linux-next: manual merge of the apparmor tree with the security tree
John Johansen
john.johansen at canonical.com
Sun Oct 29 21:09:47 UTC 2023
On 10/28/23 08:32, Paul Moore wrote:
> On Thu, Oct 26, 2023 at 10:03 PM Stephen Rothwell <sfr at canb.auug.org.au> wrote:
>>
>> Hi all,
>>
>> Today's linux-next merge of the apparmor tree got a conflict in:
>>
>> security/apparmor/lsm.c
>>
>> between commit:
>>
>> 3c3bda37ca1d ("AppArmor: Add selfattr hooks")
>>
>> from the security tree and commits:
>>
>> bd7bd201ca46 ("apparmor: combine common_audit_data and apparmor_audit_data")
>> d20f5a1a6e79 ("apparmor: rename audit_data->label to audit_data->subj_label")
>>
>> from the apparmor tree.
>>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging. You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
>
> Thanks Stephen.
>
> John, can you take a look and make sure this is correct (it looks okay to me)?
>
yes its good, thanks Stephan.
Acked-by: John Johansen <john.johansen at canonical.com>
Paul just to double check, to make sure we get ordering on this right
3c3bda37ca1d ("AppArmor: Add selfattr hooks")
is part of the Three basic syscalls series, the plan is still to have that
series bake in next for a full cycle?
Regardless, I will wait until security-ext gets merged to send my pull
request, and handle the conflict if its present.
>> diff --cc security/apparmor/lsm.c
>> index 5e16c03936b9,4d34180e9799..000000000000
>> --- a/security/apparmor/lsm.c
>> +++ b/security/apparmor/lsm.c
>> @@@ -771,16 -868,11 +917,16 @@@ out
>> return error;
>>
>> fail:
>> - aad(&sa)->label = begin_current_label_crit_section();
>> + ad.subj_label = begin_current_label_crit_section();
>> - ad.info = name;
>> + if (attr == LSM_ATTR_CURRENT)
>> - aad(&sa)->info = "current";
>> ++ ad.info = "current";
>> + else if (attr == LSM_ATTR_EXEC)
>> - aad(&sa)->info = "exec";
>> ++ ad.info = "exec";
>> + else
>> - aad(&sa)->info = "invalid";
>> - aad(&sa)->error = error = -EINVAL;
>> - aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
>> - end_current_label_crit_section(aad(&sa)->label);
>> ++ ad.info = "invalid";
>> + ad.error = error = -EINVAL;
>> + aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
>> + end_current_label_crit_section(ad.subj_label);
>> goto out;
>> }
>
More information about the Linux-security-module-archive
mailing list