Re: [GIT PULL] AppArmor fixes for 4.11

From: John Johansen
Date: Mon Jan 16 2017 - 16:38:06 EST

Next message: James Simmons: "[PATCH 05/34] staging: lustre: lnet: change lstcon_test_ent_t to proper structure"
Previous message: James Simmons: "[PATCH 09/34] staging: lustre: lnet: change lstcon_trans_stat_t to proper structure"
In reply to: John Johansen: "[GIT PULL] AppArmor fixes for 4.11"
Next in thread: James Morris: "Re: [GIT PULL] AppArmor fixes for 4.11"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sigh, kernel build bot turned up a missed a config combination that
results in a build failure

security/built-in.o: In function `aa_unpack':
(.text+0x841e2): undefined reference to `aa_g_hash_policy'

I have pushed the fix on top of the previous request. The pull request
with the new patch added is

---

The following changes since commit b8aa8453918ebfd93d78de56c2afd4b735e02e27:

security: Fix inode_getattr documentation (2017-01-10 17:39:23 +1100)

are available in the git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor for-security

for you to fetch changes up to 3ccb76c5dfe0d25c1d0168d5b726d0b43d19a485:

apparmor: fix undefined reference to `aa_g_hash_policy' (2017-01-16 13:21:27 -0800)

----------------------------------------------------------------
John Johansen (57):
apparmor: move lib definitions into separate lib include
apparmor: split out shared policy_XXX fns to lib
apparmor: split apparmor policy namespaces code into its own file
apparmor: rename namespace to ns to improve code line lengths
apparmor: rename sid to secid
apparmor: rename PFLAG_INVALID to PFLAG_STALE
apparmor: rename replacedby to proxy
apparmor: add strn version of lookup_profile fn
apparmor: add strn version of aa_find_ns
apparmor: add lib fn to find the "split" for fqnames
apparmor: add fn to lookup profiles by fqname
apparmor: allow ns visibility question to consider subnses
apparmor: add macro for bug asserts to check that a lock is held
apparmor: add debug assert AA_BUG and Kconfig to control debug info
apparmor: rename mediated_filesystem() to path_mediated_fs()
apparmor: rename hname_tail to basename
apparmor: constify policy name and hname
apparmor: pass gfp param into aa_policy_init()
apparmor: update policy_destroy to use new debug asserts
apparmor: refactor prepare_ns() and make usable from different views
apparmor: pass gfp_t parameter into profile allocation
apparmor: name null-XXX profiles after the executable
apparmor: remove paranoid load switch
apparmor: add support for force complain flag to support learning mode
apparmor: prepare to support newer versions of policy
apparmor: add get_dfa() fn
apparmor: allow policydb to be used as the file dfa
apparmor: add a default null dfa
apparmor: provide userspace flag indicating binfmt_elf_mmap change
apparmor: add special .null file used to "close" fds at exec
apparmor: track ns level so it can be used to help in view checks
apparmor: Make aa_remove_profile() callable from a different view
apparmor: allow introspecting the policy namespace name
apparmor: allow specifying the profile doing the management
apparmor: add ns being viewed as a param to policy_view_capable()
apparmor: add ns being viewed as a param to policy_admin_capable()
apparmor: add profile and ns params to aa_may_manage_policy()
apparmor: add ns name to the audit data for policy loads
apparmor: allow introspecting the loaded policy pre internal transform
apparmor: audit policy ns specified in policy load
apparmor: pass the subject profile into profile replace/remove
apparmor: add per policy ns .load, .replace, .remove interface files
apparmor: fail task profile update if current_cred isn't real_cred
apparmor: rename context abreviation cxt to the more standard ctx
apparmor: change op from int to const char *
apparmor: change aad apparmor_audit_data macro to a fn macro
apparmor: remove unused op parameter from simple_write_to_buffer()
apparmor: fix change_hat debug output
apparmor: convert change_profile to use fqname later to give better control
apparmor: make computing policy hashes conditional on kernel parameter
apparmor: update cap audit to check SECURITY_CAP_NOAUDIT
apparmor: add per cpu work buffers to avoid allocating buffers at every hook
apparmor: add check for apparmor enabled in module parameters missing it
apparmor: fix restricted endian type warnings for dfa unpack
apparmor: fix restricted endian type warnings for policy unpack
apparmor: replace remaining BUG_ON() asserts with AA_BUG()
apparmor: fix undefined reference to `aa_g_hash_policy'

Kees Cook (1):
apparmor: use designated initializers

Tetsuo Handa (1):
AppArmor: Use GFP_KERNEL for __aa_kvmalloc().

Tyler Hicks (1):
apparmor: sysctl to enable unprivileged user ns AppArmor policy loading

William Hua (1):
apparmor: support querying extended trusted helper extra data

security/apparmor/Kconfig | 31 +-
security/apparmor/Makefile | 2 +-
security/apparmor/apparmorfs.c | 681 ++++++++++++++++++----
security/apparmor/audit.c | 98 +---
security/apparmor/capability.c | 26 +-
security/apparmor/context.c | 107 ++--
security/apparmor/crypto.c | 39 +-
security/apparmor/domain.c | 137 ++---
security/apparmor/file.c | 80 +--
security/apparmor/include/apparmor.h | 82 +--
security/apparmor/include/apparmorfs.h | 21 +-
security/apparmor/include/audit.h | 152 ++---
security/apparmor/include/context.h | 84 +--
security/apparmor/include/crypto.h | 5 +
security/apparmor/include/domain.h | 4 +-
security/apparmor/include/file.h | 9 +-
security/apparmor/include/lib.h | 200 +++++++
security/apparmor/include/match.h | 26 +-
security/apparmor/include/path.h | 53 ++
security/apparmor/include/policy.h | 199 ++-----
security/apparmor/include/policy_ns.h | 147 +++++
security/apparmor/include/policy_unpack.h | 28 +-
security/apparmor/include/{sid.h => secid.h} | 18 +-
security/apparmor/ipc.c | 18 +-
security/apparmor/lib.c | 111 +++-
security/apparmor/lsm.c | 317 +++++++----
security/apparmor/match.c | 47 +-
security/apparmor/nulldfa.in | 1 +
security/apparmor/policy.c | 824 ++++++++++-----------------
security/apparmor/policy_ns.c | 346 +++++++++++
security/apparmor/policy_unpack.c | 257 ++++++---
security/apparmor/procattr.c | 38 +-
security/apparmor/resource.c | 19 +-
security/apparmor/secid.c | 55 ++
security/apparmor/sid.c | 55 --
35 files changed, 2796 insertions(+), 1521 deletions(-)
create mode 100644 security/apparmor/include/lib.h
create mode 100644 security/apparmor/include/policy_ns.h
rename security/apparmor/include/{sid.h => secid.h} (50%)
create mode 100644 security/apparmor/nulldfa.in
create mode 100644 security/apparmor/policy_ns.c
create mode 100644 security/apparmor/secid.c
delete mode 100644 security/apparmor/sid.c

Attachment: signature.asc
Description: OpenPGP digital signature

Next message: James Simmons: "[PATCH 05/34] staging: lustre: lnet: change lstcon_test_ent_t to proper structure"
Previous message: James Simmons: "[PATCH 09/34] staging: lustre: lnet: change lstcon_trans_stat_t to proper structure"
In reply to: John Johansen: "[GIT PULL] AppArmor fixes for 4.11"
Next in thread: James Morris: "Re: [GIT PULL] AppArmor fixes for 4.11"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]