Message ID | 1403015599-3180-1-git-send-email-tim.gardner@canonical.com |
---|---|
State | New |
Headers | show |
On 06/17/2014 07:33 AM, Tim Gardner wrote: > From: John Johansen <john.johansen@canonical.com> > > This is a fix to code that is not upstream. > > Remove label check warning that is enforcing a condition that is not > yet always valid in the trusty version of apparmor. The check leaked > in from later patches in the -dev tree and does not belong in the > trusty code base. > > BugLink: http://bugs.launchpad.net/bugs/1308761 > > Signed-off-by: John Johansen <john.johansen@canonical.com> > (cherry picked from commit 6e7486e74f6501be091cf23e84aa4db19f7beedb) > Signed-off-by: Tim Gardner <tim.gardner@canonical.com> > --- > security/apparmor/lsm.c | 3 --- > 1 file changed, 3 deletions(-) > > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index ffb64b6..fe68bd3 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -835,9 +835,6 @@ static int apparmor_unix_may_send(struct socket *sock, struct socket *other) > struct aa_label *label = __aa_get_current_label(); > int error; > > - /* TODO update label instead */ > - AA_BUG(!aa_label_is_subset(cxt->label, label)); > - > error = xcheck(unix_fs_perm(OP_SENDMSG, label, other->sk, MAY_WRITE), > unix_fs_perm(OP_SENDMSG, other_cxt->label, sock->sk, > MAY_READ)); >
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ffb64b6..fe68bd3 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -835,9 +835,6 @@ static int apparmor_unix_may_send(struct socket *sock, struct socket *other) struct aa_label *label = __aa_get_current_label(); int error; - /* TODO update label instead */ - AA_BUG(!aa_label_is_subset(cxt->label, label)); - error = xcheck(unix_fs_perm(OP_SENDMSG, label, other->sk, MAY_WRITE), unix_fs_perm(OP_SENDMSG, other_cxt->label, sock->sk, MAY_READ));