Patchwork [raring] Revert "UBUNTU: SAUCE: (no-up) AppArmor: Disable Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs"

login
register
mail settings
Submitter John Johansen
Date Aug. 12, 2013, 9:23 p.m.
Message ID <5209524B.5060200@canonical.com>
Download mbox | patch
Permalink /patch/266641/
State New
Headers show

Comments

John Johansen - Aug. 12, 2013, 9:23 p.m.
BugLink: http://bugs.launchpad.net/bugs/1202161

Reverts commit f3ab3c306a8b7da1b59a0db9d9914bed0cff2c2a which was fixed in c29bceb3

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/domain.c | 4 ----
 1 file changed, 4 deletions(-)
Stefan Bader - Aug. 13, 2013, 9:02 a.m.

Andy Whitcroft - Aug. 13, 2013, 9:02 a.m.
On Mon, Aug 12, 2013 at 02:23:23PM -0700, John Johansen wrote:
> BugLink: http://bugs.launchpad.net/bugs/1202161
> 
> Reverts commit f3ab3c306a8b7da1b59a0db9d9914bed0cff2c2a which was fixed in c29bceb3
> 
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
>  security/apparmor/domain.c | 4 ----
>  1 file changed, 4 deletions(-)
> 
> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
> index a4d5c9c..4625a28 100644
> --- a/security/apparmor/domain.c
> +++ b/security/apparmor/domain.c
> @@ -360,10 +360,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
>  	if (bprm->cred_prepared)
>  		return 0;
>  
> -	/* XXX: no_new_privs is not usable with AppArmor yet */
> -	if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
> -		return -EPERM;
> -
>  	cxt = bprm->cred->security;
>  	BUG_ON(!cxt);


Acked-by: Andy Whitcroft <apw@canonical.com>

As for quantal.

-apw
Andy Whitcroft - Aug. 13, 2013, 9:23 a.m.
Applied to Raring.

-apw

Patch

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index a4d5c9c..4625a28 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -360,10 +360,6 @@  int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 	if (bprm->cred_prepared)
 		return 0;
 
-	/* XXX: no_new_privs is not usable with AppArmor yet */
-	if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
-		return -EPERM;
-
 	cxt = bprm->cred->security;
 	BUG_ON(!cxt);