[GIT PULL] AppArmor updates for 6.8

John Johansen john.johansen at canonical.com
Thu Jan 18 23:52:03 UTC 2024


Hi Linus,

Please pull the following apparmor for patches for the 6.8 merge
window.

This PR adds a single feature, switch the hash used to check policy
from sha1 to sha256

There are fixes for two memory leaks, and refcount bug and a potential
crash when a profile name is empty. Along with a couple minor code
cleanups.

These patches have been in linux-next and been tested while in there,
and have also had a merge and regression test against your current
tree as of this morning.

thanks
- john


The following changes since commit b85ea95d086471afb4ad062012a4d73cd328fa86:

   Linux 6.7-rc1 (2023-11-12 16:19:07 -0800)

are available in the Git repository at:

   git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2024-01-18

for you to fetch changes up to 8ead196be219adade3bd0d4115cc9b8506643121:

   apparmor: Fix memory leak in unpack_profile() (2024-01-09 01:45:25 -0800)

----------------------------------------------------------------
+ Features
   - switch policy hash fro sha1 to sha256

+ Bug Fixes
   - Fix refcount leak in task_kill
   - Fix leak of pdb objects and trans_table
   - avoid crash when parse profile name is empty

+ Cleanups
   - add static to stack_msg and nulldfa
   - more kernel-doc cleanups

----------------------------------------------------------------
Dimitri John Ledkov (1):
       apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256

Fedor Pchelkin (3):
       apparmor: free the allocated pdb objects
       apparmor: fix possible memory leak in unpack_trans_table
       apparmor: avoid crash when parsed profile name is empty

Gaosheng Cui (1):
       apparmor: Fix memory leak in unpack_profile()

John Johansen (5):
       apparmor: declare stack_msg as static
       apparmor: declare nulldfa as static
       apparmor: add missing params to aa_may_ptrace kernel-doc comments
       apparmor: cleanup network hook comments
       apparmor: Fix ref count leak in task_kill

  security/apparmor/Kconfig         | 12 ++++----
  security/apparmor/apparmorfs.c    | 16 +++++-----
  security/apparmor/crypto.c        |  6 ++--
  security/apparmor/domain.c        |  2 +-
  security/apparmor/lib.c           |  1 +
  security/apparmor/lsm.c           | 63 +++++++++++----------------------------
  security/apparmor/policy.c        | 13 ++++----
  security/apparmor/policy_unpack.c | 13 +++++---
  security/apparmor/task.c          |  2 ++
  9 files changed, 54 insertions(+), 74 deletions(-)




More information about the Linux-security-module-archive mailing list