts
because apparmor: move ptrace mediation to more logical task.{h,c} was
not picked.

----------------------------------------------------------------
John Johansen (2):
       UBUNTU: SAUCE: (no-up) apparmor: reserve mediation classes
       UBUNTU: SAUCE: (no-up) apparmor: Add fine grained mediation of posix mqueues

  security/apparmor/apparmorfs.c       |   7 ++
  security/apparmor/file.c             |  60 ++++++++++-
  security/apparmor/include/apparmor.h |  10 +-
  security/apparmor/include/audit.h    |   4 +
  security/apparmor/include/inode.h    |  42 ++++++++
  security/apparmor/include/ipc.h      |  56 +++++++++++
  security/apparmor/include/perms.h    |   9 ++
  security/apparmor/ipc.c              | 104 +++++++++++++++++++
  security/apparmor/lib.c              |  38 ++++---
  security/apparmor/lsm.c              | 190 ++++++++++++++++++++++++++++++++++-
  10 files changed, 500 insertions(+), 20 deletions(-)
  create mode 100644 security/apparmor/include/inode.h

More information about the kernel-team mailing list