[PATCH 7/8] apparmor: allow specifying an already created dir to create ns entries in

John Johansen john.johansen at canonical.com
Thu May 25 15:32:24 UTC 2017


Signed-off-by: John Johansen <john.johansen at canonical.com>
Reviewed-by: Seth Arnold <seth.arnold at canonical.com>
Reviewed-by: Kees Cook <keescook at chromium.org>
---
 security/apparmor/apparmorfs.c         | 9 +++++----
 security/apparmor/include/apparmorfs.h | 4 ++--
 security/apparmor/policy_ns.c          | 2 +-
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 74c3bfd1af8d..f45aeb77e1f0 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1338,11 +1338,12 @@ static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
 /*
  * Requires: @ns->lock held
  */
-int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name)
+int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
+		    struct dentry *dent)
 {
 	struct aa_ns *sub;
 	struct aa_profile *child;
-	struct dentry *dent, *dir;
+	struct dentry *dir;
 	int error;
 
 	AA_BUG(!ns);
@@ -1372,7 +1373,7 @@ int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name)
 	/* subnamespaces */
 	list_for_each_entry(sub, &ns->sub_ns, base.list) {
 		mutex_lock(&sub->lock);
-		error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL);
+		error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
 		mutex_unlock(&sub->lock);
 		if (error)
 			goto fail2;
@@ -1928,7 +1929,7 @@ static int __init aa_create_aafs(void)
 	ns_subremove(root_ns) = dent;
 
 	mutex_lock(&root_ns->lock);
-	error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy");
+	error = __aafs_ns_mkdir(root_ns, aa_sfs_entry.dentry, "policy", NULL);
 	mutex_unlock(&root_ns->lock);
 
 	if (error)
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index bcad87740cb6..071a59a1f056 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -112,8 +112,8 @@ void __aafs_profile_migrate_dents(struct aa_profile *old,
 				   struct aa_profile *new);
 int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
 void __aafs_ns_rmdir(struct aa_ns *ns);
-int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent,
-		     const char *name);
+int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
+		     struct dentry *dent);
 
 struct aa_loaddata;
 void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata);
diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c
index 0a8bc4e887ef..7d7c23705be2 100644
--- a/security/apparmor/policy_ns.c
+++ b/security/apparmor/policy_ns.c
@@ -196,7 +196,7 @@ static struct aa_ns *__aa_create_ns(struct aa_ns *parent, const char *name,
 	if (!ns)
 		return NULL;
 	mutex_lock(&ns->lock);
-	error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name);
+	error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name, dir);
 	if (error) {
 		AA_ERROR("Failed to create interface for ns %s\n",
 			 ns->base.name);
-- 
2.11.0

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list