ACK/Cmnt: [SRU][Jammy][PULL] apparmor: add fine grained posix mqueue mediation

Stefan Bader stefan.bader at canonical.com
Tue Jan 9 08:31:18 UTC 2024 

On 14.12.23 01:30, John Johansen wrote:
> This pull request (2 commits) backports apparmor mqueue mediation to the 
> 5.15 kernel, as
> this has been requested by customers.
> 
>      BugLink: https://bugs.launchpad.net/bugs/2045384
> 
> Note: this patche set is present in Ubuntu 22.10, 23.04, 23.10 kernels 
> and the SRU for
> the apparmor userspace to support this feature via HWE kernels have 
> already been done in
>      https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1993353
> 
> The following changes since commit 
> 47b1356c95e2b0281f0bf4a45b0604ecadea2f14:
> 
>    selftests/ftrace: Stop tracing while reading the trace file by 
> default (2023-12-01 11:08:18 +0100)
> 
> are available in the Git repository at:
> 
>    https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next 
> tags/apparmor-jammy-mqueue-sru-12.13.23
> 
> for you to fetch changes up to 0e16b6045859b35ed0403769604a66c0385df79b:
> 
>    UBUNTU: SAUCE: (no-up) apparmor: Add fine grained mediation of posix 
> mqueues (2023-12-13 15:53:17 -0800)
> 
> ----------------------------------------------------------------
> patches necessary to SRU mqueue mediation to jammy (22.04) 5.15 kernel.
> 
> Note: backport of mqueue feature required resolving merge conflicts
> because apparmor: move ptrace mediation to more logical task.{h,c} was
> not picked.
> 
> ----------------------------------------------------------------
> John Johansen (2):
>        UBUNTU: SAUCE: (no-up) apparmor: reserve mediation classes
>        UBUNTU: SAUCE: (no-up) apparmor: Add fine grained mediation of 
> posix mqueues
> 
>   security/apparmor/apparmorfs.c       |   7 ++
>   security/apparmor/file.c             |  60 ++++++++++-
>   security/apparmor/include/apparmor.h |  10 +-
>   security/apparmor/include/audit.h    |   4 +
>   security/apparmor/include/inode.h    |  42 ++++++++
>   security/apparmor/include/ipc.h      |  56 +++++++++++
>   security/apparmor/include/perms.h    |   9 ++
>   security/apparmor/ipc.c              | 104 +++++++++++++++++++
>   security/apparmor/lib.c              |  38 ++++---
>   security/apparmor/lsm.c              | 190 
> ++++++++++++++++++++++++++++++++++-
>   10 files changed, 500 insertions(+), 20 deletions(-)
>   create mode 100644 security/apparmor/include/inode.h
> 

The changes seem to mostly add functionality and only adjust internal 
code flow. So at least external interfaces will remain unchanged. This 
and given it is in later series already:

Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240109/91297a7a/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240109/91297a7a/attachment-0001.sig>

More information about the kernel-team mailing list