| Message ID | 52095240.7060704@canonical.com |
|---|---|
| State | New |
| Headers | show |
On Mon, Aug 12, 2013 at 02:23:12PM -0700, John Johansen wrote: > BugLink: http://bugs.launchpad.net/bugs/1202161 > > Reverts commit c27debc6b9cc939ac6919074f4ed3c82cb745ca5 which was fixed in > c29bceb3 > > Signed-off-by: John Johansen <john.johansen@canonical.com> > --- > security/apparmor/domain.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c > index 31a3f52..afa8671 100644 > --- a/security/apparmor/domain.c > +++ b/security/apparmor/domain.c > @@ -360,10 +360,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) > if (bprm->cred_prepared) > return 0; > > - /* XXX: no_new_privs is not usable with AppArmor yet */ > - if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) > - return -EPERM; > - > cxt = bprm->cred->security; > BUG_ON(!cxt); > Looks like we had this as a sauce patch, which also went upstream, and then you fixed it (in 3.4-rc4), and we rebased and the sauce version survived the process? Cirtainly it looks appropriate to remove this. Acked-by: Andy Whitcroft <apw@canonical.com> -apw
On 08/13/2013 02:02 AM, Andy Whitcroft wrote: > On Mon, Aug 12, 2013 at 02:23:12PM -0700, John Johansen wrote: >> BugLink: http://bugs.launchpad.net/bugs/1202161 >> >> Reverts commit c27debc6b9cc939ac6919074f4ed3c82cb745ca5 which was fixed in >> c29bceb3 >> >> Signed-off-by: John Johansen <john.johansen@canonical.com> >> --- >> security/apparmor/domain.c | 4 ---- >> 1 file changed, 4 deletions(-) >> >> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c >> index 31a3f52..afa8671 100644 >> --- a/security/apparmor/domain.c >> +++ b/security/apparmor/domain.c >> @@ -360,10 +360,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) >> if (bprm->cred_prepared) >> return 0; >> >> - /* XXX: no_new_privs is not usable with AppArmor yet */ >> - if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) >> - return -EPERM; >> - >> cxt = bprm->cred->security; >> BUG_ON(!cxt); >> > > Looks like we had this as a sauce patch, which also went upstream, and yeah we picked it up as part of the patch set for lxc > then you fixed it (in 3.4-rc4), and we rebased and the sauce version > survived the > process? > I am not sure what happened there nor why I didn't noticed it was still in place. We certainly are missing tests for this and that is something that I need to fix > Cirtainly it looks appropriate to remove this. > > Acked-by: Andy Whitcroft <apw@canonical.com> > > -apw >
Applied to Quantal. -apw
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 31a3f52..afa8671 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -360,10 +360,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) if (bprm->cred_prepared) return 0; - /* XXX: no_new_privs is not usable with AppArmor yet */ - if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) - return -EPERM; - cxt = bprm->cred->security; BUG_ON(!cxt);
BugLink: http://bugs.launchpad.net/bugs/1202161 Reverts commit c27debc6b9cc939ac6919074f4ed3c82cb745ca5 which was fixed in c29bceb3 Signed-off-by: John Johansen <john.johansen@canonical.com> --- security/apparmor/domain.c | 4 ---- 1 file changed, 4 deletions(-)