APPLIED: [SRU][Jammy][PULL] apparmor: add fine grained posix mqueue mediation

Roxana Nicolescu roxana.nicolescu at canonical.com
Tue Jan 9 09:12:45 UTC 2024 

On 14/12/2023 01:30, John Johansen wrote:
> This pull request (2 commits) backports apparmor mqueue mediation to 
> the 5.15 kernel, as
> this has been requested by customers.
>
>     BugLink: https://bugs.launchpad.net/bugs/2045384
>
> Note: this patche set is present in Ubuntu 22.10, 23.04, 23.10 kernels 
> and the SRU for
> the apparmor userspace to support this feature via HWE kernels have 
> already been done in
> https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1993353
>
> The following changes since commit 
> 47b1356c95e2b0281f0bf4a45b0604ecadea2f14:
>
>   selftests/ftrace: Stop tracing while reading the trace file by 
> default (2023-12-01 11:08:18 +0100)
>
> are available in the Git repository at:
>
>   https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next 
> tags/apparmor-jammy-mqueue-sru-12.13.23
>
> for you to fetch changes up to 0e16b6045859b35ed0403769604a66c0385df79b:
>
>   UBUNTU: SAUCE: (no-up) apparmor: Add fine grained mediation of posix 
> mqueues (2023-12-13 15:53:17 -0800)
>
> ----------------------------------------------------------------
> patches necessary to SRU mqueue mediation to jammy (22.04) 5.15 kernel.
>
> Note: backport of mqueue feature required resolving merge conflicts
> because apparmor: move ptrace mediation to more logical task.{h,c} was
> not picked.
>
> ----------------------------------------------------------------
> John Johansen (2):
>       UBUNTU: SAUCE: (no-up) apparmor: reserve mediation classes
>       UBUNTU: SAUCE: (no-up) apparmor: Add fine grained mediation of 
> posix mqueues
>
>  security/apparmor/apparmorfs.c       |   7 ++
>  security/apparmor/file.c             |  60 ++++++++++-
>  security/apparmor/include/apparmor.h |  10 +-
>  security/apparmor/include/audit.h    |   4 +
>  security/apparmor/include/inode.h    |  42 ++++++++
>  security/apparmor/include/ipc.h      |  56 +++++++++++
>  security/apparmor/include/perms.h    |   9 ++
>  security/apparmor/ipc.c              | 104 +++++++++++++++++++
>  security/apparmor/lib.c              |  38 ++++---
>  security/apparmor/lsm.c              | 190 
> ++++++++++++++++++++++++++++++++++-
>  10 files changed, 500 insertions(+), 20 deletions(-)
>  create mode 100644 security/apparmor/include/inode.h
>
Applied to jammy master-next branch. Thanks!

More information about the kernel-team mailing list